GTM Recursion - DNSSEC Validation

Question

I have been testing the idea of utilizing the GTM for DNS recursion to the internet in our development region. I was able to easily setup a listener for external recursion and successfully tested. I also configured a cache profile, in order to cache the responses. What I cannot figure out for the life of me is how to enable this recursion to perform DNSSEC validation against these responses from the internet. &nbsp;
I assumed creating a Cache with a Resolver Type of Validating Resolver and enabling that cache in my DNS profile for my listener would do the trick. However I am still successfully able to resolve zones that are known DNSSEC broken. I do see in the statistics of the cache under "Validator Key Details" all requests are being logged as "Indeterminate"&nbsp;
Any help you guys can give me would be great. &nbsp;

dan_pacheco · Answer

&nbsp; Perhaps this document may help.&nbsp;https://clouddocs.f5.com/training/community/dns/html/class2/module5/module5.html&nbsp;

robin_mordasie1 · Answer

If you have solved this problem, what was the solution ?&nbsp;

Forum Discussion

GTM Recursion - DNSSEC Validation

2 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

Configuring BIG-IP for Zone Transfer and DNSSEC

POC: Validate JWT with iRule

The BIG-IP GTM: Configuring DNSSEC

Enabling DNSSEC for 1 record only

Lightboard Lessons: DNSSEC

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS