Forum Discussion
Network > DNS Resolver - So how do you test this is working?
Hi All, So i've configured a DNS resolver "Network > DNS Resolver" as per the instructions. But my stats aren't incrementing. With now 3 sorts of DNS on my BIG-IP (Kernel, GTM and now the DNS Reso...
Hello PSFletchTheTek.
When you configure a DNS Resolver, besides configuring chache size, Route Domain, etc., remember to set a forward zone, for example, using a dot ( . ) and the IPs of the DNS servers you are using for.
DNS Resolver is used just for some specific features (not the whole DNS communications):
- HTTP Explicit Proxy feature
- OCSP Validation
- BIG-IP APM
- BIG-IP AFM
- BIG-IP ASM Bot Defense feature
REF - https://support.f5.com/csp/article/K12140128
One example would be to use OCSP Validation.
Check that in menu "System > Certificate Management > Traffic Certificate Management > OCSP". You will see that a "DNS Resolver" option is requested.
In my case I have this OCSP object configured:
- Name: OCSP_myCA
- DNS Resolver: my_dns_resolver
- Responder URL: http://myocspserver.example.com
Then at "System > Certificate Management > Traffic Certificate Management > SSL Certificate List > myCert"
I have this specific OCSP checker applied to the monitoring properties of the 'myCert':
- Monitoring Type: OCSP
- Issuer Certificate: myCA
- OCSP: OCSP_myCA
This set will launch DNS requests trying to reach "myocspserver.example.com".
Regards,
Dario.