Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

PSFletchTheTek's avatar
PSFletchTheTek
Icon for Cumulonimbus rankCumulonimbus
Aug 26, 2021

Network > DNS Resolver - So how do you test this is working?

Hi All, So i've configured a DNS resolver "Network > DNS Resolver" as per the instructions. But my stats aren't incrementing. With now 3 sorts of DNS on my BIG-IP (Kernel, GTM and now the DNS Reso...
application delivery
big-ip
LTM
Dario_Garrido's avatar
Dario_Garrido
Icon for Noctilucent rankNoctilucent
Aug 27, 2021

Hello PSFletchTheTek.

 

When you configure a DNS Resolver, besides configuring chache size, Route Domain, etc., remember to set a forward zone, for example, using a dot ( . ) and the IPs of the DNS servers you are using for.

 

DNS Resolver is used just for some specific features (not the whole DNS communications):

  • HTTP Explicit Proxy feature
  • OCSP Validation
  • BIG-IP APM
  • BIG-IP AFM
  • BIG-IP ASM Bot Defense feature

REF - https://support.f5.com/csp/article/K12140128

 

One example would be to use OCSP Validation.

Check that in menu "System > Certificate Management > Traffic Certificate Management > OCSP". You will see that a "DNS Resolver" option is requested.

 

In my case I have this OCSP object configured:

  • Name: OCSP_myCA
  • DNS Resolver: my_dns_resolver
  • Responder URL: http://myocspserver.example.com

 

Then at "System > Certificate Management > Traffic Certificate Management > SSL Certificate List > myCert"

I have this specific OCSP checker applied to the monitoring properties of the 'myCert':

  • Monitoring Type: OCSP
  • Issuer Certificate: myCA
  • OCSP: OCSP_myCA

 

This set will launch DNS requests trying to reach "myocspserver.example.com".

 

Regards,

Dario.