Forum Discussion
NimbostratusOpen Recursive DNS Resolvers
Open Recursive DNS Resolvers
Hello, one of our F5 GTM devices are acting as open recursive dns resolvers. But, actually they should act as to respong for only of our domain queries. I found that this may cause for DDos attacks. Please let me know what are precautions i should take to resolve this.
Thanks, Ravitheja
4 Replies
- boneyard
MVP
should it only answer to requests for the wide IPs or more?
Ravitheja_28471They should answer to the queries belongs to our domain only.
- boneyard
that remains unclear to me, what is your domain, is that the clients in your organisation, or the DNS domain for your organisation ?
You might want to check the named configuration in ZoneRunner. Make sure that recursion is set to no. This should be the default. For more in check:
https://support.f5.com/kb/en-us/solutions/public/7000/000/sol7055.html
