Packet Processing Order

1. Packet Filter

2. AFM

3. FLOW_INIT (An iRule Event i.e. when FLOW_INIT)

4. LTM

5. APM

6. ASM / Adv WAF

The ASM can block things and inform the AFM so that next time the attack is blocked at the AFM level.

The DNS/GTM module is seperate thing and only if you use the AFM DNS protection (DNS firewall and IPS) then the AFM will be infront of the DNS module (Protocol Security > Security Profiles) or the AFM IPS that may have signatures for DNS attacks.

 https://techdocs.f5.com/kb/en-us/products/big-ip-afm/manuals/product/big-ip-system-dos-protection-and-protocol-firewall-implementations-14-1-0/11.html

https://support.f5.com/csp/article/K44080215

How come only DNS caching is configured? If you have not enabled "GSLB" under the DNS profile for the used listener then the Wide IP will not be used.

https://support.f5.com/csp/article/K21520582

https://support.f5.com/csp/article/K14510

Also the DNS Cache if it of transperant type a pool of DNS servers needs to be attached under the DNS Listener/VIP and also "Unhandled Query Actions" needs to be set to Allow (Also check the Wide IP load balancing is not having a load balancing method that stops the sending of data to the other DNS objects if there is no Wide IP match).

https://techdocs.f5.com/kb/en-us/products/big-ip-dns/manuals/product/bigip-dns-services-implementations-12-1-0/7.html

Don't ask so many questions at once under a single post, so for the other " refernce for LTM" better open another qustion but first I suggest try to find the answer on your own as F5 has really good documentation.