Recommended idle timeout setting for DNS (UDP)?

I had a chance to test this configuration, but the stateless setup didn't work for me. I tried stateless udp profile on incoming fastL4/UDP vip as well as a wildcard/UDP vip for outbound. When using stateless profile on inbound and attempting a dig, I get errors about responding packet coming from different IP than expected. When stateless is set on wildcard, the dns slaves can't make UDP connections outbound.

 

 

My setup is slightly more complicated in that I'm using an iRule on my wildcard VS to SNAT out each of my dns slaves via individual IP's and then directing them towards a pool containing an external gateway. This is a legacy configuration from before my time, which I'd probably replace with a snat pool and a custom route if I was positive DNS was going to stay on my LTM. Thoughts on whether this configuration would cause stateless UDP to not work as intended?

 

 

For the time being, I've left the wildcard vs in a fastL4, all protocols configuration and split my dns_53_vs (fastl4, all protocols) vip into two separate virtual servers: fastl4/TCP with default fastL4 profile and fastL4/UDP with custom 10s timeout profile. This at least drastically decreases the amount of connections in the connection table.

 

 

Thanks for any insight.

 

 

-Jeremiah