F5 Cloud-Native Functions For Secure DNS

Table of Contents Why Security Matters How F5 can help Technical Overview DDoS Policy CR IPS Policy CR This is an addition to a series of articles that introduce new features imple...
Published Jun 27, 2023
Version 1.0
cloud
security
shsingh's avatar
shsingh
Icon for Employee rankEmployee
Jul 14, 2023

Nice one Terence_Kam !

In BIG-IP, there is the ability to have a "DNS Security" profile attached to a DNS profile on the Virtual Server. ref: https://my.f5.com/manage/s/article/K18522641 and https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-network-firewall-policies-and-implementations/afm-protocol-security/dns-protocol-security/about-dns-protocol-filtering/filtering-dns-traffic-with-a-dns-security-profile.html

I couldn't find a reference for it in the F5BigDnsCache reference documents - is this why you are using the IPS profile instead?

The reason for asking being typically in BIG-IP the protocol profile (like DNS) can have a lot of the protocol validation and security done as part of parsing the packet for further processing, and IPS are typically used for more "bump-in-the-wire" pass-through traffic BIG-IP (such as AFM in forwarding mode).