Replacing a DNS Server with F5 BIG-IP DNS
First things first, you have decided to deploy F5 BIG-IP DNS to replace a BIND server after receiving notifications from your information assurance officer or your friendly LinkedIn community that ad...
Published Feb 23, 2018
Version 1.0Steve_Lyons
Ret. Employee
Joined May 15, 2019
Steve_Lyons
Ret. Employee
Joined May 15, 2019
Misty_Spillers
Oct 30, 2018Nimbostratus
That would stop all traffic though, I just wanted to stop recursion. Almost seems like I would have to have 2 listeners. One for DNSExpress to answer for zones it is authoritative for and one for normal DNS queries that our customers would use. IS that how it works? I really don't want the Internet to have access to recursion. When I had BIND accessible it was respecting the named.conf settings on recursion
EDIT: Actually it looks like this is the kind of iRule I need. It's a bit of reading. https://devcentral.f5.com/articles/dns-irules-protect-yourself-from-amplification-attacks