Replacing a DNS Server with F5 BIG-IP DNS

@Misty, yes as mentioned in previous comments it is HIGHLY recommended to use separate virtual servers for authoritative lookups and recursive lookups. This allows you to define different security policies for both. Most large enterprises do not allow internal users to hit their external authoritative DNS servers and they certainly do not allow external users to access their recursive DNS servers. In fact many organizations have separate servers for these functions but because F5 is a full proxy and allows for granular security per virtual server you can host both functions on a single BIG-IP. With all of this you as an organization need to determine your security requirements and implement your BIG-IP in a manner that allows you to meet those requirements. F5 as a product can perform an unbelievable amount of technical functions though the engineers developing the solution should determine how and if you should.

Ok now with all of that if you really want to use a single virtual server to restrict recursive lookups only then yes you can still create an iRule. Please check out DevCentrals code share and iRule content to see how. Hope this helps.