DNS recursion

Question

We have 4 GTM and 4 LTM in Internet environment. 
&nbsp;  
&nbsp; Why would we want recursion enabled on our GTM's if we never want them to look up domains other than our own? 
&nbsp;  
&nbsp; I noticed it is now off by default in 9.3.1, but it is on on our boxes. I would like to turn it off to make PCI scan happy. 
&nbsp;  
&nbsp; Any thoughts? 
&nbsp;  
&nbsp;

l4l7_53191 · Answer

My $.02: Leave recursion off if you can. This has been an issue for general DNS security for quite some time, so I personally think it's best to keep it disabled if at all possible. 
&nbsp; -Matt

Forum Discussion

DNS recursion

1 Reply

Recent Discussions

Geo Fence in ASM through irule for URI

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Related Content

Using F5 Distributed Cloud DNS Load Balancer health checks and DNS observability

Logging of DNS Requests and Responses without a DNS license

Disable DNS Express to allow recursion of a delegated sub-domain

DNS::question name - Modifying a DNS Suffix When Your Windows Client Appends It During Recursive Lookups

ESRP Strategies: DNS Water Torture Attack