F5 DNS listener protection from DDOS and other attacks

Question

We have F5 Big-IP VE with license GTM(DNS). I have configured gslb.example.com zone in ZoneRunner and delegate it in our external (ISP) DNS servers in order to our clients get information for zone gslb.example.com from our F5 big-IP VE. Notify, that there is a PaloAlto 3020 in front of F5 Big-IP VE.

How can I protect my DNS Listeners from DDOS and other attacks?

samir · Answer

Modern security device has the capabilities to protect network from attack such as DOS, DDOS, Syn flood etc. As you said palo alto is front then F5 DNS. So these devices has DDOS protection machanism. If possible add one more layer between palo alto n F5 DNS.

Thanks

harutyun · Answer

Hi &nbsp;. Thank you for your respond. What do you mean one more layer between PA and F5 DNS? Is there necessary to implement F5 AWAF with DNS?

samir · Answer

AWAF will not help here.you can add additional L3 layer(i.e firewall,etc)

harutyun · Answer

We also have Cisco router(Nat, VPN, Acces Lists) in front of PA.

Forum Discussion

F5 DNS listener protection from DDOS and other attacks

4 Replies

Recent Discussions

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Related Content

F5 Distributed Cloud - Listener Logic

Explore how F5 BIG-IP Advanced WAF protects against attacks on GraphQL API

Beyond REST: Protecting GraphQL

Protecting Critical Apps against EastWest Attack

L7 DoS Protection with NGINX App Protect DoS