Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

How can I protect my DNS Servers from DDoS attack via LTM+ASM

Hi I have a setup of Big-IP LTM+ASM to load balance and secure various application.

Recently I did a configuration for load balancing my DNS Servers via iApp and it is working fine.

Now I want to protect my DNS Servers from various attack (especially DDoS). is it possible to block DDoS attack against DNS Servers via ASM?

If not how can I protect my DNS Servers from DDoS attack, any advice would be highly appreciated?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

siru - i believe this depends on what version of ASM you have. If i recall DNS DoS protection was part of Protocol Security Manager, which then went end of sale and was integrated into ASM. You would need to create a DoS Profile and enabled DNS security. This would be applied to a Virtual Server. I think from 11.4.x this functionality was moved to F5's Advanced Firewall Manager instead, again same process.

Hope this helps - and hope and DNS experts could correct me if incorrect.

Many thanks,

N

0
Comments on this Answer
Comment made 11-Mar-2016 by siru 265
Thanks four your reply Mr Nathan, My Big-IP version is 11.6.0 HF5. I created one DoS profile and tried to apply on DNS Virtual servers, at that time I got an error message by saying you need to enable http profile on the virtual server in order to apply dos profile. I dont know what would be the impact if I enable http profile on DNS virtual servers
0
Comment made 11-Mar-2016 by nathan 7337
I believe you're enabling Application Security, you want Protocol Security (DNS). In fact in 11.6 you'll need AFM instead I'm afraid.
0