iRule for DNS Flood protection

This logic will drop all the DNS queries belongs to a FQDN, unless that FQDN is in your whitelist. If that's what you want to do, yes, this will work.

If you want some sort of rate limiting then you will have to implement a logic with a counter and drop packets based on requests per second.

Not sure I get the context.

Most DNS DDoS attacks are reflected, so you receive answers, not questions.

I cynically suspect well configured DNS server will handle floods of requests faster than F5 iRules, I know back in the days of 486 PCs we you could saturate the wire (only 100Mbps back then) before you got performance issues with DNS servers.

There are also cheap/free suppliers of authoritative DNS services with AnyCast and other DDoS protections.

You are seeing floods of queries, but not for your own domains? If it is malicious they'll switch to using your domains.

Migara, yes we have whitelisted those domains. And we want to achieve this . For your comment If you want some sort of rate limiting then you will have to implement a logic with a counter and drop packets based on requests per second. How can we achieve this . Just we want an Idea

Simon : You are seeing floods of queries, but not for your own domains? If it is malicious they'll switch to using your domains.

I think with this point I agree that's why we are whitelisting only our domains rather than blacklisting other domains.

Do we have to create Wildcard server 0.0.0.0 0.0.0.0 wth sevice port 53 also to apply this rule.