Forum Discussion

WeaverJK's avatar
WeaverJK
Icon for Nimbostratus rankNimbostratus
Sep 01, 2016

F5 as DNS Client - configure to require DNSSEC?

Can BIG-IP be configured as a DNS Client using DNSSEC?

 

I have found lots of articles on how to configure F5 as a DNS Server (GTM/DNS) and how to secure that using DNSSEC. This is not what I'm seeking; we are not seeking to make the F5 a DNS Server.

 

As a user of DNS, however, the F5 needs to be able to trust the DNS information it receives. Is there a way to configure the F5, as a DNS Client, to demand DNSSEC? I have yet to find an article that addresses this. If you know of one, would you please share the URI? Thank you.

 

Thank you,

 

John

 

1 Reply

  • There are several places where bigip can perform DNS lookups, and they handle the lookup in different ways, for example FQDN nodes are resolved through the bigd process, whereas http explicit proxy lookups are performed directly in tmm.

     

    I'm not sure if there's any way to get them to validate DNSSEC responses, but it would help if you could clarify where you're hoping to have this functionality work, and then I can focus on that.