Forum Discussion
I don't have access today to test a few things in my lab, but I will try to provide some help.
Starting from the easy part, if the GTM listener is only allowed internally (firewall rules, or private IP for example), I don't see any security risk, as the GTM should not be able to receive queries from outside.
Now the part is a little bit more complicated. In a GTM device, any DNS query can be answered by 2 different processes. First, is TMM (the F5 system), that is responsible for the "intelligent" DNS resolution. Second, is named (BIND) that provide static DNS response.
My expectation is that you can use TMM to act as DNS server to accept and answer recursive queries. However, I never had to implement that, so this is why I say is my expectation.
On the other hand, we know that BIND can do that for sure. You just need to be sure that the GTM listener is also the device self ip, and BIND is enabled in the DNS profile.