Open Recursive DNS Resolvers

Question

Open Recursive DNS Resolvers&nbsp;
Hello, one of our F5 GTM devices are acting as open recursive dns resolvers. But, actually they should act as to respong for only of our domain queries. I found that this may cause for DDos attacks. Please let me know what are precautions i should take to resolve this.&nbsp;
Thanks,
Ravitheja&nbsp;

boneyard · Answer

should it only answer to requests for the wide IPs or more?&nbsp;

ravitheja_28471 · Answer

They should answer to the queries belongs to our domain only. &nbsp;

boneyard · Answer

that remains unclear to me, what is your domain, is that the clients in your organisation, or the DNS domain for your organisation ?&nbsp;

niels_van_sluis · Answer

You might want to check the named configuration in ZoneRunner. Make sure that recursion is set to no. This should be the default. For more in check:&nbsp;
https://support.f5.com/kb/en-us/solutions/public/7000/000/sol7055.html&nbsp;

Forum Discussion

Open Recursive DNS Resolvers

4 Replies

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

AppWorld 2024 Call For Speakers open

Abusing Open Resolvers

Testing the security controls for a notional FDX Open Banking deployment

F5 XC vk8s workload with Open Source Nginx

Resolve Citrix Secure Ticket Authority (STA)