ASM - Proactive Bot Defense DNS Resolver Requirement

Question

I have been looking for clear documentation on the ASM PBD (Proactive Bot Defense) requirement for DNS resolution.  I've enabled DNS resolution within the System Configuration; however when looking at the details for the Operation Mode I see a section that says the feature will not work without DNS Resolvers configured.  Finding documentation on this configuration is like a needle in the haystack.  For example, when creating a resolver, what is the name field for?  Is this simply a name for the object and in the background it uses the System configured resolver, an FQDN of our internal DNS servers that are our cache revolvers, or an IP of said cache revolvers?  I've found numerous references to the need for everything from explicit proxy, APM, ASM, to iRules, but nothing mentioning what this name should be.&nbsp;
/jeff&nbsp;

suttonsc · Answer

Configure the DNS resolver in the UI at: Network  ››  DNS Resolvers : DNS Resolver List
You can access this via tmsh also:
Example:
 tmsh list net dns-resolver
net dns-resolver Goggle-DNS {
    forward-zones {
        googlebot.com {
            nameservers {
                8.8.4.4:domain { }
                8.8.8.8:domain { }
            }
        }
    }
    route-domain 0
}

Forum Discussion

ASM - Proactive Bot Defense DNS Resolver Requirement

1 Reply

Recent Discussions

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

Related Content

Proactive Bot Defense Using BIG-IP ASM

Reminder: MFA now required to log in to DevCentral

Resolve Citrix Secure Ticket Authority (STA)

Reactive, Proactive, Predictive: SDN Models

DevCentral to Require Multi-Factor Authentication for Account Login from September 26