Security parameters tightening on F5 DNS level

Question

Hi Experts,Could you please confirm if all the below points achievable and kinlyd share the configuration article. Thanks.&nbsp;All unknown queries should be rejected/dropped.This is often called black-holing requests so that queries for non-existent subdomains get dropped, a null response, or redirected to a sinkhole IP.All queries with an excessive number of subdomains should be rejected/dropped.This is another method to reduce impact from queries for non-existent subdomains.All queries with randomized case should be rejected/dropped.While subdomains, domains, TLDs are not case sensitive, we recommend accepting only queries that are all lower case, all upper case, or first letter upper case with the rest lower case. This will prevent wasting resources on randomized case queries that are not generated by humans.Block source upon reaching certain threshold for&nbsp; rejected/dropped unknown queriesAll sources reaching a certain threshold of rejected/dropped unknown queries should be blocked for a specific time interval that increases with each new block.

aswin_mk · Answer

Hi,try this .Drop dns queries when queried domain name is not authoritative on BIG-IP DNS (f5.com)

boneyard · Answer

With iRules pretty much everything is possible, it will require some experience and effort to create those iRules though. I don't believe everything can be done with build in features.

adeelshahzad · Answer

Hi Aswin,&nbsp;Thank you for the response, could you confirm the other points as well. Really appreciated. Thanks.

Forum Discussion

Security parameters tightening on F5 DNS level

3 Replies

Recent Discussions

SNAT Translation List utility config

F5 LTM Explicit Forward Proxy with SSL Decryption(and XFF insertion)

On the R4800 series, sometimes ICMP does not work properly. Reboot fixes the problem

cache size and timeout ssl client profile for 1 million tps

Re-execute iRule to read CN value of client cert, but after you know URI.

Related Content

Tightening the Security of HTTP Traffic part 1

Tightening the Security of HTTP Traffic Part 3

Using ChatGPT for security and introduction of AI security

HTTP Multipart and Security Implications

Brute Force protection for single parameter like OTP

All unknown queries should be rejected/dropped.	This is often called black-holing requests so that queries for non-existent subdomains get dropped, a null response, or redirected to a sinkhole IP.
All queries with an excessive number of subdomains should be rejected/dropped.	This is another method to reduce impact from queries for non-existent subdomains.
All queries with randomized case should be rejected/dropped.	While subdomains, domains, TLDs are not case sensitive, we recommend accepting only queries that are all lower case, all upper case, or first letter upper case with the rest lower case. This will prevent wasting resources on randomized case queries that are not generated by humans.
Block source upon reaching certain threshold for rejected/dropped unknown queries	All sources reaching a certain threshold of rejected/dropped unknown queries should be blocked for a specific time interval that increases with each new block.