5. Validating Resolver¶
In this lab we will use the BIG-IP as a Validating resolver and not send any queries to the back end server.
The validating function of the resolver means that recusive queries are sent requesting DNSSEC, and responses are validated to authenticate validity of the response!
First lets create a new DNS cache on the BIG-IP:
Navigate to DNS ›› Caches : Cache List
Create a validating resolver cache according to the table below:
|Resolver Type||Validating Resolver|
|Answer default zones||Checked - Enabled|
tmsh create ltm dns cache validating-resolver validating-resolver_cache answer-default-zones yes