You can configure a resolver or validating resolver DNS cache on the BIG-IP® system to generate SNMP alerts and log messages when the
cache receives unsolicited replies. This is helpful as an alert to a potential security
attack, such as cache poisoning or DOS.
On the Main tab, click
The DNS Cache List screen opens.
Click the name of the cache you want to modify.
In the Unsolicited Reply Threshold field, change the default
value if you are using the BIG-IP® system to monitor for unsolicited
replies using SNMP.
The system always rejects unsolicited replies. The default value of
0 (off) indicates the system does not generate SNMP traps or log messages when rejecting
unsolicited replies. Changing the default value alerts you to a potential security attack,
such as cache poisoning or DOS. For example, if you specify 1,000,000 unsolicited replies,
each time the system receives 1,000,000 unsolicited replies, it generates an SNMP trap and