Forum Discussion
Have you tried the option 'Register this connection's addresses in DNS' under DNS/Hosts?
- dirkenMar 22, 2017Nimbostratus
Sure, but as there is no way to configure credentials, you must allow non-secure updates on the DNS server, which is a no-go in our environment.
- sro_302855Mar 23, 2017Nimbostratus
In my case I just need a non secure DNS update but these option doesn't work, I have no DNS packet sent by f5.
- sro_302855Mar 23, 2017Nimbostratus
DNS packet with opcode UPDATE
- kunjanMar 23, 2017Nimbostratus
How do you do the packet capture? You should capture within the tunnel.
- sro_302855Mar 23, 2017Nimbostratus
I have made this capture on LAN interface. I can see all requests DNS from the client after the VPN connection has been etablished.
But, if I understand this functionality, the F5 send a DNS update packet to the DNS server in order to update DNS database.
In my case, I see requests DNS from the client but nothing from the F5
- kunjanMar 23, 2017Nimbostratus
No, F5 doesn't do that. It's done by the client OS.
- sro_302855Mar 23, 2017Nimbostratus
OK,
In this case, the DNS update it's sent by the client : by the EdgeClient or OS ? There is no documentation concerning this functionnality.
And this functionnality works on all OS platform ?
When I make a network capture, I do not seen DNS UPDATE packets sent by the client.
- kunjanMar 24, 2017Nimbostratus
It's done by the OS.
- dirkenMar 24, 2017Nimbostratus
Hi kunjan, if the client OS really sends the update, as it does in a normal LAN environment, then the APM config item "Register this connection's addresses in DNS" is pretty misleading as it looks like the F5 sends the update as a proxy.
The client itself would not send the update per se, otherwise the APM config item would be obsolete. So I assume, the F5 somehow provokes the client to send the update, similar to provoking the client to logon to the domain by the "Reconnect to Domain" feature.
In any case, the packet should show up on the LAN interface, going to the configured DNS servers, which does not happen, neither in sro's case nor in mine.
Really strange and the documentation in this case has a lot of "room for improvement". :-)
- kunjanMar 24, 2017Nimbostratus
It refers to the setting that will be enabled on the network adapater as in the case of lan. To see the packet you need to capture within the tunnel. You can use netmon or you can do tcmpdump on the connectivity profile interface.