Forum Discussion

Cory_50405's avatar
Cory_50405
Icon for Noctilucent rankNoctilucent
Sep 03, 2013

LTM attempting reverse lookups on pool members

Here's the situation I am encountering. I have a virtual server setup to listen on all ports, with a UDP profile applied to it. There's nothing special about the UDP profile except that we're doing UDP datagram load balancing. The pool assigned to the virtual server contains two members, with an external keepalive that logs into each host and runs a script to determine health status. Everything is working as intended.

 

I am seeing repeated reverse lookup attempts from LTM for these two pool members. Sample log messages:

 

19:30:20.411395 IP LTM.27488 > DNS-SERVER.53: 34032+ PTR? 245.237.22.172.in-addr.arpa. (45) 19:30:20.412532 IP DNS-SERVER.53 > LTM.27488: 34032 NXDomain 0/1/0 (122)

 

The queries are sent from LTM four times every second or so. I've tried looking through all of the settings to turn off this reverse DNS check but have been unsuccessful. The queries aren't being sent from LTM for any other pool member(s) other than these two, and there are lots of pools configured.

 

Anyone have a solution to this problem?

 

  • Cory
availability
management
TMSH

7 Replies

Sort By
  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Sep 04, 2013

    Here's my external monitor. Nothing in here about DNS lookups:

    !/bin/sh remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format)

    IP=

    echo ${1} | sed 's/::ffff://'
    PORT=${2}

    set the pid file location and name

    PIDFILE="/var/run/

    basename ${0}
    .${IP}.${PORT}.pid"

    kill off the last instance of this monitor if hung and log current pid

    if [ -f $PIDFILE ] then

    echo "EAV exceeded runtime needed to kill ${IP}:${PORT}" | logger -p local0.error

    kill -9 

    cat $PIDFILE
    > /dev/null 2>&1 fi echo "$$" > $PIDFILE

    send request & check for expected response

    ssh splunkf5@${IP} -i /config/ssh/ssh_host_dsa_key "/home/splunkf5/healthcheck.sh" > /dev/null 2>&1

    mark node UP if expected response was received

    if [ $? -eq 0 ] then echo "UP" fi rm -f $PIDFILE exit

    • What_Lies_Bene1's avatar
      What_Lies_Bene1
      Icon for Cirrostratus rankCirrostratus
      Sep 04, 2013
      Looks that way. I don't suppose the key file or .sh file have hostnames within rather than IPs?
    • Cory_50405's avatar
      Cory_50405
      Icon for Noctilucent rankNoctilucent
      Sep 04, 2013
      I can't speak to the .sh file running on the remote hosts. From the LTM's perspective, we're just taking the output and determining an up/down status. Nothing that the remote hosts are doing in that script should matter to LTM, only that we're getting a response from the host to evaluate for an up/down decision. The key file that we're presenting to the remote hosts for SSH key authentication is just the LTM's host key. Nothing about the remote hosts is specified in the key.
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Sep 04, 2013

    From what I've read so far, it seems that the SSH client is supposed to perform this reverse lookup, and I've not seen any way to turn that off. Can you try adding the remote IP and server name to the local Hosts file?