Forum Discussion

Basil_Parsley_1's avatar
Basil_Parsley_1
Icon for Nimbostratus rankNimbostratus
Dec 04, 2015

DNS default delegation Q

DNS delegation Q(s)….

 

Requirement GTM IP(s) to be one of the client DNS IPs and primarily resolve internal application LTM hosted VIPS, via the wide-IPs, all other local and internet DNS requests (hitting the same listener) to be forwarded to LDNS . My question is how to handle of the default non-Wide-IP requests Would I : Configure a catch all wild card wide-IP to cover all domain names. Configure my listener DNS profile to “Use BIND Server on BIG-IP”. Configure the zone file using zone runner with a NS record covering a wild card *. to my LDNS FQDNs …

 

Q1. Would this work? Q2. Can you use “*.” in BIND? Q3 .Is this best practice – can it be done without BIND – am guessing this could be done with an iRule?

 

Interested to get different perspectives / ideas

 

application delivery
BIG-IP DNS

2 Replies

Sort By
  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Dec 11, 2015

    SO you want anything that is not a WideIP hitting the GTM to be resolved from your backend DNS servers? Are they performing recursion for the traffic or are they authoritative?

     

    If this is the case you have two options:

     

    1.)My personal preference - Setup DNS Express as an authoritative slave for your backend zones. https://support.f5.com/kb/en-us/solutions/public/15000/500/sol15585.htmlconfig1. If you need recursion for any reason you could enable it in the GSLB settings, but if it is a public facing GTM I wouldn't recommend that.

     

    2.)You can configure you listener with a pool containing you backend LDNS servers to handle the resolution with DNS cache enabled in you DNS profile.

     

    I will highly discourage everyone from resolving from BIND locally. If you ever want to use zonerunner locally to host zone, you should always setup DNS Express to be the resolver. Local BIND is single threaded and resolves from disk not memory.

     

  • Basil_Parsley_1's avatar
    Basil_Parsley_1
    Icon for Nimbostratus rankNimbostratus
    Dec 13, 2015

    Cheers Brad,

     

    Interesting your information on BIND - noted. 2 is the way forward here - there are politicals around the DNS function - LDNS is managed by another third party meaning I need a reasonably well defined demarcation between my network function and my server side colleagues.

     

    Thanks