Forum Discussion

PPawar_309940's avatar
PPawar_309940
Icon for Nimbostratus rankNimbostratus
Aug 01, 2017

BIGIP DNS forwarder

Hello Everyone,

 

I need small help with dns forwarding on F5 DNS.

 

At present we have wide ips configured on F5 dns like example: test.abc.com; uat.abc.com etc

 

Under the zonerunner section it automatically has created the zone for "abc.com", so far so good.

 

We have a bind linux server which has got some dns A records in the same zone like test123.abc.com etc.

 

Now I want F5 DNS to reply the queries for the all the wide ips configured on F5 DNS and simply forward all the request which are not configured on f5 dns to bind. For this I have configured the forwarder and allowed recursion in the named configuration. When I did the nslookup pointing dns queries to listener on F5 dns for test123.abc.com I found that F5 is getting the request but not forwarding it to bind.In a nutshell I found that f5 dns wont forward anything to bind on zone "abc.com" becuase if I try dns query for another domain like it forwards the request to bind, and I think the reason becuase F5 has some wide ips in the zone abc.com it considers itself as master of that zone atleast this is what I see under the zonerunner configuration.

 

I tried to create the forwarding dns using a wildcard like *.abc.com, but f5 wont let me do that.

 

We have a cisco GSS at one of the site which exctly does the same thing, and forwards the request for a wildcard domain *.abc.com to binds.

 

Can anyone suggest how can I do this on F5, any suggestions would be appricated.

 

Thanks, Pankaj

 

application delivery
BIG-IP DNS

14 Replies

Sort By
  • cjunior's avatar
    cjunior
    Icon for Nacreous rankNacreous
    Aug 02, 2017

    Hello,

     

    Sorry by the questions,

     

    What the configuration for DNS profile attached on listener?

     

    Is this not a case for a record delegation?

     

    Respectfully

     

  • PPawar_309940's avatar
    PPawar_309940
    Icon for Nimbostratus rankNimbostratus
    Aug 02, 2017

    Thanks for the reply cjunior.

     

    But what dns listner has to do with this, also can I delegate the zone to external bind for which as per the zonerunner my F5 dns is the authorotative server. All I want is to forward all dns traffic from f5 to external bind server if the A record is not configured on F5.

     

    As I have mentioned in the previous post that we have GSS doing the same thing and passing *.test.com to bind server.

     

    Sorry for my ignorance on this topic as by no means I am expert on this.

     

    Any help with the example will be appreciated.

     

    Thanks, Pankaj

     

  • cjunior's avatar
    cjunior
    Icon for Nacreous rankNacreous
    Aug 02, 2017

    No problem, I asked because the listener can drop "Unhandled Query Actions" and disable "Use BIND Server on BIG-IP."

     

    Regards.

     

  • Kevin_K_51432's avatar
    Kevin_K_51432
    Historic F5 Account
    Aug 03, 2017

    Good day, This question seems to be coming up alot lately. I tried this on my DNS system and it worked for me. Can you give this a try?

    1. Log into Gui
2. Select the zone "abc.com."
3. Select 'Resource Records'
4. Click the 'Create' button to add the glue 'A' RR for the delegation server.
5. Adjust the 'Record Configuration' values

    a. 'Name' should be set to the name of the DNS server authoritative for test123.abc.com

        NOTE: This should be the FQDN of the host

        ex. ns1.test123.abc.com.

    b. 'TTL' should be set to a reasonable value, say '500'
    c. Set 'Type' to 'A'
    d. Set 'IP Address' to the remove DNS server
    e. Click 'Finished' button

6. Click the 'Create' button to add the 'NS' RR for the delegation server.
7. Adjust the 'Record Configuration' values

    a. 'Name' should be set to the name of the delegated domain, "test123.abc.com."

        NOTE: Make sure this is the domain, not the host

    b. 'TTL' should be set to a reasonable value, say '500'
    c. Set 'Type' to 'NS'
    d. Set 'Nameserver' to the name used in step 7 above.

        ex. ns1.test123.abc.com.

    e. Click 'Finished' button

8. Query the GTM listener for a resource record known only by the delegated DNS server, say test1.test123.abc.com.

9. Enable recursion if you want the local BIND server to do all the work.  Disable recursion if you want the local BIND to only return the referral.

    Hope you find this helpful.

    • Kevin_K_51432's avatar
      Kevin_K_51432
      Historic F5 Account
      Aug 03, 2017

      One more item: My BIG-IP DNS is 10.12.23.120 and my remote Linux DNS server is 10.12.23.27. Record setup looks like:

      abc.com.                external        abc.com.        11      NS      ltm1.abc.com.
abc.com.                external        abc.com.        11      SOA     ltm1.abc.com.
ltm1.abc.com.           external        abc.com.        11      A       10.12.23.120
ns1.test.abc.com.       external        abc.com.        11      A       10.12.23.27
test.abc.com.           external        abc.com.        11      NS      ns1.test.abc.com.
    • PPawar_309940's avatar
      PPawar_309940
      Icon for Nimbostratus rankNimbostratus
      Aug 03, 2017

      Thank you very much guys. I will give this a go and will let you all know the outcome.

       

      Thanks, Pankaj

       

    • PPawar_309940's avatar
      PPawar_309940
      Icon for Nimbostratus rankNimbostratus
      Aug 04, 2017

      Hello Kevin,

       

      I tried this its kind of working, but this is not what I would desire, please correct me if I am doing something wrong.

       

      1. Selected the already created zone from wide ip, zone was "abc.com."
      2. Under the Resource Record tab created the record configuration as below :

      Name : ns1.abc.com ( name of the bind server ) TTL : 500 Type : A, then clicked on finished.

       

      1. Under the same tab, created record configuration as below

      Name : as you said it should be the name of the delegated domain, whcih is abc.com

       

      TTL : 500

       

      Type : NS

       

      Nameserver : ns1.abc.com

       

      Now as soon as I click on finished, F5 threw an error and it wont let me use the domain name as "abc.com."

       

      Now if put the host name like uat.abc.com ( this is the host A record already configured on the external bind ) then it works, which means if I have 100 records in binds then I have to create 100 NS records in F5 which doesn't look correct to me.

       

      In our scenario we have configured wide ips on F5 for only those services which requires dns load balancing and which are on domain .abc.com domain.

       

      For the services which does not require dns load balancing are configured on the binds which are also on the same domain as abc.com.

       

      So my idea was to pass all the non gslb dns queries which are not on F5 to binds by simply doing *.abc.com and forward it to bind.

       

      Thanks, Pankaj