Forum Discussion

Aaron_MacDonal1's avatar
Aaron_MacDonal1
Icon for Nimbostratus rankNimbostratus
Feb 07, 2019

Listeners on GTM respond to DNS query with different IPs

So I'm fairly new to F5 and have what seems to me to be a very unusual problem. I have been using our GTM for internal queries without problem for several months now and am now ready to start serving some DNS to the public Internet, but I'm running into a problem with one specific DNS record that I can't explain. I have an internal listener and a listener in our DMZ, and for this record the two listeners respond with different IP addresses. The internal listener responds with the public IP as I would expect, but the DMZ listener responds with the private DMZ IP instead of the public IP. The DNS record itself is most definitely configure with the public IP address as shown in the screenshot below.

 

Support has looked at this and they ran a TCP dump and were able to observe the GTM was responding with the correct public IP, but NSLOOKUP and DIG both show the private IP being returned (I can only DIG on the DMZ listener since only the DMZ is accessible from the Internet). I have GTMs in two different datacenters, and the incorrect responses are occuring in the datacenter where the server is currently located. This server is just a Windows VM that is not load balanced, so there is no VS or WIP, it's only built into the GTM as a DNS A record.

 

My best guess is that somehow the GTM is doing a NETBIOS query and finding internal IP of the server, since the listener is in the same subnet as the server, but I'm not sure how to go about troubleshooting this any further. I have many other A and CNAME records that are working as expected, it's only this one that is acting this way. Any help would be appreciated!

 

Here is how the A record is built:

 

Here are our listeners (the top one is the internal and the bottom one is in the DMZ):

 

Here is an output from NSLOOKUP that shows the two listeners responding with different IP addresses:

 

2 Replies

  • If I got this correctly, your other gtm in A DC, let's say gtm-a is giving resolution properly, where as gtm-b in B DC is not.

     

    Can you confirm if the zone synchronization is set to yes here.

     

  • You do understand it correctly. Sync is enabled and working. I can make a change on one GTM and the change syncs to the other GTM successfully.