Forum Discussion
CirrostratusA virtual server without a pool member gives wrong answers for the records in the Wide IP list.
Hi everyone,
I created a virtual server on LTM to be able to answer dns request and I have not assigned any pool member for that virtual server. My aim is just to return answers for the records stated in Wide IP lists.
In my scenario, I use a windows PC and nslookup tool. On nslookup prompt when I set the virtual server IP as a dns server which I mention above, the dns requests are sent as domain suffix added. Let's think my dns request is "; but the dns request is sent as "; and of course, f5 gives no response for the ";. This issue does not happen when I add a pool member to the virtual server.
-
The sample tcpdump output when a pool member exists, multiple dns trials exist such as ., ., .
-
The sample tcpdump output when no pool member exists, . (only one try).
Would you mind sharing the reason of that situation?
kolomAltostratus
Try Changing the DNS setting under your IPv4 adapter advanced settings , choose Append these DNS suffixes , and add dot (.) as a domain suffix .This should remove any extra suffix from your query.
oguzyHi kolom22,
Thanks to your method, I was able to make a successful dns query. With regard to my question, what do you think about the behavior of F5 for that kind of issue?
Can you recommend some reading about that concept?
- kolom
So you were able to query the listener configured on F5 , and you got the right response .So what is the issue now ?
- oguzy
Actually, just I wonder if no pool member exists for a listener, and the dns settings of a windows client machine is set as "Append primary and connection specific DNS suffixes" and "Append parent suffixes of the primary DNS suffix", why the query attempts of dns are not made till the top-level domain (i mean till dot (.)).
Please check the sample tcpdump output on the question to make it clear. Maybe it is not an important issue or it is specific to my settings, condition etc., if it does not make sense, you can just ignore it.
Thank you for your interest.
kolom_265617Try Changing the DNS setting under your IPv4 adapter advanced settings , choose Append these DNS suffixes , and add dot (.) as a domain suffix .This should remove any extra suffix from your query.
- oguzy
Hi kolom22,
Thanks to your method, I was able to make a successful dns query. With regard to my question, what do you think about the behavior of F5 for that kind of issue?
Can you recommend some reading about that concept?
- kolom_265617
So you were able to query the listener configured on F5 , and you got the right response .So what is the issue now ?
- oguzy
Actually, just I wonder if no pool member exists for a listener, and the dns settings of a windows client machine is set as "Append primary and connection specific DNS suffixes" and "Append parent suffixes of the primary DNS suffix", why the query attempts of dns are not made till the top-level domain (i mean till dot (.)).
Please check the sample tcpdump output on the question to make it clear. Maybe it is not an important issue or it is specific to my settings, condition etc., if it does not make sense, you can just ignore it.
Thank you for your interest.
- Stanislas_Piro2
Cumulonimbus
Hi,
This is the expected behavior of dns suffixes.
If the user dns record does not end with dot which means root dns, the dns lookup system will try first with all configured dns suffixes before trying root dns suffix.
When you say you add a pool to virtual server, which vs are you talking about? The dns listener?
If you don’t assign a pool to dns listener virtual server, and no wideIp matches, the dns request is sent to the local bind server which answer with nxdomain.
If there is a listener assigned pool, the dns request is sent to the pool member. If it’s not a dns server, it won’t answer a valid dns response, bigip will drop it, so the nslookup won’t send following request with other suffixes.