Forum Discussion
Any way to do DNS loadbalancing without BIG-IP DNS module?
- Jul 17, 2024
So yes, there was a L3 problem - which was that I chose the wrong interface on the BIG-IP VE to monitor traffic. Turned out the monitor packets were sent on the management interface because of a routing thing I just happened to remember.
Anyway: PROBLEM SOLVED. In order to monitor a DNS server by sending a query and checking for a correct response, I did it the hard way by hand-crafting the packets sent to replicate the bytestring as seen when doing a manual DNS lookup, through dumping the packet.
In the "Send string" field you can enter individual bytes by prefixing the hex value with "\x", so I copied the DNS header (including transaction id, query number etc) plus the actual query, converted it to \x format and put it in the Send string field.
In the Receive string field I entered just the ASCII IP address which I knew the correct query would result in if the server is healthy.
Thank you for replying! Yes, I've added the built-in "gateway_icmp" monitor and it works fine.
I'm thinking that the "dns" type of a Monitor object is not meant for monitoring just any node but that it might instead be a part of the GTM/DNS module, which we have not provisioned (and we don't want to).
We did manage to set up a new VS (Fast/Performance L4) and pool by reading an archived guide and following the section for "Basic Stateful UDP traffic management":
https://www.f5.com/pdf/deployment-guides/dns-load-balancing-dg.pdf
The only thing lacking now is a monitor that can actually test DNS functionality. It's probably possible to set it up by using a UDP monitor and entering the request/response strings necessary, but something about that seems a bit off to me.
I'd like to know if a monitor of type "DNS" is supposed to be used to monitor just any node that is configured with port 53/udp and, if so, why the BIG-IP VE doesn't send any DNS udp packets to the pool members but instead just flags the nodes as Down.
EDIT: I now learned that the default "udp" monitor (with no strings configured) is able to tell if a server is listening on 53/udp or not, so I'm using that instead of "gateway_icmp". That should be good enough for our purposes.
the dns monitor doesnt have such limitation.
you should try udp monitor with any send string.
if you dont see the trafic in the tcpdump, then very likely there is L3/L4 config problem.
- MoonlitJul 17, 2024Cirrus
So yes, there was a L3 problem - which was that I chose the wrong interface on the BIG-IP VE to monitor traffic. Turned out the monitor packets were sent on the management interface because of a routing thing I just happened to remember.
Anyway: PROBLEM SOLVED. In order to monitor a DNS server by sending a query and checking for a correct response, I did it the hard way by hand-crafting the packets sent to replicate the bytestring as seen when doing a manual DNS lookup, through dumping the packet.
In the "Send string" field you can enter individual bytes by prefixing the hex value with "\x", so I copied the DNS header (including transaction id, query number etc) plus the actual query, converted it to \x format and put it in the Send string field.
In the Receive string field I entered just the ASCII IP address which I knew the correct query would result in if the server is healthy.- JoseLabraJul 17, 2024MVP
Hiii how r u?
Thx for provide the solution for the issue.
Regards!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com