Forum Discussion
jlarger
Cirrus
CirrusBehavior of outbound DNS query from LTM behavior
We're having intermittent dns failures from our ltm to fqdn-defined resources.
4 name server IPs are confgured.
Since the GUI provides an up/down order button, I presume ip1 is queried, then ip2 if no response, etc. down to ip4, instead of round robin through them. However, I can't find confirmation of this in an F5 kb.
If ip1 does not respond, how long before ip2 is queried? Until the timeout, or some shorter interval?
This is intermittent, so it's classic needle in the haystack. Is it possible to monitor stats for dns query, response, and failure over time?
Definitely more than possible to get those stats. Make an LTM pool of your DNS servers, by IP. Use a DNS monitor against them. You don't need a VIP. You just want to health check them. After that, tmos stats should be able to point out the issue.
- Paulius
MVP
jlarger The DNS query order is from top to bottom for the order in file /etc/resolv.conf if you look at that file in CLI bash. Additionally the timeout should be the Linux default which is two 5 second timeouts for a total of 10 seconds before it checks the secondary DNS server. Now keep in mind that if you're using FQDNs as a pool member you have an additional setting in the GUI that you have to check for the specific node that tells it to honor the DNS record TTL or to use it's own which I believe is 1 hour by default.
- AubreyKingF5
Moderator
Definitely more than possible to get those stats. Make an LTM pool of your DNS servers, by IP. Use a DNS monitor against them. You don't need a VIP. You just want to health check them. After that, tmos stats should be able to point out the issue.
