Big IP DNS Failover

Question

Hello people I am new to Big IP DNS world.

We have two Big IP DNS currently synchronizing across 2 DC.

Big IP DNS is used in a DNS delegation architecture making use of sub domains. All of our request goes to our internal Domain Controller/DNS and then it has our NS as well as CNAME record pointing towards Big IP DNS.

I was trying to test whether or not the Big IP DNS failover would work if one of the Big IP DNS completely goes offline before we plan for our upgrade. Previous employee who did all the work has left and no one has any idea if it would work.

The tcpdump capture shows that both of the DNS is receiving DNS traffic and also the stats from the F5 itself shows the increment.

What would be the best way to test that the redundancy? Forcing the primary DNS as offline?

injeyan_kostas · Answer

Your BIG-IP DNS devices are synchronized but not clustered, unlike an Active-Standby setup in LTM. Instead, they operate in an Active-Active scenario, which is why you observe traffic on both devices.&nbsp;This is an example:A client makes a DNS query, which reaches your internal DNS.The internal DNS responds with a CNAME pointing to a subdomain hosted on BIG-IP.The client then queries the authoritative DNS for this subdomain and receives two NS records—one for each BIG-IP DNS.The client selects one of these NS records randomly.If the chosen NS does not respond, the client automatically retries with the second NS.&nbsp;So, since both BIG-IP DNS devices function independently and actively, you can safely take one offline without impacting DNS resolution. The remaining device will continue handling queries seamlessly.

zamroni777 · Answer

adding to Injeyan_Kostas ,
it is inherent limitation in Internet DNS that client cant verify DNS server availability before sending the DNS request and no quick fail method except timeout.DNS is designed in 1980s to work on computer with few MHz of CPU spec.

Forum Discussion

Big IP DNS Failover

2 Replies

Recent Discussions

AS3 per-app JSON schema issue

F5 https monitor receive string

AWAF Detection Inconsistency Between Similar Test Payloads

URI-based Blocking vs. IP-based Ban in irules

F5 LTM Virtual Server IP NAT Configuration

Related Content

BIG-IP Next for Kubernetes CNFs - DNS walkthrough

Cisco ACI Endpoint Learning with a BIG-IP HA Failover

Using Distributed Cloud DNS Load Balancer with Geo-Proximity and failover scenarios

F5 Cloud Failover Extension (CFE), private endpoints, and custom DNS

Using ExternalDNS with F5 CIS to Automate DNS on Non-F5 DNS Servers