For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Azzeddine_S's avatar
Azzeddine_S
Icon for Cirrus rankCirrus
Jan 09, 2018

BIG-IP DNS Routing features

Hi all

 

i plan to integrate BIG-IP DNS , i want to connect the ISP connection directly it , in the back end i will install LTM + ASM behind a firewall

 

is it clear that i can configure public IPs on the DNS as listners but whene the process of name resolution is done, the client will send a HTTP GET to obtain the page, the problem is how to send the client request to the web servers located behiend the LTM ?

 

i used to do that on LC by creating VS listening on port 80 and forward that traffic to the back-end, but in the BIG-IP DNS i am unable to create VS from the web management interface

 

i am able to do it from the tmsh and it working good (version 13.1)

 

the question is ther a better way to send the HTTP traffic to the back-end without Virtual server (using routing or somthing else) because i am afraid that the configuration from the TMSH desapear from the future version

 

i am planing to have the DNSSEC, Routing, GSLB, DNS Services licences

 

best regards

 

application delivery
BIG-IP DNS
LTM

1 Reply

  • Lee_Sutcliffe's avatar
    Lee_Sutcliffe
    Icon for Nacreous rankNacreous
    Jan 09, 2018

    Hi, as mentioned in the other thread - no need to put F5 DNS inline It can sit in a DMZ with a public IP address as a listener then when the IP is resolved it is routed out of band towards the LTM on your internal network

     

    E.g.

     

    1) Client DNS Query -> Your edge firewall -> F5 GTM in DMZ 2) Client HTTP Request -> Your edge firewall (NAT) -> LTM on internal network

     

    Do you have restrictions preventing you having F5 DNS out of band?