Nimbostratus
NimbostratusHi James,
Running into kinda the same issue atm; Windows DNS server(s) (still need to confirm the OS version and release) quering BIGIP DNS (version 12.1.3.6 Build 0.0.3 Point Release 6).
Same concept as you described: Corp DNS also has CNAME Records that will do global resolution, example would be CNAME funkytown.ilb.blank.com Alias funkytown.blank.com. Corp DNS would send that request to the Internal F5 DNS server that responds back with an A record with IP address. Corp DNS is the SOA for blank.com and the F5 DNS is the SOA for ilb.blank.com
The clients receive an incomplete answer to their query: the fqdn is there but no IP address. When this happens no query is sent to the BIGIP (confirmed in BIGIP logs).
Nothing of a clue as to why this happens let alone a fix.
PS> there used to be an issue in Win. 2008 R2 - https://support.microsoft.com/en-us/help/3022780/dns-server-does-not-respond-with-ip-address-to-a-cname-query-for-a-del
NimbostratusThanks for the repsonse.
Glad to read that you have the issue solved for your deployment. It looks like a workaround for an issue; the issue being that the Microsoft DNS server/service does not acknowledge the SOA record sent from the BIGIP as a valid SOA record.
If the SOA record sent by the BIGIP is not accepted as a valid SOA records by the Microsoft DNS ..
It turns out that, following K14510, F5 recommends that you disable BIND in the DNS profile when you use the DNS Express feature.
In version 12.1.3.6 Build 0.0.3 Point Release 6 - the version I'm running - DNS Express is actually part of the DNS profile with the possibility to enable or disable it.
I've read that DNS Express comes as a add-on with DNS (GTM) or as a feature with LTM; I've got a DNS only box.
Thanks for the repsonse.
Cheers, Avi