Forum Discussion
NimbostratusBIGIP DNS forwarder
Hello Everyone,
I need small help with dns forwarding on F5 DNS.
At present we have wide ips configured on F5 dns like example: test.abc.com; uat.abc.com etc
Under the zonerunner section it automatically has created the zone for "abc.com", so far so good.
We have a bind linux server which has got some dns A records in the same zone like test123.abc.com etc.
Now I want F5 DNS to reply the queries for the all the wide ips configured on F5 DNS and simply forward all the request which are not configured on f5 dns to bind. For this I have configured the forwarder and allowed recursion in the named configuration. When I did the nslookup pointing dns queries to listener on F5 dns for test123.abc.com I found that F5 is getting the request but not forwarding it to bind.In a nutshell I found that f5 dns wont forward anything to bind on zone "abc.com" becuase if I try dns query for another domain like it forwards the request to bind, and I think the reason becuase F5 has some wide ips in the zone abc.com it considers itself as master of that zone atleast this is what I see under the zonerunner configuration.
I tried to create the forwarding dns using a wildcard like *.abc.com, but f5 wont let me do that.
We have a cisco GSS at one of the site which exctly does the same thing, and forwards the request for a wildcard domain *.abc.com to binds.
Can anyone suggest how can I do this on F5, any suggestions would be appricated.
Thanks, Pankaj
PPawar_309940Anyone ??
cjuniorNacreous
Hello,
Sorry by the questions,
What the configuration for DNS profile attached on listener?
Is this not a case for a record delegation?
Respectfully- PPawar_309940
Thanks for the reply cjunior.
But what dns listner has to do with this, also can I delegate the zone to external bind for which as per the zonerunner my F5 dns is the authorotative server. All I want is to forward all dns traffic from f5 to external bind server if the A record is not configured on F5.
As I have mentioned in the previous post that we have GSS doing the same thing and passing *.test.com to bind server.
Sorry for my ignorance on this topic as by no means I am expert on this.
Any help with the example will be appreciated.
Thanks, Pankaj
- cjunior
No problem, I asked because the listener can drop "Unhandled Query Actions" and disable "Use BIND Server on BIG-IP."
Regards. Hi,
You can configure your external BIND server with F5 DNS Express. So then you can take full advantage of the BIG-IP platform and maintain your BIND environment. Don't forget to set your DNS profile properly.
Please take a look at the following great articles to understand how DNS Express can help you:
Lightboard Lessons: DNS Express
DNS Express and Zone Transfers
Good day, This question seems to be coming up alot lately. I tried this on my DNS system and it worked for me. Can you give this a try?
1. Log into Gui 2. Select the zone "abc.com." 3. Select 'Resource Records' 4. Click the 'Create' button to add the glue 'A' RR for the delegation server. 5. Adjust the 'Record Configuration' values a. 'Name' should be set to the name of the DNS server authoritative for test123.abc.com NOTE: This should be the FQDN of the host ex. ns1.test123.abc.com. b. 'TTL' should be set to a reasonable value, say '500' c. Set 'Type' to 'A' d. Set 'IP Address' to the remove DNS server e. Click 'Finished' button 6. Click the 'Create' button to add the 'NS' RR for the delegation server. 7. Adjust the 'Record Configuration' values a. 'Name' should be set to the name of the delegated domain, "test123.abc.com." NOTE: Make sure this is the domain, not the host b. 'TTL' should be set to a reasonable value, say '500' c. Set 'Type' to 'NS' d. Set 'Nameserver' to the name used in step 7 above. ex. ns1.test123.abc.com. e. Click 'Finished' button 8. Query the GTM listener for a resource record known only by the delegated DNS server, say test1.test123.abc.com. 9. Enable recursion if you want the local BIND server to do all the work. Disable recursion if you want the local BIND to only return the referral.Hope you find this helpful.
One more item: My BIG-IP DNS is 10.12.23.120 and my remote Linux DNS server is 10.12.23.27. Record setup looks like:
abc.com. external abc.com. 11 NS ltm1.abc.com. abc.com. external abc.com. 11 SOA ltm1.abc.com. ltm1.abc.com. external abc.com. 11 A 10.12.23.120 ns1.test.abc.com. external abc.com. 11 A 10.12.23.27 test.abc.com. external abc.com. 11 NS ns1.test.abc.com.- PPawar_309940
Thank you very much guys. I will give this a go and will let you all know the outcome.
Thanks, Pankaj
- PPawar_309940
Hello Kevin,
I tried this its kind of working, but this is not what I would desire, please correct me if I am doing something wrong.
- Selected the already created zone from wide ip, zone was "abc.com."
- Under the Resource Record tab created the record configuration as below :
Name : ns1.abc.com ( name of the bind server ) TTL : 500 Type : A, then clicked on finished.
- Under the same tab, created record configuration as below
Name : as you said it should be the name of the delegated domain, whcih is abc.com
TTL : 500
Type : NS
Nameserver : ns1.abc.com
Now as soon as I click on finished, F5 threw an error and it wont let me use the domain name as "abc.com."
Now if put the host name like uat.abc.com ( this is the host A record already configured on the external bind ) then it works, which means if I have 100 records in binds then I have to create 100 NS records in F5 which doesn't look correct to me.
In our scenario we have configured wide ips on F5 for only those services which requires dns load balancing and which are on domain .abc.com domain.
For the services which does not require dns load balancing are configured on the binds which are also on the same domain as abc.com.
So my idea was to pass all the non gslb dns queries which are not on F5 to binds by simply doing *.abc.com and forward it to bind.
Thanks, Pankaj
- longnv
Cirrus
recursion yes; forwarders { 8.8.8.8; };
