BIGIP DNS forwarder

1. Log into Gui 2. Select the zone "abc.com." 3. Select 'Resource Records' 4. Click the 'Create' button to add the glue 'A' RR for the delegation server. 5. Adjust the 'Record Configuration' values a. 'Name' should be set to the name of the DNS server authoritative for test123.abc.com NOTE: This should be the FQDN of the host ex. ns1.test123.abc.com. b. 'TTL' should be set to a reasonable value, say '500' c. Set 'Type' to 'A' d. Set 'IP Address' to the remove DNS server e. Click 'Finished' button 6. Click the 'Create' button to add the 'NS' RR for the delegation server. 7. Adjust the 'Record Configuration' values a. 'Name' should be set to the name of the delegated domain, "test123.abc.com." NOTE: Make sure this is the domain, not the host b. 'TTL' should be set to a reasonable value, say '500' c. Set 'Type' to 'NS' d. Set 'Nameserver' to the name used in step 7 above. ex. ns1.test123.abc.com. e. Click 'Finished' button 8. Query the GTM listener for a resource record known only by the delegated DNS server, say test1.test123.abc.com. 9. Enable recursion if you want the local BIND server to do all the work. Disable recursion if you want the local BIND to only return the referral.

Kevin_K_51432

Historic F5 Account

Aug 03, 2017

One more item: My BIG-IP DNS is 10.12.23.120 and my remote Linux DNS server is 10.12.23.27. Record setup looks like:

abc.com.                external        abc.com.        11      NS      ltm1.abc.com.
abc.com.                external        abc.com.        11      SOA     ltm1.abc.com.
ltm1.abc.com.           external        abc.com.        11      A       10.12.23.120
ns1.test.abc.com.       external        abc.com.        11      A       10.12.23.27
test.abc.com.           external        abc.com.        11      NS      ns1.test.abc.com.

PPawar_309940
Nimbostratus
Aug 03, 2017
Thank you very much guys. I will give this a go and will let you all know the outcome.

Thanks, Pankaj
PPawar_309940
Nimbostratus
Aug 04, 2017
Hello Kevin,

I tried this its kind of working, but this is not what I would desire, please correct me if I am doing something wrong.

Selected the already created zone from wide ip, zone was "abc.com."
Under the Resource Record tab created the record configuration as below :

Name : ns1.abc.com ( name of the bind server ) TTL : 500 Type : A, then clicked on finished.

Under the same tab, created record configuration as below

Name : as you said it should be the name of the delegated domain, whcih is abc.com

TTL : 500

Type : NS

Nameserver : ns1.abc.com

Now as soon as I click on finished, F5 threw an error and it wont let me use the domain name as "abc.com."

Now if put the host name like uat.abc.com ( this is the host A record already configured on the external bind ) then it works, which means if I have 100 records in binds then I have to create 100 NS records in F5 which doesn't look correct to me.

In our scenario we have configured wide ips on F5 for only those services which requires dns load balancing and which are on domain .abc.com domain.

For the services which does not require dns load balancing are configured on the binds which are also on the same domain as abc.com.

So my idea was to pass all the non gslb dns queries which are not on F5 to binds by simply doing *.abc.com and forward it to bind.

Thanks, Pankaj

Kevin_K_51432

Historic F5 Account

Aug 04, 2017

Hi Pankaj, Sorry for misunderstanding your question. I tested Pedro's recommendation above and it worked for me. This seems like what you want to do. If you're prefer the UI to command line, here's the steps:

Log in to UI.
Navigate to Local Traffic > Pools > Pool List
Click Create
Add UDP monitor
Add New Members using IP address and port of the DNS server(s)
Click Finished.

Navigate to DNS > Listener
Select Listener
Change Listener: drop-down from Basic to Advanced
Check Address Translation
You may need SNAT automap depending on your routing config.
Click Load Balancing tab at the top.
From Default Pool drop-down select your pool.
Click update

All of the non Wide-IP requests for the domain will be sent to the DNS server.

Hope this works for you!

PPawar_309940
Nimbostratus
Aug 05, 2017
Thanks Kevin/Pedro.

This is working like expected.

I will throw some more test, but I am certain that this configuration is working.

Thanks a lot for your time.

Thanks, Pankaj
Kevin_K_51432
Historic F5 Account
Aug 06, 2017
That's great news, thanks for letting us know Pankaj!
IRONMAN_183357
Nimbostratus
Jul 20, 2018
Kevin,

by adding the external DNS server pool to listeners, is it DNS forwarder, which will configure in zone runner under name configuartion?

Forum Discussion

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Does F5 Rules for AWS WAF - Common Vulnerabilities & Exposures Mitigate Log4J vulnerabilities

Credentialed Scanning - F5OS - Rseries

WebSocket connection to 'wss://...' failed: Invalid frame header

f5 asm reporting aggregate

rSeries 4600 additional Core Enable

Related Content

F5 DNS Forwarding

Can distributed cloud DNS and BigIP DNS perform GSLB together?

F5 XC Distributed Cloud DNS GSLB implementing Split-DNS

Re: BigIP Report

BIG-IP DNS Forwarder Support via iRule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS