Forum Discussion
kridsana
Cirrocumulus
CirrocumulusCan BIG-IP DNS recursion only my domain?
Hi We are using F5 DNS as DNS server and have many CNAME record. We want to query those CNAME record and then get IP as a result too. (Which solved by Enable "recursion yes; in named configurat...
zamroni777
Nacreous
Nacreousas you set f5 dns as client's DNS server, it is common/usual behavior that such intranet DNS servers does recursion.
if not, then each client will have to query internet name servers.
dns servers also caches dns response according to the ttl
so recursion by such intranet dns server makes your network creates much less dns requests to internet name servers
kridsanaYeah, for our client in intranet, F5 act as intranet DNS server which allow recursion on all domain.
-
Problem is our F5 DNS act as GSLB which is external DNS server too.
.
If we allow-recursion only on intranet client IP, when external customer resolve CNAME record of our domain, They will not get IP address.
-
If we allow-recursion on all client IP, Everyone can resolve all record in the world from our F5 DNS which shouldn't be like that (F5 will be subject of DNS attack amplification).
-
That's why we need to allow-recursion on only our domain.
-
Problem is how can we do it? Is it possible?