Forum Discussion

kridsana's avatar
kridsana
Icon for Cirrocumulus rankCirrocumulus
Oct 31, 2024

Can BIG-IP DNS recursion only my domain?

Hi

We are using F5 DNS as DNS server and have many CNAME record.

We want to query those CNAME record and then get IP as a result too. (Which solved by Enable "recursion yes; in named configuration)

But we found problem that our F5 DNS perform recursion on EVERY domain client asking. (eg. f5.com, nginx.com., etc.)

 

We want F5 DNS to answer query on only domain we handle (many domain in zonerunner and gslb)

How can we do that?

 

Is it possible to do that? because "recursion yes;" is config on named configuration. I think it's global configuration. and "allow-recursion {}" is only check for client IP address (it's not check on domain we handle)

Thank you

  • Is there a way to create iRule to check if DNS query is our handle zone or not?

    If it our zone > use dns profile which allow recursion Process Recursion Desired is enabled (by default)

    If it not our zone > use dns profile which allow recursion Process Recursion Desired is disabled 

     

    But problem is many CNAME is resolve to cloud (for example www.ourzone.com IN CNAME abcw123s.cloudflare.com. )


    When we query www.ourzone.com, F5 will use dns profile which recursion is enabled. But

    When F5 try to recursion to see IP of that CNAME (abcw123s.cloudflare.com.) , What dns profile it will used?