Forum Discussion
Sefi_Miz
Altostratus
AltostratusCNAME and A record in F5 DNS
Hi, I have F5 GTM version 15.1.2.1 and I have problem in configure A record with cname pool. I created cname pool with long member of Heroku domain and then I add this pool to A record with my doma...
Sefi_MizAltostratus
AltostratusHi,
Thank you for your answer.
I tried to do what you wrote and I also verified it with the link you sent me and I still in the same situation - when I'm typing in my browser "test.sefi" I get "DNS_PROBE_FINISHED_NXDOMAIN"
When I trying to do nslookup for test.sefi it show me that the record exist but not showing the cname "a.com"
but when I'm writing in nslookup "set type=cname" and then I give him the "sefi.test" it show me that it refer to cname "a.com".
when I'm trying to do ping to test.sefi it give me an error that "Ping request could not find host".
What I'm doing wrong?
- Nikoolayy1
MVP
You have a wide IP A record type for "test.sefi" with a pool with a static target not only Wide IP with CNAME type ?
Also is the real server that hosts "a.com" correctly configured as the issue could be with it as when the F5 redirects the DNS requests to it then the issue to happen?
Also better test with dig not nslookup as nslookup is more limited and it could be that CNAME record for a.com is returned from F5 device but the Windows nslookup (or the configured LDNS server that the windows workstation uses) may want an A record and after that it may make an automatic A record DNS request. Try switching between using iterative or recursive DNS lookup or just use dig with the +trace option to see everything in the DNS reply.
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/nslookup-set-recurse
https://clouddocs.f5.com/training/community/dns/html/class4/module1/lab3.html
https://clouddocs.f5.com/training/community/dns/html/class4/module1/lab3.html
You may do a wireshark capture on the F5 device to 100% certain that it returns the "DNS_PROBE_FINISHED_NXDOMAIN" not the Local DNS (LDNS) server that your test workstation uses, as the traffic patern is Windows Workstation > LDNS > F5 device. You can also use th dig command from the F5 device itself with dig @<DNS Listener IP adderess> test.sefi and dig @<DNS Listener IP adderess> +trace test.sefi
Also I don't know your network as maybe the F5 DNS/GTM is your local DNS (LDNS), in other words your test workstation is configured to use it as DNS server you may need to enable recursive lookup from it and still when the client workstation sends a DNS request for 'test.sefi' and F5 tries to resolve it, after it sees the A record Wide IP for test.sefi with a CNAME static target it will try to another DNS resolution after the first one to get the A record for "a.com" and if you have not set correctly the DNS for "a.com", it may return error to the client workstation . This is how LDNS works as the customers send "recursive DNS queries" and the LDNS sends many "iterative" DNS queries. So do a little troubleshooting to confirm, from where you get the DNS error "DNS_PROBE_FINISHED_NXDOMAIN".
.
https://support.f5.com/csp/article/K14510
