Forum Discussion
Configuring listener IP for TCP
- Feb 18, 2022
Hi Khaled_HA,
UPD is limited to 512 bytes. Some of the newer record types might contain messages that exceed the 512 byte limit and use TCP as fallback.
- See: RFC 5966 - DNS Transport over TCP - Implementation Requirements
- And also: K91537308: Overview of the truncating rule when DNS response size is over 512 Bytes
I never tried to pass the 302 exam. However, I am 100% it is for BIG-IP 12.1. You are looking at an article that is relevant for 14.1 to 16.1. Make sure you are looking the relevant sources (K29900360: F5 certification | Exams and blueprints).
KR
Daniel - Feb 20, 2022
I will try to answer your second question too:
This solution (K14510: Overview of DNS query processing on BIG-IP systems) explains in which order the BIG-IP processes DNS requests and how to configure Unhandled Query Actions. One setting for unhandled queries is Reject.
- Use the Reject setting to return a REFUSED status for the DNS query.
DISCLAIMER: I admit that I am not an expert for BIG-IP DNS. Maybe this is not the only correct answer to your question.
Hay Daniel_Wolf,
Thanks for bringing that to my mand.
Regarding my second question; what are the setuations where big-ip DNS would refuse the connection ?
If the big-ip DNS recieved a query for a domain that it is not authoritative for, will the big-ip DNS refuse the query ?
I will try to answer your second question too:
This solution (K14510: Overview of DNS query processing on BIG-IP systems) explains in which order the BIG-IP processes DNS requests and how to configure Unhandled Query Actions. One setting for unhandled queries is Reject.
- Use the Reject setting to return a REFUSED status for the DNS query.
DISCLAIMER: I admit that I am not an expert for BIG-IP DNS. Maybe this is not the only correct answer to your question.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com