Forum Discussion

Herman2024's avatar
Herman2024
Icon for Nimbostratus rankNimbostratus
Sep 17, 2024

dns config is not sync to standby f5 for HA cluster

Hi , I have setup a HA cluster big-ip, the virtual server will be automatically created on standby unit, but any config under DNS is not sync to standby unit. Is it normal ? I am new to f5, anyone pl...
announcement
application delivery
mkyrc's avatar
mkyrc
Icon for Cirrus rankCirrus
Sep 17, 2024

Hello,
sync between "DNS/GTM" is based on different way as "LTM". HA between DNS devices is required only if you need configure cluster of DNS devices (for DNS listener - it is virtual server in background). When you have independent DNS/GTM devices (in different geo locations) HA is not required.

For sync configuration data between DNS devices (data centers, servers, prober pools, wide IPs, pools, etc) you need configure several parts. In short:

  1. install the same version of big3d on all devices (`big3d_install <peer-device>` is you friend)
  2. exchange device certs (`big_add <peer>`)
  3. configure sync group (DNS -> Settings -> GSLB -> General) and there check "synchronize" and (recommended) set "group name"
  4. add another gtm to "sync group" (`gtm_add`). Be carefully, LOCAL config will be replaced by remote config.
  5. ^^ sync group is created.

Good to know:

  • DNS devices are synced over "data" interface (not "mgmt" or "HA"), because they can sit on different data centers around the world
  • You need to add all DNS members (in sync group) in server list (not only "LTM" or "generic" hosts where virtual servers are running). This is very common mistake when DNS sync is not working.

You can find more details about DNS sync here: https://my.f5.com/manage/s/article/K45907236

Martin

  • Herman2024's avatar
    Herman2024
    Icon for Nimbostratus rankNimbostratus
    Sep 19, 2024

    Thanks Martin  for your kind advice! The problem is when I tried to add a new gtm to "Sync group" , the local config isn't replaced by remote config. I have to manually add both existing DNS with the server  and new DNS with the server onto each other's machine, then can syncronized. 

    Following are what I did., but the dns config was not copied to new DNS box from existing DNS box. Please advise, thanks. 

    1. the existing dns box is configured with server -- DC A , server A, auto-discover virtual servers, sync is enabled with snyc-group name "Test-sync-group"
    2. a new dns is setup with DC B, server B, auto-discover virtual servers
    3. enable sync on new DNS and set the sync group name to "Test-sync-group" 
    4. Add new DC B and server B onto the existing DNS box
    5. login to new DNS box via CLI, run the command "tmsh run gtm gtm_add <ip-existing DNS self-ip>, but the response message is "Existing" 
    6. the existing DNS config (DC name, server name ) is not copied to new DNS box , the port lock down of the self IP on both box are set to "Allow all". and run netstat -na | grep 4353 , the communication between both boxes are "Established" on port 4353.