Forum Discussion

Herman2024

Nimbostratus

Sep 17, 2024

dns config is not sync to standby f5 for HA cluster

Hi , I have setup a HA cluster big-ip, the virtual server will be automatically created on standby unit, but any config under DNS is not sync to standby unit. Is it normal ? I am new to f5, anyone pl...

announcement

application delivery

Herman2024

Nimbostratus

Thanks Martin for your kind advice! The problem is when I tried to add a new gtm to "Sync group" , the local config isn't replaced by remote config. I have to manually add both existing DNS with the server and new DNS with the server onto each other's machine, then can syncronized.

Following are what I did., but the dns config was not copied to new DNS box from existing DNS box. Please advise, thanks.

the existing dns box is configured with server -- DC A , server A, auto-discover virtual servers, sync is enabled with snyc-group name "Test-sync-group"
a new dns is setup with DC B, server B, auto-discover virtual servers
enable sync on new DNS and set the sync group name to "Test-sync-group"
Add new DC B and server B onto the existing DNS box
login to new DNS box via CLI, run the command "tmsh run gtm gtm_add <ip-existing DNS self-ip>, but the response message is "Existing"
the existing DNS config (DC name, server name ) is not copied to new DNS box , the port lock down of the self IP on both box are set to "Allow all". and run netstat -na | grep 4353 , the communication between both boxes are "Established" on port 4353.

welinton_trigueiro

Cirrus

Nov 01, 2024

Check the logs in /var/log/gtm for SSL errors; it’s possible that the BIGIP-DNS systems are not communicating.

Validate that after executing the bigip_add command, the certificates were copied between the BIGIP-DNS systems. These certificates are used for authentication and the correct functioning of big3d and iquery.

Check on both BIGIP-DNS systems to ensure the certificates were replaced and are in their respective paths: /config/big3d/client.crt and /config/gtm/server.crt. Inside the .crt files, you should see the certificates for both BIGIP-DNS systems.

Here are some articles that might help with troubleshooting:

Synchronized Objects - https://my.f5.com/manage/s/article/K45907236

Port release requirements between GTMs - https://my.f5.com/manage/s/article/K13734

This article gives a great overview of how gtm_add, big3d_install, and bigip_add work - https://my.f5.com/manage/s/article/K13312

To verify iQuery communication - iqdump <remote BIG-IP system>"

From your description, this lab is similar to the environment you are working in.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

dns config is not sync to standby f5 for HA cluster

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Integrating with your IPv6 Kubernetes Cluster

Multiple Kubernetes Clusters and Path-Based Routing with F5 Distributed Cloud

F5 BIG-IP per application Red Hat OpenShift cluster migrations

Scale Multi-Cluster OpenShift Deployments with F5 Container Ingress Services

Multi-Cluster, Multi-Cloud Networking for K8S with F5 Distributed Cloud – Deployment Guideline

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS