F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Herman2024's avatar
Herman2024
Icon for Cirrostratus rankCirrostratus
Sep 16, 2024

dns config is not sync to standby f5 for HA cluster

Hi , I have setup a HA cluster big-ip, the virtual server will be automatically created on standby unit, but any config under DNS is not sync to standby unit. Is it normal ? I am new to f5, anyone pl...
announcement
application delivery
Herman2024's avatar
Herman2024
Icon for Cirrostratus rankCirrostratus
Sep 19, 2024

Thanks Martin  for your kind advice! The problem is when I tried to add a new gtm to "Sync group" , the local config isn't replaced by remote config. I have to manually add both existing DNS with the server  and new DNS with the server onto each other's machine, then can syncronized. 

Following are what I did., but the dns config was not copied to new DNS box from existing DNS box. Please advise, thanks. 

  1. the existing dns box is configured with server -- DC A , server A, auto-discover virtual servers, sync is enabled with snyc-group name "Test-sync-group"
  2. a new dns is setup with DC B, server B, auto-discover virtual servers
  3. enable sync on new DNS and set the sync group name to "Test-sync-group" 
  4. Add new DC B and server B onto the existing DNS box
  5. login to new DNS box via CLI, run the command "tmsh run gtm gtm_add <ip-existing DNS self-ip>, but the response message is "Existing" 
  6. the existing DNS config (DC name, server name ) is not copied to new DNS box , the port lock down of the self IP on both box are set to "Allow all". and run netstat -na | grep 4353 , the communication between both boxes are "Established" on port 4353. 

 

 

welinton_trigueiro's avatar
welinton_trigueiro
Icon for Cirrus rankCirrus
Nov 01, 2024

Check the logs in /var/log/gtm for SSL errors; it’s possible that the BIGIP-DNS systems are not communicating.

Validate that after executing the bigip_add command, the certificates were copied between the BIGIP-DNS systems. These certificates are used for authentication and the correct functioning of big3d and iquery.

Check on both BIGIP-DNS systems to ensure the certificates were replaced and are in their respective paths: /config/big3d/client.crt and /config/gtm/server.crt. Inside the .crt files, you should see the certificates for both BIGIP-DNS systems.

 

Here are some articles that might help with troubleshooting:

Synchronized Objects - https://my.f5.com/manage/s/article/K45907236


Port release requirements between GTMs - https://my.f5.com/manage/s/article/K13734


This article gives a great overview of how gtm_add, big3d_install, and bigip_add work - https://my.f5.com/manage/s/article/K13312


To verify iQuery communication - iqdump <remote BIG-IP system>"

From your description, this lab is similar to the environment you are working in.