Forum Discussion
- mkyrcCirrus
Hello,
sync between "DNS/GTM" is based on different way as "LTM". HA between DNS devices is required only if you need configure cluster of DNS devices (for DNS listener - it is virtual server in background). When you have independent DNS/GTM devices (in different geo locations) HA is not required.For sync configuration data between DNS devices (data centers, servers, prober pools, wide IPs, pools, etc) you need configure several parts. In short:
- install the same version of big3d on all devices (`big3d_install <peer-device>` is you friend)
- exchange device certs (`big_add <peer>`)
- configure sync group (DNS -> Settings -> GSLB -> General) and there check "synchronize" and (recommended) set "group name"
- add another gtm to "sync group" (`gtm_add`). Be carefully, LOCAL config will be replaced by remote config.
- ^^ sync group is created.
Good to know:
- DNS devices are synced over "data" interface (not "mgmt" or "HA"), because they can sit on different data centers around the world
- You need to add all DNS members (in sync group) in server list (not only "LTM" or "generic" hosts where virtual servers are running). This is very common mistake when DNS sync is not working.
You can find more details about DNS sync here: https://my.f5.com/manage/s/article/K45907236
Martin
- Herman2024Nimbostratus
Thanks Martin for your kind advice! The problem is when I tried to add a new gtm to "Sync group" , the local config isn't replaced by remote config. I have to manually add both existing DNS with the server and new DNS with the server onto each other's machine, then can syncronized.
Following are what I did., but the dns config was not copied to new DNS box from existing DNS box. Please advise, thanks.
- the existing dns box is configured with server -- DC A , server A, auto-discover virtual servers, sync is enabled with snyc-group name "Test-sync-group"
- a new dns is setup with DC B, server B, auto-discover virtual servers
- enable sync on new DNS and set the sync group name to "Test-sync-group"
- Add new DC B and server B onto the existing DNS box
- login to new DNS box via CLI, run the command "tmsh run gtm gtm_add <ip-existing DNS self-ip>, but the response message is "Existing"
- the existing DNS config (DC name, server name ) is not copied to new DNS box , the port lock down of the self IP on both box are set to "Allow all". and run netstat -na | grep 4353 , the communication between both boxes are "Established" on port 4353.