Forum Discussion

WWT_BIGIP_99228's avatar
WWT_BIGIP_99228
Icon for Nimbostratus rankNimbostratus
Apr 09, 2012

DNS equivalent of an x-forwarded-for

We want to be able to log failed queries on our DNS servers however, we are currently getting the floating ip of the HA pair because we are load balancing DNS through a virtual server. Is there a way ...
application delivery
dev
devops
iRules
hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Apr 11, 2012
You could disable SNAT on the DNS server pool to disable SNAT just for this virtual but leave existing virtual servers as is.

 

 

If the DNS servers' default gateway is LTM they'll respond back through LTM. If the default gateway isn't LTM or you don't want to pass the responses back through LTM, you could use nPath (direct server return) on a stateless virtual server. This should be a lot more efficient in terms of LTM CPU and memory utilization and have lower latency for clients as there will be one less hop on responses. For nPath, you'd need to configure the virtual server address on a loopback interface on the DNS servers so that they'll respond back to the client from the client's original destination IP address.

 

 

See the nPath chapters for details:

 

https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-1-0.pdf

 

 

Aaron