Forum Discussion

Nimbostratus

10 years ago

DNS Express for CNAME Record Non-authoritative

Hi, In DNS Express, we have a CNAME that points to a record in a zone that we're non-authoritative. When querying this record CNAME record from a client, DNS Express does not return the A recor...

BIG-IP DNS

deployment

Andrea_Arquint

Nimbostratus

9 years ago

Hi Lyndon,

This is basically by design because DNS-Express doesn't do any further recursion for that cname. So, your question is maybe targeting using F5 DNS as LDNS via DNS-Express right?

Basically, when a user does a DNS request on his dial-up for instance he will ask first its LDNS (local ISP DNS server) which does ask for a specific A-record (based on DNS iteration) the corresponding authoritative DNS server for the requested RR. If the authoritative DNS server is a BIG-IP with DNS-Express enabled for that zone, it will answer with the particular A-record.

In case the users DNS A-record request would point at the end to a non-authoritative cname on DNS-Express we will just respond with the cname RR only and the LDNS (local ISP DNS for that dial-up) would do the recursion.

I hope it's clear so far.

Now, there many way's to configure the box doing this.

Answer: Layered Virtual

One which does work is, configure an external listener with a "resolver cache" profile (the BIG-IP in that case does recursion to the root-hits by default or as you define). Then define within the cache the "Forward Zones" and point the zone to a second listener (which is internally available only!) and define for that listener a profile which has DNS-Express enabled on it. Done.

It is very simple. We are just acting with the external listener as the LDNS (local ISP DNS server) in front of the internal DNS-Express listener. Finally, we are able to do the recursion for that stuff ;-).

Cheerio, Andrea

Peter_Baumann

Cirrostratus

8 years ago

Thank you Andrea for this explanation. I just had the same problem on a already productive installation with DNS-Express. We had to disable DNS-Express since it seems not to support CNAME recursion. The layered VS setup would be easy to solve the problem, but we cannot do more experiments on this productive systems.

According to this: https://devcentral.f5.com/questions/dns-express-and-cnames-to-aws-servers Using just the BIND backend performed well.

So DNS-Express only seems to be usefull for an authoritative DNS only, and not for a LDNS for clients 😞

Thanks! Peter

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

DNS Express for CNAME Record Non-authoritative

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

FQDN Node Configuration

Logical Disk Full to Migrate rSeries

Priority Group Activation is not working

Changes to DO and AS3 GitHub - no longer monitored

SSL Forward Proxy, iRules and Client Hello

Related Content

Advanced iRules: Regular Expressions

DNS Express and Zone Transfers

iRule based 'Natural Speech' Expression Language

Managing ZoneRunner Resource Records with Bigsuds

dns express reboot gtm

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS