For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mariusz_B's avatar
Mariusz_B
Icon for Nimbostratus rankNimbostratus
Sep 29, 2014

DNS failover

Hi all,

 

Can someone advice please if it's possible to monitor a VPN line from GTM, and respond to a DNS query based on the line status?

 

For example client uses 2 VPN lines (primary to DC1 and secondary to DC2) and has a zone forwarder for a domain hosted on my GTMs. Unfortunately it is not easy to setup zone forwarder to use the primary DNS by default, and secondary only in case of a failure. The DNS server uses round-robin instead. Let's assume it is not possible to re-configure the DNS server to use a different load-balancing algorithm at all. If that's the case then I have 2 choices:

 

  1. Currently I have setup DC1 and DC2 in the way where all members of all pools have the same order. This will ensure that even if the client's server sends request to DC2, GTM will respond with IP address of the DC1. Business requirement is met, but this is not good solution in case of the primary VPN goes down.

     

  2. Monitor DC1 line and response with a DC2 IP (from DC2 GTM) if the primary line is down.

     

Does anyone have similar problem? Is it possible to control this by an iRule?

 

Regards Mariusz

 

application delivery
availability
BIG-IP DNS
devops
iRules

4 Replies

  • Mohamed_Lrhazi's avatar
    Mohamed_Lrhazi
    Icon for Altocumulus rankAltocumulus
    Sep 30, 2014

    Can you clarify what this means: has a zone forwarder for a domain hosted on my GTMs.

     

  • Mariusz_B's avatar
    Mariusz_B
    Icon for Nimbostratus rankNimbostratus
    Sep 30, 2014

    Hi Mohamed,

     

    I have a domain example.com hosted on my GTMs primary one with IP 1.1.1.1 and secondary with 2.2.2.2 Client has a local DNS which says something like:

     

    zone "example.com" { type forward; forward only; forwarders { 1.1.1.1; 2.2.2.2; };

     

    There is no way to say: forwarders {primary 1.1.1.1; secondary 2.2.2.2}

     

    • Mohamed_Lrhazi's avatar
      Mohamed_Lrhazi
      Icon for Altocumulus rankAltocumulus
      Sep 30, 2014
      OK. and the zones are hosted means they are in GTM's BIND/ZoneRunner, and in the profile applied to the listeren/VIP you are saying use local BIND? and then what you are thinking about is applying an irule to the VIP, to reject all requests for the zone, if the corresponding DC is unreachable? If this all correct, then what you are missing is just: how do I create a pool/monitor, than can monitor reachability to remote DC?
    • Mariusz_B's avatar
      Mariusz_B
      Icon for Nimbostratus rankNimbostratus
      Oct 03, 2014
      Hi Mohamed, This is more less what I am trying to achieve, here. I need to monitor reachability and answer queries based on that.