Forum Discussion
jesusangel
Altostratus
AltostratusDNS: reply from unexpected source
Hi, Firstly, I must say that I am a complete newbie when it comes to BIG-IP products. On the other hand, the load balancer was configured by experts, so I am pretty confident that they made a reason...
jesusangelAltostratus
AltostratusDear Kevin,
I do appreciate your answer. However, I would prefer not to enable SNAT on the BIG-IP to the DNS servers as I need to log in the DNS servers the client's IP. Should I enable SNAT con the BIG-IP (to the DNS servers), then all DNS queries comming from the BIG-IP system would have the BIG-IP server side self-IP (3.3.3.3).
Moreover, the thing is that when a client goes directly to the DNS server, the vast majority of the responses arrive to the client with the DNS server IP (3.3.3.4). There are just a handful of them that arrive with the BIG-IP VIP (2.2.2.2). That is what I can not wrap my head around to. I thought that BIG-IP somehow tracks queries that come throught it and does SNAT to the client when it is appropiate.
Regards,
Jesús Ángel.
Kevin_Stewart
Employee
EmployeeSo to be clear, some clients will get DNS by making a request to a BIG-IP VIP (2.2.2.2), and other clients will go directly to the DNS server (3.3.3.4), by going around the BIG-IP? And as the DNS server uses a BIG-IP self-IP as its gateway, you would expect all return traffic to return through the BIG-IP?
Is there more than one DNS server, and is there any chance that one of those servers has a static route applied for some client IP subnet that doesn't pass back through the BIG-IP?
- jesusangel
So to be clear, some clients will get DNS by making a request to a BIG-IP VIP (2.2.2.2), and other clients will go directly to the DNS server (3.3.3.4), by going around the BIG-IP? And as the DNS server uses a BIG-IP self-IP as its gateway, you would expect all return traffic to return through the BIG-IP?
Exactly!
Is there more than one DNS server, and is there any chance that one of those servers has a static route applied for some client IP subnet that doesn't pass back through the BIG-IP?
I think there are not static routes, but I am not 100% sure about it. I will double check it and I will get back yo you.
- jesusangel
So to be clear, some clients will get DNS by making a request to a BIG-IP VIP (2.2.2.2), and other clients will go directly to the DNS server (3.3.3.4), by going around the BIG-IP? And as the DNS server uses a BIG-IP self-IP as its gateway, you would expect all return traffic to return through the BIG-IP?
Exactly!
Is there more than one DNS server, and is there any chance that one of those servers has a static route applied for some client IP subnet that doesn't pass back through the BIG-IP?
There are two DNS servers, lets say that they are 3.3.3.4 and 3.3.3.5. Both of them just have as their default gateway the BIG-IP (3.3.3.3). There are not any static routes.
- jesusangel
- jesusangel
Sorry, I forgot to mention that there are two DNS servers (3.3.3.4 and 3.3.3.5).