DNS resolver for explicit proxy

And this is pure LTM deployment, no APM or GTM is provisioned on that LB box

In System, this is the host (Linux) DNS. For the TMOS and your LTM explicit VIP, you have to create a Resolver object. It can be as "default".

Go to Network > DNS Resolver

Thanks, but I'm still not able to make it running. Unfortunately there is no proper documentation for this, or I cannot find it.

I got DNS resolver like this:

net dns-resolver forward_proxy_dns_resolver {
    forward-zones {
        . {
            nameservers {
                10.10.10.10:domain
            }
        }
    }
    partition DMZ
    route-domain RD1
    use-tcp no
}

Where 10.10.10.10 is UDP virtual server forwarding DNS queries to DNS severs. This VS works fine, tested. Anyway DNS resolver itself does not seem to work - I get either page can't be displayed, or NS lookup failed.

Is dns resolver fully supporting routing domains in 11.5.4?

Hi,

I found this information internally, let me know if it fits your request :

• HTTP explicit proxy Virtual Server is configured with DNS Resolver (in HTTP profile) with same destination ip address as another (DNS) Virtual Server created to process DNS requests and forward them to the DNS server (pool member) on the same BigIP system, DNS Virtual Server needs to have Source address translation enabled to avoid using loopback address when initializing connection towards the DNS server (pool member). When Source Address translation is disabled, when receiving traffic initialized from loopback address, DNS server is not able to respond.

When you set the proxy mode to Explicit, you must also configure the settings in the Explicit Proxy area of the HTTP profile.

Else, if does not work, please open a support case in order to check if RD is supported.

This is exactly as I have it configured (explicit http profile uses dns resolver which forwards all dns requests to DNS VIP). I am not sure what I can be missing here, going to create a ticket to support. Thanks

And NAT enabled ??

yep nat enabled :)

Hi Zdenda,

Did you make it work? We are about to configure the same here and just doing some research on the topic.

Thanks, B

In 11.5 you can create the DNS resolver under network -> DNS resolver. This resolver can be used in the explicit HTTP profile.

Cheers,

Kees

Hi, I wanted to use DNS resolver for explicit proxy HTTP profile, but I did not make it working. Maybe because of partitions/routing domains, I dont care.. it is also not well documented.

 

So I used known forward proxy iRule which is great. I just hit some bug on one of our VIP (too many iRules there), so I removed parts related to

SERVER_CLOSED

CLIENT_CLOSED