Enable External DNS Resolution on BIG-IP DNS

Question

I have set up DNS Express on a BIGIP DNS, zone transfers and internal DNS resolution using the BIGIP works as expected. I also need to provide DNS resolution for external urls using the BIGIP, so I have set up a DNS resolver cache, with root hints added. I can only use certain external DNS servers (eg 1.1.1.1 / 8.8.8.8) which are allowed through firewalls and this works fine most of the time. What I have seen is that if these fail to resolve an external url they can respond with other root DNS servers, which the BIGIP then attempts to query to resolve the url. Issue is that these are not on the list of allowed IPs on the firewall so the resolution fails.

Is this a way to provide external resolution or is there a better solution?

samir · Answer

You need to allow rule in firewall port 53 tcp n UDP. There is no other way...​Thanks​

jjm1971 · Answer

Hi Samir, it's not a firewall issue. The correct firewall rules are in place however they only allow access to a restricted list of external DNS servers. The question I have posted is around whether I have implemented the correct solution on the BIGIP DNS to provide external DNS resolution.

John

Forum Discussion

Enable External DNS Resolution on BIG-IP DNS

Recent Discussions

How to Renew F5 Device Certificate

How to export a list of paired external service providers from APM?

BIG-IP Edge Endpoint Inspection Failure pre-VPN

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Related Content

DNS over HTTPS Resolution

F5 GTM resolution issue

DNS Resolution with the RESOLVER::name_lookup Command

CSV to Address External Datagroup File

enable WebSocket profile.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS