For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Danh_Nguyen_Mai's avatar
Danh_Nguyen_Mai
Icon for Nimbostratus rankNimbostratus
Jan 13, 2019

F5 DNS handles all DNS Request from internal to Google DNS

Hello everyone, Hope you have a nice day.

  • Currently i have F5 LTM facing to internet:

    Server ----- Firewall ----- F5 LTM --WAN /30----ISP-- Internet

    F5 will perform SNAT traffic internet from Server to Internet

  • I planed to change to new F5 device Server ------ Firewall ----- F5 LTM & DNS (1 physical device) --WAN /30----ISP-- Internet i configured wide IP, Zonerunner and ( i don't configured Listener)

  • when i've done the change to use new F5. All DNS Qeury from Server to 8.8.8.8 is fail Server -> Send Qeury DNS to Googole 8.8.8.8 -------- Firewall (Allow) ------- F5 perform SNAT to internet ---- internet

The strange thing happen with NAT Table on F5

   Tradition IP ------------------------------------------------- NAT IP

Src IP: ServerIP -- DesIP: 8.8.8.8:53 SrcIP:PublicIP (IP on F5) DestIP: PublicIP (IP on F5)

I dont know why F5 perform DNAT.

Thanks & Best Regards.

application delivery
BIG-IP DNS

1 Reply

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Jan 13, 2019

    Did you change virtual servers?

     

    How did you created dns listeners? Standard configuration is Dns listener is external floating ip