F5 DNS Wide IP and Express Questions

Question

Hi everyone,&nbsp;I'm looking for clarification on a couple of things related to the F5 DNS and Listener, and a monitoring question.&nbsp;Simple question, if I have an FQDN (Wide IP) configured, but disabled, how does the DNS Listener handle such queries? Would the F5 simply move on to DNS Express for an answer in such a situation where the matching Wide IP is disabled on the GTM/DNS?I'm curious as to how the F5 DNS handles queries which have matching zone records for the primary domain, but not the sub domain.  For example, if I have a zone recorded created only for dev.f5.com and a DNS query is sent to the F5 for labs.dev.f5.com, would the F5 find a match and respond from the dev.f5.com zone record?May I know what the best method is (which doesn't require configuration changes) to monitor and track queries and responses sent to and from the F5. For eg, if I send a DNS query to the F5 for name resolution and load balancing, I would like to know how the F5 DNS handled such a request in detail (how it determined the resolution at the DNS and Load Balancing levels)&nbsp;Thank you!

nag · Answer

Hi,&nbsp;1) Simple question, if I have an FQDN (Wide IP) configured, but disabled, how does the DNS Listener handle such queries? Would the F5 simply move on to DNS Express for an answer in such a situation where the matching Wide IP is disabled on the GTM/DNS?&nbsp;ANS: Yes, BigIP will simply move on to DNS Express. Refer to to "DNS request order of operation for BIG-IP systems" section of https://support.f5.com/csp/article/K14510&nbsp;2) I'm curious as to how the F5 DNS handles queries which have matching zone records for the primary domain, but not the sub domain. For example, if I have a zone recorded created only for&nbsp;dev.f5.com&nbsp;and a DNS query is sent to the F5 for&nbsp;labs.dev.f5.com, would the F5 find a match and respond from the&nbsp;dev.f5.com&nbsp;zone record?&nbsp;ANS: Request is handled as per "Unhandled Query Actions" setting.Following article explains quite well.&nbsp;K14510: Overview of DNS query processing on BIG-IP systemshttps://support.f5.com/csp/article/K14510&nbsp;3) May I know what the best method is (which doesn't require configuration changes) to monitor and track queries and responses sent to and from the F5. For eg, if I send a DNS query to the F5 for name resolution and load balancing, I would like to know how the F5 DNS handled such a request in detail (how it determined the resolution at the DNS and Load Balancing levels)&nbsp;ANS::  K25751652: How to configure Decision Logging for the F5 BIG-IP DNS/GTM to local log directoryhttps://support.f5.com/csp/article/K25751652&nbsp;K65762138: Configuring BIG-IP DNS to log dns queries and responseshttps://support.f5.com/csp/article/K65762138&nbsp;&nbsp;Hope this is helpful.&nbsp;Regards,Nag&nbsp;&nbsp;&nbsp;

simon_blakely · Answer

&gt;Simple question, if I have an FQDN (Wide IP) configured, but disabled, how does the DNS Listener handle such queries? Would the F5 simply move on to DNS Express for an answer in such a situation where the matching Wide IP is disabled on the GTM/DNS?&nbsp;This depends on the resolution options set in the DNS profile on the listener - this defines the resolution steps taken by the BigIP to resolve the name. If you have DNS Express enabled in the DNS profile, then yes - that will be the next resolution step.&nbsp;&gt; I'm curious as to how the F5 DNS handles queries which have matching zone records for the primary domain, but not the sub domain. For example, if I have a zone recorded created only for&nbsp;dev.f5.com&nbsp;and a DNS query is sent to the F5 for&nbsp;labs.dev.f5.com, would the F5 find a match and respond from the&nbsp;dev.f5.com&nbsp;zone record?&nbsp;Yes - that is basically how DNS glue records work. But responses from dev.f5.com&nbsp;for hosts in labs.dev.f5.com will not be authoritative. Remember - this is just descending to bind - so the behaviour is as per bind.&nbsp;&gt; May I know what the best method is (which doesn't require configuration changes) to monitor and track queries and responses sent to and from the F5. For eg, if I send a DNS query to the F5 for name resolution and load balancing, I would like to know how the F5 DNS handled such a request in detail (how it determined the resolution at the DNS and Load Balancing levels)&nbsp;K14615: Configuring the BIG-IP DNS system to log wide IP request informationK25751652:&nbsp;&nbsp;How to configure Decision Logging for the F5 BIG-IP DNS/GTM to local log directory &nbsp;&nbsp;&nbsp;

Forum Discussion

F5 DNS Wide IP and Express Questions

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

iRule based 'Natural Speech' Expression Language

Advanced iRules: Regular Expressions

DNS Express and Zone Transfers

BIG-IP Wide-IP to F5XC DNSLB converter

Understanding GTM Wide IP Operations

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS