Forum Discussion
Rahul_Yadav
Cirrus
CirrusF5 GSLB - delegation
Hi,
This query more focused toward normal DNS functionality, scenario given below, want to understand how normal DNS and F5 DNS/GSLB work together:
- Let's we have delegated one domain on 2 F5-DNS host name as nameserver using CNAME from primary DNS server.
- Now assume one of Site or F5 DNS is not working.
Query: In the above scenario, does primary DNS send queries to both F5 DNS or to only one F5 DNS?
If it will send to both F5 DNS, then what will happen to 50% of the queries which went down F5 DNS.
> My concern is that, does primary DNS every time goes to both GSLB/DNS irrespective to their availability?
That is a decision made by the DNS resolver, whatever that is, as it seeks to resolve the name.
If your primary DNS server allows recursive queries, then it might make that decision itself, but that is generally not the case.,
Your primary DNS (pDNS) serves mydomain.com.
Your BigIP DNS servers serve gslb.mydomain.com.
A DNS resolver (tDNSr)) asks pDNS for app1.mydomain.com.
pDNS replies with a CNAME app1.gslb.mydomain.com.
tDNSr sends a query to pDNS for NS records for gslb.mydomain.com.
pDNS replies with with 2 NS records
pDNS also appends the DNS glue records giving the A records for
ns1.gslb.mydomain.com A 1.1.1.1
ns2.gslb.mydomain.com A 2.2.2.2
tDNSr then makes queries to ns1.gslb.mydomain.com, ns2.gslb.mydomain.com using the provided A records.
How tDNSr makes those queries is up to the DNS resolver - it may always try the first nameserver returned, it may try both and see which one responds first, or it may randomly choose one, and if the query times out, choose the other. This cannot be controlled by the DNS configuration - it is DNS resolver implementation dependent.
If your pDNS allows recursive requests, then some of the above steps are internal to pDNS and it is a bit faster. But whether it makes sub-domain resolution requests in parallel or in series (using a round robin approach) depends on the primary DNS server configuration, and not the BigIPs or the DNS configuration.
Simon_BlakelyEmployee
The same thing as with any delegated DNS name server that happens to be down if a query is sent to it - the request eventually times out, so the request is re-tried to another of the specified name servers for the domain.
Rahul_YadavThanks for responding,
My concern is that, does primary DNS every time goes to both GSLB/DNS irrespective to their availability?
And if the request is time out - then will it automatically reached another GSLB/DNS?
- Simon_Blakely
> My concern is that, does primary DNS every time goes to both GSLB/DNS irrespective to their availability?
That is a decision made by the DNS resolver, whatever that is, as it seeks to resolve the name.
If your primary DNS server allows recursive queries, then it might make that decision itself, but that is generally not the case.,
Your primary DNS (pDNS) serves mydomain.com.
Your BigIP DNS servers serve gslb.mydomain.com.
A DNS resolver (tDNSr)) asks pDNS for app1.mydomain.com.
pDNS replies with a CNAME app1.gslb.mydomain.com.
tDNSr sends a query to pDNS for NS records for gslb.mydomain.com.
pDNS replies with with 2 NS records
pDNS also appends the DNS glue records giving the A records for
ns1.gslb.mydomain.com A 1.1.1.1
ns2.gslb.mydomain.com A 2.2.2.2
tDNSr then makes queries to ns1.gslb.mydomain.com, ns2.gslb.mydomain.com using the provided A records.
How tDNSr makes those queries is up to the DNS resolver - it may always try the first nameserver returned, it may try both and see which one responds first, or it may randomly choose one, and if the query times out, choose the other. This cannot be controlled by the DNS configuration - it is DNS resolver implementation dependent.
If your pDNS allows recursive requests, then some of the above steps are internal to pDNS and it is a bit faster. But whether it makes sub-domain resolution requests in parallel or in series (using a round robin approach) depends on the primary DNS server configuration, and not the BigIPs or the DNS configuration.
DojsCirrostratus
Hi Rahul,
check here if this helps you
https://clouddocs.f5.com/training/community/dns/html/class1/class1.html