Forum Discussion

Amr_Ali's avatar
Aug 31, 2023

F5 GTM resolution issue

I have an issue with F5 GTM resolution, after using nslookup to check if I can resolve the name of the website, that I created as an A record using wildeIP on GTM, I see that I can receive the correct IP for my website but after i try to access the website through HTTPS it not opened,

 

 

  • Can you share how the zones are configured and how you have setup the WIPs and zone records.Are you delegating the TLD or is it just subzone. 

    can you draw the query architecure you have , so technically your TLD should hosted on your DNS externally as the registrar will send traffic on external provider and then the subzone should be aliased to the GTM. Once the subzone is deligated the WIP should be configured under the subzone on your GTM. Can you confirm that you are aligned with same design.
    Did you queried the same subzone record that is present in your GTM. For example if your URL is xyz.abc.com it might be aliased to xyz.abc.com.gtm.abc.com ---> as you have ns records 

    I do not see the packetcapture query response but i believe you have tried to create a zone replica of the external DNS which might not be sending the query correctly.

     

     

  • few things to conside : 

    1. is the endpoint which is resolved is an F5 LTM or a generic host ?

    2. what is the status of the endpoint when you try to access the application directly not via GTM ? 

    3. Note that GTM is just DNS and it has no relation with actual data traffic if the wideip is healthy it will return the IP address . you can check on the endpoint directly.

     

    • Amr_Ali's avatar
      Amr_Ali
      Icon for MVP rankMVP

      1. is the endpoint which is resolved is an F5 LTM or a generic host? LTM, F5 System

      2. what is the status of the endpoint when you try to access the application directly not via GTM ?  working , 

  • Hi Amr_Ali , 
    I am wondering how do you get the correct IP address for this website , and it shows in Pcap that an error as you should receive NX Domain , not the correct answer. 

    Do you enable BIND in the DNS profile ? 
    I mean make sure that bigip DNS system replies using wide ip configs

    try to clear Local DNS or your windows cache. 

  • if you configured F5 to be your authoritative server, make sure you configure the zone correctly including nameserver and soa records. You may then need to recreate your wide IPs

    F5 is defaulting to "this.name.is.invalid" as you can see in your capture. 

    • Amr_Ali's avatar
      Amr_Ali
      Icon for MVP rankMVP

      hello amine,

      I still have not changed the NS record on our Public DNS provider to be our GTM, I tried to test if the configuration was correct before I made this step by adding the listener of GTM manually on My PC and testing to resolve the URL. The query was sent to GTM and I got an answer with the correct IP but after I tried to reach the web over HTTPS it did not open,

      and for NS I ask if it must change the default value ( this.name.is.invalid ) ????!!!

  • Can you share how the zones are configured and how you have setup the WIPs and zone records.Are you delegating the TLD or is it just subzone. 

    can you draw the query architecure you have , so technically your TLD should hosted on your DNS externally as the registrar will send traffic on external provider and then the subzone should be aliased to the GTM. Once the subzone is deligated the WIP should be configured under the subzone on your GTM. Can you confirm that you are aligned with same design.
    Did you queried the same subzone record that is present in your GTM. For example if your URL is xyz.abc.com it might be aliased to xyz.abc.com.gtm.abc.com ---> as you have ns records 

    I do not see the packetcapture query response but i believe you have tried to create a zone replica of the external DNS which might not be sending the query correctly.

     

     

    • Amr_Ali's avatar
      Amr_Ali
      Icon for MVP rankMVP

      thanks, Vaibhav, The issue is solved, it was misconfiguration in wideIP , 

       

      appreciate your support