GTM as local DNS virtual lab doubts

Question

Hello,&nbsp;
I am trying to build my own DNS lab with GTM 11.5 as a local DNS, and also be able to answer DNS queries that match two wideIPs. First of all, i am not experienced with DNS so my knowledge about it is not good, which might means that this question could been replied in another place, in that case my apologizes, but i have tried to look for the answer on askf5 and devcentral and so far i only understood zone transfer with another already established DNS server, which is not the case (imaging a company that wants to start their new domain DNS resolution with GTM)&nbsp;
Right now i have one GTM 11.5 with google DNS as primary DNS and BIND forwarding Server list as well. Also, i have created two wideIPs (test1.local &amp; test2.local) because i want the GTM to answer directly with the following Ip Address, 192.168.3.3 and 192.168.4.4 (the ip address is not important, is just a record).So far i have been only able to configure both wideIPs to answer DNS queries and to reply with those IP address, but only if I configure assign pools that contains the testing ip address as fallbackIP and define the LB to "Fallback IP". This works but increase the response time by two seconds.
&nbsp;

I have been working with GTM as GSLB and i do understand how VS can be load balanced, but now i do not understand how to force the device to reply to an specific ip address without "smart resolution"
Also i have tried to configure the GTM as local dns for internal servers and so far no luck.&nbsp;

I have created one listener and associate to it one DNS profile with Unhandled Query Actions and Use BIND Server on BIG-IP enabled.&nbsp;

My thoughs was that once the device get one DNS query from one listener if the query does not match any WideIP and it would DNS query the DNS server configured as Bind Forwarder Server List, but so far no luck, the server just reject queries that does not hit wideIPs without even try to solve them.
Can anyone help with this?
Thanks!&nbsp;

javier_124486 · Answer

Hi,I will reply to my self :). I know that this was a rookie question, but as is said, i am not quite familiar with DNS. So if anyone comes with a better idea I will appreciate it!&nbsp;

After a couple of tries i come to the conclusion that if i want to delegate on my GTM local DNS queries that do not match any wideIP or other local record (zone delegation is discarded ), i just need to create the Listener, assign a pool of external DNS (like google's ones) and check Source NAT option. In my case, due to the fact that is a non-public environment i have to work with automap (SNAT pool will obviously work too). And that is it, for Local DNS resolution, the GTM will connect with another DNS server within the previous pool in order to retrieve the appropriate response. If i want to speed up things a little bit more i can enable cache.

Regarding the DNS resolution of one (or many) local domain and objects it is quite simple. I only need to create the Listener (the one that will receive and accept DNS queries), create one wideip with the object we want to resolve and assign to it one pool that contains the ip address for the resolution. In my case i did not want to complicate things so i just use the fallback ip as record (Select as preferred Fallback and the rest as none)
&nbsp;

And voila, it works!.&nbsp;

I know this is not the appropriate way, that i should work with the zonerunner, but right now i am not experienced with BIND neither comfortable, but if anyone wants to improve this solution i will be most grateful.

This behavior happens because GTM, as LTM with virtual servers, has some sort of precedence or hierarchy of which GTM objects should be resolved first.
As soon as one Listener receive traffic:&nbsp;

The name match one wideIP?, if so it will DNS reply with the wideIP record if no just continue&nbsp;
The name is in a express zone? (like some specific domain that the GTM do not know how to resolve but do know which DNS server can solve it and it will delegate the resolution to that DNS server)The DNS query match a CACHE record? If so it will be resolve with the CACHE recordIf any of the above case works the listener should be configured with one DNS resolution pool than will handle the rest of the queries.

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

GTM as local DNS virtual lab doubts

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Deleting an AS3 Tenant

Request for Bug Tracker/Known Issues – BIG-IP Version 17.5.1.2

AST Configuration Assistance

Adding logging to APM per-request policy without SWG license

Single LTM with multiple GTM domains

Related Content

iControl REST Cookbook - Virtual Server (ltm virtual)

Living on the AWS Edge - Local Zones

Regional Edge Resiliency Zones and Virtual Sites

Verifying Local Traffic Policy and iRule Precedence

F5 Distributed Cloud for Global Layer 3 Virtual Network Implementation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS