Forum Discussion

Javier_124486's avatar
Javier_124486
Icon for Nimbostratus rankNimbostratus
Jan 10, 2016

GTM as local DNS virtual lab doubts

Hello,   I am trying to build my own DNS lab with GTM 11.5 as a local DNS, and also be able to answer DNS queries that match two wideIPs. First of all, i am not experienced with DNS so my knowledg...
application delivery
BIG-IP DNS
Javier_124486's avatar
Javier_124486
Icon for Nimbostratus rankNimbostratus
Jan 10, 2016

Hi,I will reply to my self :). I know that this was a rookie question, but as is said, i am not quite familiar with DNS. So if anyone comes with a better idea I will appreciate it!

 

  • After a couple of tries i come to the conclusion that if i want to delegate on my GTM local DNS queries that do not match any wideIP or other local record (zone delegation is discarded ), i just need to create the Listener, assign a pool of external DNS (like google's ones) and check Source NAT option. In my case, due to the fact that is a non-public environment i have to work with automap (SNAT pool will obviously work too). And that is it, for Local DNS resolution, the GTM will connect with another DNS server within the previous pool in order to retrieve the appropriate response. If i want to speed up things a little bit more i can enable cache.

     

  • Regarding the DNS resolution of one (or many) local domain and objects it is quite simple. I only need to create the Listener (the one that will receive and accept DNS queries), create one wideip with the object we want to resolve and assign to it one pool that contains the ip address for the resolution. In my case i did not want to complicate things so i just use the fallback ip as record (Select as preferred Fallback and the rest as none)

     

  • And voila, it works!.

     

  • I know this is not the appropriate way, that i should work with the zonerunner, but right now i am not experienced with BIND neither comfortable, but if anyone wants to improve this solution i will be most grateful.

     

  • This behavior happens because GTM, as LTM with virtual servers, has some sort of precedence or hierarchy of which GTM objects should be resolved first. As soon as one Listener receive traffic:

     

  • The name match one wideIP?, if so it will DNS reply with the wideIP record if no just continue

     

  • The name is in a express zone? (like some specific domain that the GTM do not know how to resolve but do know which DNS server can solve it and it will delegate the resolution to that DNS server)
  • The DNS query match a CACHE record? If so it will be resolve with the CACHE record
  • If any of the above case works the listener should be configured with one DNS resolution pool than will handle the rest of the queries.