Forum Discussion

RoutingLoop_179's avatar
RoutingLoop_179
Icon for Cirrus rankCirrus
Jul 22, 2016

How does Network >> DNS resolver work?

Hi i've been trying to configure SOCKS proxy profile, which uses network DNS resolver (not DNS resolver configured under DNS module settings). I would like the SOCKs proxy to be able to resolve fqdn'...
application delivery
LTM
TMOS
RoutingLoop_179's avatar
RoutingLoop_179
Icon for Cirrus rankCirrus
Jul 26, 2016

Thanks guys - using . was what i was looking for.

 

But i'm still interested in how it works, for example if you don't forward zones how does DNSresolver resolve the names if it's not in the cache (or how does it build it's cache in the first place). Is it supposed to use the local bind installation on F5? because that didn't seem to work (although i had to set it to forward requests to our DNS servers, the F5 device doesn't have internet connectivity for DNS so can't do lookups itself).

 

@ boneyard - also thanks - i'd been talking to our FSE but didn't think it was worth a support case just yet.

 

my setup for socks (note i've added forward zone . as Pete suggested):

 

net dns-resolver DNSrevolver { forward-zones { . { nameservers { 192.168.1.50:domain { } } } } route-domain 0 use-ipv6 no use-tcp no }

 

ltm profile socks my-socks { app-service none default-connect-handling allow defaults-from socks dns-resolver DNSrevolver protocol-versions { socks4 socks4a socks5 } route-domain 0 tunnel-name socks-tunnel }

 

ltm virtual my-sock-proxy { description "SOCKS forward proxy" destination 10.0.0.1:socks ip-protocol tcp mask 255.255.255.255 pool ext-router profiles { my-socks { } tcp { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled vlans { vlan-int } vlans-enabled vs-index 3 }

 

ltm pool ext-router { description "external router nexthop" members { ext-router:any { address 192.168.1.1 session monitor-enabled state up } } monitor gateway_icmp }

 

network is simple.

 

windows-client --> router-internal -->int F5 ext --> router-external --> ssh-server

 

F5 [internal interface]--> DNS or F5 [mgmt interface] --> DNS

 

to test SOCKs i used putty client and set SOCKs server as the VS VIP 10.0.0.1:1080. told Putty to resolve DNS on proxy end. the ssh-server has a DNS entry of ssh-server.ourdomain.net. Use that real hostname in putty. It's proxied via F5 and forwarded to ssh-server - F5 should do the resolution of ssh-server.ourdomain.net. The same principle with browser traffic (i just happened to use putty).

 

Thanks both again.

 

Kind regards Adrian