Forum Discussion
madhava
Altocumulus
AltocumulusHTTP error 503, DNS lookup failed
Hi I have BIG-IP APM setup configured with Oauth2.0, get following error. 01490290:3: /Common/exampleAP:Common:b6e14800:/Common/exampleAP_act_oauth_client_ag: OAuth Client: failed for server '/Comm...
I was able to fix the issue by creating a new Dns Rsolver and Name server. Thanks AubreyKingF5 "front-side APM interface has a route to that IP" gave some clue for the direction.
Thanks
Madhava
AubreyKingF5
Moderator
ModeratorControl plane traffic, like bash or tmsh, will use the management interface, yes. Is the management DNS not set to recurse? If it CAN recurse, then it can get an IP for the name and, as long as the front-side APM interface has a route to that IP, you should be good.
Some DNS admins shut off or restrict recursion because recursive DNS is VERY easy to overwhelm, externally via NXDOMAIN attacks, and can really easily shut down internal DNS resources. I've known lots of internal DNS admins who have an allowlist of domains to trust for recursion - like OKTA makes total sense - but they need to populate that allowlist, usually by some IT request or such.
Also, I'm assuming you did this already: https://my.f5.com/manage/s/article/K13205
madhavaThanks AubreyKingF5 Yes I already did https://my.f5.com/manage/s/article/K13205 .
Actually I am trying to network capture on 53, but I am not seeing any DNS queries coming out of BIG-IP except on mgmt interface (OAuth token validation does not go through mgmt as confirmed by you earlier), what could be wrong? I am new to the product and administartion , any help would be appreciated. Yes management DNS is enabled for recurse.
Thanks
Madhava