For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

BPetronio_11363's avatar
BPetronio_11363
Icon for Nimbostratus rankNimbostratus
May 14, 2010

LC and Listener IP Address

Hello all,

 

 

My question is simple. I guess.

 

 

The listener IP Address should be an external (public) or internal (private) ip address, where the clients are on the internet, and the DNS Servers on the Private Address of a DMZ.

 

Should the DNS Delegation zone point to a private ip, or a public ip ?

 

 

When someone on the internet queries a zone that is delegated on the F5 listenet ip, should this ip be routable ? or it is only routable for the DNS which is delegating that zone ?

 

 

Best Regards,

 

Bruno Petrónio

 

config
design

2 Replies

  • BPetronio_11363's avatar
    BPetronio_11363
    Icon for Nimbostratus rankNimbostratus
    May 14, 2010
    well,

     

     

    For the people who get my doubt too, i delegated the (sub)zones to the floating ip address of each isp vlan, and create a listener with that ip.

     

     

    The LDNS queries a name on ip, and if it is private, it never will resolve.

     

     

    Best Regards,

     

    Petrónio
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    May 24, 2010
    BPetronio,

     

     

    If you've configured external DNS queries to be delegated to the listener IP, it needs to be the public/routable address.

     

     

    This will be your traffic flow:

     

     

    1. User queries your DNS record

     

    2. DNS record hits LC

     

    3. LC responds to query with an available IP

     

    4. User sends request to that IP

     

     

    Since the user must send its traffic to your public/routable address, you must return a public address.

     

     

    I'm confused about your DMZ private DNS servers...What are those used for?