For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mabdrasol's avatar
mabdrasol
Icon for Nimbostratus rankNimbostratus
Jul 31, 2019

Listener is not responding to DNS queries from internet

Hello, we have F5 GTM with LTM at same box in HA. F5 nodes are behind a firewall. F5 nodes are using private addresses(self and listeners). listener ip is nated to public ip in the firewall. li...
application delivery
BIG-IP DNS
mabdrasol's avatar
mabdrasol
Icon for Nimbostratus rankNimbostratus
Aug 01, 2019

Hello Yoann

 

  • Have you verified that the DNS query send from Internet actually gets to your listener ?

yes

  • Maybe a quick tcpdump trace of internal vs external query would help ?

tcp dump give different output from lan and internet as internet give flag R

  • Have you implemented "Views" ?

no

  • Your NS records for the zone on the Internet are pointing to your listeners right ?

no , iam using dig to real ip of listener ip

 

Yoann_Le_Corvi1's avatar
Yoann_Le_Corvi1
Icon for Cumulonimbus rankCumulonimbus
Aug 02, 2019

Hi

 

Quite difficult to know what can go wrong here like this, but a few pointers :

  • You listener is enabled on Internal and Public VLANs (if your F5 is multi homed) ?
  • You are interrogating in using the same protocol (UDP or TCP) for both tests ? And by the way you have a listener UDP and TCP ?

 

Yoann