Forum Discussion
NimbostratusNew to DNS
Good morning everyone... I'm new to the F5 world and have been working with the appliances and technology for just a few months now. So far, I must say it's fantastic. I think I have a decent grasp of how Big-IP GTM/DNS works and is configured with the exception of one thing that I wonder if someone can help break down.
I'm currently in the process of configuring two Pulse Secure SSL/VPN appliances and would like to load balance them via an F5. I know that can be done via LTM, but that technology (and the F5 units we own) is lacking some security policies we must meet. So, GTM is the choice as it will let actual traffic pass solely through the Pulse Secure devices.
Where I'm having a bit of trouble understanding is how clients wishing to navigate to the Pulse Secure access pages will get DNS responses from F5 when their currently configured for our internal DNS options. The short answer (one I've tested just to see F5 spitting out alternating IP responses) is to set clients to use F5 for DNS. But, (obviously) since F5 doesn't have all of our records, basically everything else fails to resolve.
I'm assuming the beauty of all this working is that clients are left with the local DNS servers set and that when querying for servers that are set up in F5's DNS, their queries are forwarded on to the F5 which responds in place of the local DNS response? Is this where the Zone Transfer comes into play? Or am I completely whiffing on this? I've tried to set up the Zone Transfer piece, but only got failures.
Thanks in advance for any explanation.
gsharriAltostratus
You want to setup delegations on your existing DNS servers. See:
Delegating a subdomain to a BIG-IP DNS or BIG-IP Link Controller system from another DNS server
Client queries will continue to handled by the current DNS but if the query is for a bigip hosted name then bigip will answer. There are also several threads on DevCentral discussing delegation options.