Hi all, i am trying to setup a virtual Server to load balance 3 Windows DNS (DC) server. I followed the documentation dns-load-balancing-dg.pdf, ran the template Generic DNS and from the BigIP side, all seems ok. But when i try to resolve any address with nslookup i get the error DNS Request Timed out Timout was 2 seconds Server: Unknown Address : x.x.x.x (my virtual Server IP) Our goal is to setup a Virtual Server to load balance 3 DNS servers and configure all of our servers to point to that Virtual IP in the preferred DNS Server, so in the event we loose our current preferred DNS, the others will take over. BigIp Version is 10.2.3 (build 112.0) Thanks, Pierre.

can you post the virtual server and pool configuration? b virtual (name) list b pool (name) list by the way, you are aware of this, aren't you? sol6143: UDP health monitor operation http://support.f5.com/kb/en-us/solutions/public/6000/100/sol6143.html there is nslookup and dig external monitor in the advanced design & config page. External Monitor https://devcentral.f5.com/wiki/advdesignconfig.ExternalMonitor.ashx

b virtual Fasken_DNS_tcp_virtual_server list virtual Fasken_DNS_tcp_virtual_server { snat automap pool Fasken_DNS_pool destination 172.20.239.146:domain ip protocol tcp profiles Fasken_DNS_lan-optimized_tcp_profile {} } b virtual Fasken_DNS_udp_virtual_server VIRTUAL ADDRESS 172.20.239.146 UNIT 1 | ARP enable | (cur, max, limit, tot) = (0, 2, 0, 908) | (pkts,bits) in = (908, 478128), out = (0, 0) +-> VIRTUAL Fasken_DNS_udp_virtual_server SERVICE domain | PVA acceleration none | (cur, max, limit, tot) = (0, 2, 0, 908) | (pkts,bits) in = (908, 478128), out = (0, 0) | requests (total) = 0 +-> POOL Fasken_DNS_pool LB METHOD member least conn MIN/CUR ACTIVE MEMBERS 0/1 | (cur, max, limit, tot) = (0, 4, 0, 908) | (pkts,bits) in = (908, 478128), out = (0, 0) +-> POOL MEMBER Fasken_DNS_pool/172.20.31.16:domain active,up | | addr session disabled priority 1 ratio 1 | | (cur, max, limit, tot) = (0, 2, 0, 69) | | (pkts,bits) in = (69, 36528), out = (0, 0) | | requests (total) = 0 +-> POOL MEMBER Fasken_DNS_pool/172.20.31.21:domain inactive,down | | addr session disabled priority 1 ratio 1 | | (cur, max, limit, tot) = (0, 0, 0, 0) | | (pkts,bits) in = (0, 0), out = (0, 0) | | requests (total) = 0 +-> POOL MEMBER Fasken_DNS_pool/172.20.31.22:domain active,up | session enabled priority 1 ratio 1 | (cur, max, limit, tot) = (0, 2, 0, 839) | (pkts,bits) in = (839, 441600), out = (0, 0) | requests (total) = 0 b pool Fasken_DNS_pool list pool Fasken_DNS_pool { lb method member least conn monitor all Fasken_DNS_monitor members { 172.20.31.16:domain { priority 1 } 172.20.31.21:domain { priority 1 } 172.20.31.22:domain { priority 1 } } }

is 172.20.31.0/24 connected subnet? if not, have you configured route for it?

from my bigip i can ping that subnet. from my bigip, the nodes configured are green, which means i can reach it... right ? from my client i can ping the VIP i created.

from my bigip i can ping that subnet. from my bigip, the nodes configured are green, which means i can reach it... right ? from my client i can ping the VIP i created. in that case, can you try tcpdump? tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap '(host 172.20.239.146 or host 172.20.31.16 or host 172.20.31.21 or host 172.20.31.22 and port 53)' or icmp -v

Setting Virtual Server to Load balance Windows DNS Server.

36 Replies

nitass
Employee
Aug 20, 2014
can you post the virtual server and pool configuration?

b virtual (name) list b pool (name) list

by the way, you are aware of this, aren't you?

sol6143: UDP health monitor operation
http://support.f5.com/kb/en-us/solutions/public/6000/100/sol6143.html
there is nslookup and dig external monitor in the advanced design & config page.

External Monitor
https://devcentral.f5.com/wiki/advdesignconfig.ExternalMonitor.ashx
Danielle_Daigle
Nimbostratus
Aug 20, 2014
b virtual Fasken_DNS_tcp_virtual_server list virtual Fasken_DNS_tcp_virtual_server { snat automap pool Fasken_DNS_pool destination 172.20.239.146:domain ip protocol tcp profiles Fasken_DNS_lan-optimized_tcp_profile {} }

b virtual Fasken_DNS_udp_virtual_server VIRTUAL ADDRESS 172.20.239.146 UNIT 1 | ARP enable | (cur, max, limit, tot) = (0, 2, 0, 908) | (pkts,bits) in = (908, 478128), out = (0, 0) +-> VIRTUAL Fasken_DNS_udp_virtual_server SERVICE domain | PVA acceleration none | (cur, max, limit, tot) = (0, 2, 0, 908) | (pkts,bits) in = (908, 478128), out = (0, 0) | requests (total) = 0 +-> POOL Fasken_DNS_pool LB METHOD member least conn MIN/CUR ACTIVE MEMBERS 0/1 | (cur, max, limit, tot) = (0, 4, 0, 908) | (pkts,bits) in = (908, 478128), out = (0, 0) +-> POOL MEMBER Fasken_DNS_pool/172.20.31.16:domain active,up | | addr session disabled priority 1 ratio 1 | | (cur, max, limit, tot) = (0, 2, 0, 69) | | (pkts,bits) in = (69, 36528), out = (0, 0) | | requests (total) = 0 +-> POOL MEMBER Fasken_DNS_pool/172.20.31.21:domain inactive,down | | addr session disabled priority 1 ratio 1 | | (cur, max, limit, tot) = (0, 0, 0, 0) | | (pkts,bits) in = (0, 0), out = (0, 0) | | requests (total) = 0 +-> POOL MEMBER Fasken_DNS_pool/172.20.31.22:domain active,up | session enabled priority 1 ratio 1 | (cur, max, limit, tot) = (0, 2, 0, 839) | (pkts,bits) in = (839, 441600), out = (0, 0) | requests (total) = 0

b pool Fasken_DNS_pool list pool Fasken_DNS_pool { lb method member least conn monitor all Fasken_DNS_monitor members { 172.20.31.16:domain { priority 1 } 172.20.31.21:domain { priority 1 } 172.20.31.22:domain { priority 1 } } }
nitass
Employee
Aug 20, 2014
is 172.20.31.0/24 connected subnet?

if not, have you configured route for it?
Danielle_Daigle
Nimbostratus
Aug 20, 2014
from my bigip i can ping that subnet. from my bigip, the nodes configured are green, which means i can reach it... right ? from my client i can ping the VIP i created.
nitass
Employee
Aug 21, 2014
from my bigip i can ping that subnet. from my bigip, the nodes configured are green, which means i can reach it... right ? from my client i can ping the VIP i created.

in that case, can you try tcpdump?

tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap '(host 172.20.239.146 or host 172.20.31.16 or host 172.20.31.21 or host 172.20.31.22 and port 53)' or icmp -v
Danielle_Daigle
Nimbostratus
Aug 21, 2014
ok.. what should i be looking for once done ?
nitass
Employee
Aug 21, 2014
what should i be looking for once done ?

on each transaction, you should see 2 queries (one is from client to bigip and the other one is from bigip to server) and 2 answers (one is from server to bigip and the other one is from bigip to client).
Danielle_Daigle
Nimbostratus
Aug 21, 2014

This is a bit out my knowledge scope, what should i look for from here ?

Thanks.
- nitass
  Employee
  Aug 22, 2014
  you run tcpdump when doing nslookup, didn't you? if there is no dns packet, you may have to check if traffic reaches bigip (e.g. route).
Danielle_Daigle
Nimbostratus
Aug 22, 2014
must i run nslookup from the bigip also or from a machine with the VIp configured as preferred DNS ?
- nitass
  Employee
  Aug 22, 2014
  from a machine with the VIP configured as preferred DNS
Danielle_Daigle
Nimbostratus
Aug 22, 2014
Is that what we are looking for ? 172.20.112.251 (my wks) 172.20.239.146 (VIP) 172.20.31.22 (DNS Server)