Hi all, i am trying to setup a virtual Server to load balance 3 Windows DNS (DC) server. I followed the documentation dns-load-balancing-dg.pdf, ran the template Generic DNS and from the BigIP side, all seems ok. But when i try to resolve any address with nslookup i get the error DNS Request Timed out Timout was 2 seconds Server: Unknown Address : x.x.x.x (my virtual Server IP) Our goal is to setup a Virtual Server to load balance 3 DNS servers and configure all of our servers to point to that Virtual IP in the preferred DNS Server, so in the event we loose our current preferred DNS, the others will take over. BigIp Version is 10.2.3 (build 112.0) Thanks, Pierre.

can you post the virtual server and pool configuration? b virtual (name) list b pool (name) list by the way, you are aware of this, aren't you? sol6143: UDP health monitor operation http://support.f5.com/kb/en-us/solutions/public/6000/100/sol6143.html there is nslookup and dig external monitor in the advanced design & config page. External Monitor https://devcentral.f5.com/wiki/advdesignconfig.ExternalMonitor.ashx

b virtual Fasken_DNS_tcp_virtual_server list virtual Fasken_DNS_tcp_virtual_server { snat automap pool Fasken_DNS_pool destination 172.20.239.146:domain ip protocol tcp profiles Fasken_DNS_lan-optimized_tcp_profile {} } b virtual Fasken_DNS_udp_virtual_server VIRTUAL ADDRESS 172.20.239.146 UNIT 1 | ARP enable | (cur, max, limit, tot) = (0, 2, 0, 908) | (pkts,bits) in = (908, 478128), out = (0, 0) +-> VIRTUAL Fasken_DNS_udp_virtual_server SERVICE domain | PVA acceleration none | (cur, max, limit, tot) = (0, 2, 0, 908) | (pkts,bits) in = (908, 478128), out = (0, 0) | requests (total) = 0 +-> POOL Fasken_DNS_pool LB METHOD member least conn MIN/CUR ACTIVE MEMBERS 0/1 | (cur, max, limit, tot) = (0, 4, 0, 908) | (pkts,bits) in = (908, 478128), out = (0, 0) +-> POOL MEMBER Fasken_DNS_pool/172.20.31.16:domain active,up | | addr session disabled priority 1 ratio 1 | | (cur, max, limit, tot) = (0, 2, 0, 69) | | (pkts,bits) in = (69, 36528), out = (0, 0) | | requests (total) = 0 +-> POOL MEMBER Fasken_DNS_pool/172.20.31.21:domain inactive,down | | addr session disabled priority 1 ratio 1 | | (cur, max, limit, tot) = (0, 0, 0, 0) | | (pkts,bits) in = (0, 0), out = (0, 0) | | requests (total) = 0 +-> POOL MEMBER Fasken_DNS_pool/172.20.31.22:domain active,up | session enabled priority 1 ratio 1 | (cur, max, limit, tot) = (0, 2, 0, 839) | (pkts,bits) in = (839, 441600), out = (0, 0) | requests (total) = 0 b pool Fasken_DNS_pool list pool Fasken_DNS_pool { lb method member least conn monitor all Fasken_DNS_monitor members { 172.20.31.16:domain { priority 1 } 172.20.31.21:domain { priority 1 } 172.20.31.22:domain { priority 1 } } }

is 172.20.31.0/24 connected subnet? if not, have you configured route for it?

from my bigip i can ping that subnet. from my bigip, the nodes configured are green, which means i can reach it... right ? from my client i can ping the VIP i created.

from my bigip i can ping that subnet. from my bigip, the nodes configured are green, which means i can reach it... right ? from my client i can ping the VIP i created. in that case, can you try tcpdump? tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap '(host 172.20.239.146 or host 172.20.31.16 or host 172.20.31.21 or host 172.20.31.22 and port 53)' or icmp -v

Setting Virtual Server to Load balance Windows DNS Server.

36 Replies

nitass
Employee
Aug 23, 2014
Is that what we are looking for ?

yes.

so, does bigip not send response to client? is there any icmp unreachable or something like that in the tcpdump file?
Danielle_Daigle
Nimbostratus
Aug 26, 2014
Sorry for delay, i was out of office.
nitass
Employee
Aug 26, 2014
can you post the udp virtual server and its profile configuration (last time you did not list the udp virtual server)?

b virtual Fasken_DNS_udp_virtual_server list b profile (name) list

and can you also check if egress (from bigip to server) and ingress (from server to bigip) vlan match (same vlan)?
Danielle_Daigle
Nimbostratus
Aug 26, 2014
UDP Virtual Server virtual Fasken_DNS_udp_virtual_server { srcport preserve strict snat automap pool Fasken_DNS_pool destination 172.20.239.146:domain ip protocol udp profiles Fasken_DNS_FastL4 {} }

Profile profile fastL4 Fasken_DNS_FastL4 { defaults from fastL4 reset on timeout enable reassemble fragments disable idle timeout immediate tcp handshake timeout 5 tcp close timeout 5 mss override 0 tcp timestamp preserve tcp wscale preserve tcp generate isn disable tcp strip sack disable ip tos to client pass ip tos to server pass link qos to client pass link qos to server pass rtt from client disable rtt from server disable loose initiation disable loose close disable software syncookie disable tcp keep alive interval 0 }

As for the egress and ingress between Server and bigip, how or where do i check this ?
nitass
Employee
Aug 26, 2014
idle timeout immediate

i understand this setting will cause no entry in connection table. so, response has no entry to match. can you try default udp profile (e.g. udp, udp_gtm_dns)?

srcport preserve strict

do you need this?

As for the egress and ingress between Server and bigip, how or where do i check this ?

vlan id
Danielle_Daigle
Nimbostratus
Aug 26, 2014
The Idle timeout immediate and srcport preserve strict were selected as per documentation (DNS Traffic Management using the BIG-IP Local Traffic Manager) but i can remove it and try. For the Vlan ID, the bigip and the server are on different vlan's.

New values should be ? srcport (Preserve or change) idle timeout (specify + values or indefinite)
nitass
Employee
Aug 27, 2014
For the Vlan ID, the bigip and the server are on different vlan's.

if egress (to server) and ingress (from server) vlan on bigip are same, that is okay. i mean if traffic is received on the same vlan it was sent out, it is okay (not asymmetric routing).

New values should be ? srcport (Preserve or change) idle timeout (specify + values or indefinite)

can you try source-port preserve and default udp or udp_gtm_dns profile?
Danielle_Daigle
Nimbostratus
Aug 27, 2014
OK... i need help here.... after doing those changes, it started to work. So i remove 1 setting at a time to pinpoint which one was causing the problem, now i am back to 0 and it still work !!!!
nitass
Employee
Aug 27, 2014
So i remove 1 setting at a time to pinpoint which one was causing the problem, now i am back to 0 and it still work !!!!

you may have to delete connection in connection table.

tmsh delete sys connection
Danielle_Daigle
Nimbostratus
Aug 27, 2014
still working
- nitass
  Employee
  Aug 28, 2014
  you are sure there is no existing connection in connection table before testing, aren't you?