For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jbudi1's avatar
jbudi1
Icon for Nimbostratus rankNimbostratus
Feb 17, 2025

Source IP F5 DNS Zone Forwarder

I just create configuration for zonerunner, so that client can use F5 for resolving internet domain. When i did tcpdump on the F5,  i see that f5 using self ip as source ip for forwarding DNS request...
application delivery
Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Feb 17, 2025

You need think why you want to do this first?

You have a self-ip in the same range as the Listener/DNS virtual server and by having the correct routing the F5 will use it and it then if you have SNAT automap the source ip will be that self-ip.

 

EDNS0 Implementation and Troubleshooting recommendations

 

Other than that nowadays DNS should utilize EDNS "Insert Source Address into Client Subnet Option" Overview of the DNS profile (14.x and later) as the client ip is what the end DNS servers should be interested off.

 

 

Also better use Wide IP configurations and what can't be resolved by the wide IP will be send to a DNS pool under the listener. That is the better way for me as without health monitors and with Generic hosts it is like Zonerunner/Bind.

 

Overview of DNS query processing on BIG-IP systems

 

How does the BIG-IP GTM/DNS decide on a DNS response

 

BIG-IP DNS Configuration