Forum Discussion
Sarah_258804
Cirrus
CirrusUnable to access virtual server over port 53
I currently have virtual server set up a load balance across three DNS servers. If I issue command "nslookup www.google.com [IP of VS]" from a client machine I'm getting a DNS request time out error. I've verified that the vIP is reachable from the client and it's operational on the BIG-IP. The DNS servers are reachable on the BIG-IP as well and are passing the monitor associated with the pool.
Greg_LabelleNimbostratus
Can you post the configuration for the virtual server here?
Sarah_258804{
"name": "DNS-Internal-VS",
"template": "appsvcs_integration_v1.0_001",
"virtualServerReferences": [
{
"link": ""
}
],
"vars": {
"extensions__Field1": "",
"extensions__Field2": "",
"extensions__Field3": "",
"feature__easyASMPolicy": "disabled",
"feature__easyL4Firewall": "auto",
"feature__insertXForwardedFor": "auto",
"feature__redirectToHTTPS": "auto",
"feature__securityEnableHSTS": "disabled",
"feature__sslEasyCipher": "disabled",
"feature__statsHTTP": "auto",
"feature__statsTLS": "auto",
"iapp__appStats": "enabled",
"iapp__mode": "auto",
"iapp__routeDomain": "auto",
"iapp__strictUpdates": "enabled",
"pool__AdvOptions": "",
"pool__Description": "pooldescr",
"pool__LbMethod": "round-robin",
"pool__MemberDefaultPort": "53",
"pool__Monitor": "/Common/dns_53",
"pool__Name": "DNS-Internal-Pool",
"pool__addr": "10.251.12.30",
"pool__mask": "255.255.255.255",
"pool__port": "53", "vs__AdvOptions": "",
"vs__AdvProfiles": "",
"vs__ConnectionLimit": "0",
"vs__Description": "vsdescr",
"vs__IpProtocol": "udp",
"vs__Irules": "",
"vs__Name": "",
"vs__OptionConnectionMirroring": "disabled",
"vs__OptionSourcePort": "preserve",
"vs__ProfileAccess": "",
"vs__ProfileAnalytics": "",
"vs__ProfileClientProtocol": "/Common/udp_gtm_dns",
"vs__ProfileClientSSL": "",
"vs__ProfileClientSSLAdvOptions": "",
"vs__ProfileClientSSLCert": "",
"vs__ProfileClientSSLChain": "",
"vs__ProfileClientSSLCipherString": "",
"vs__ProfileClientSSLKey": "",
"vs__ProfileCompression": "",
"vs__ProfileConnectivity": "",
"vs__ProfileDefaultPersist": "",
"vs__ProfileFallbackPersist": "",
"vs__ProfileHTTP": "",
"vs__ProfileOneConnect": "",
"vs__ProfilePerRequest": "",
"vs__ProfileRequestLogging": "",
"vs__ProfileSecurityDoS": "",
"vs__ProfileSecurityIPBlacklist": "none",
"vs__ProfileSecurityLogProfiles": "",
"vs__ProfileServerProtocol": "/Common/udp_gtm_dns",
"vs__ProfileServerSSL": "",
"vs__SNATConfig": "automap",
"vs__SourceAddress": "0.0.0.0/0"
},
"tables": {
"feature__easyL4FirewallBlacklist": {
"columns": [
"CIDRRange"
],
"rows": [
[
""
]
]
},
"feature__easyL4FirewallSourceList": {
"columns": [
"CIDRRange"
],
"rows": [
[
"0.0.0.0/0"
]
]
},
"pool__Members": {
"columns": [
"IPAddress",
"Port",
"ConnectionLimit",
"Ratio",
"State"
],
"rows": [
[
"10.251.116.150",
"53",
"0",
"1",
"enabled"
],
[
"10.251.116.151",
"53",
"0",
"1",
"enabled"
],
[
"10.251.116.152",
"53",
"0",
"1",
"enabled"
],
[
"10.251.116.153",
"53",
"0",
"1",
"enabled"
]
]
}
},
"generation": 0,
"lastUpdateMicros": 0,
"selfLink": ""
}
Greg_Labelle_31I notice that your virtual server is setup for UDP. When the response for a DNS query contains more records than can fit in a single UDP packet, it will leverage TCP instead to send the query. Try resolving a simple query that has only one record to test the theory. If this is the case, you'll need to setup a second virtual server at the same address and port using the TCP protocol as well to support both paradigms.- Sarah_258804I tried that and no dice. I have a ticket open for this issue and it was pointed out that I didn't have a "DNS Profile" assigned to this virtual server. I added the basic DNS profile and still no resolving ip addresses with the virtual server IP.
- Sarah_258804Configuration of application profile below.