Forum Discussion

Sarah_258804's avatar
Apr 26, 2016

Unable to access virtual server over port 53

I currently have virtual server set up a load balance across three DNS servers. If I issue command "nslookup www.google.com [IP of VS]" from a client machine I'm getting a DNS request time out error. I've verified that the vIP is reachable from the client and it's operational on the BIG-IP. The DNS servers are reachable on the BIG-IP as well and are passing the monitor associated with the pool.

 

  • {

     

    "name": "DNS-Internal-VS",

     

    "template": "appsvcs_integration_v1.0_001",

     

    "virtualServerReferences": [

     

    {

     

    "link": ""

     

    }

     

    ],

     

    "vars": {

     

    "extensions__Field1": "",

     

    "extensions__Field2": "",

     

    "extensions__Field3": "",

     

    "feature__easyASMPolicy": "disabled",

     

    "feature__easyL4Firewall": "auto",

     

    "feature__insertXForwardedFor": "auto",

     

    "feature__redirectToHTTPS": "auto",

     

    "feature__securityEnableHSTS": "disabled",

     

    "feature__sslEasyCipher": "disabled",

     

    "feature__statsHTTP": "auto",

     

    "feature__statsTLS": "auto",

     

    "iapp__appStats": "enabled",

     

    "iapp__mode": "auto",

     

    "iapp__routeDomain": "auto",

     

    "iapp__strictUpdates": "enabled",

     

    "pool__AdvOptions": "",

     

    "pool__Description": "pooldescr",

     

    "pool__LbMethod": "round-robin",

     

    "pool__MemberDefaultPort": "53",

     

    "pool__Monitor": "/Common/dns_53",

     

    "pool__Name": "DNS-Internal-Pool",

     

    "pool__addr": "10.251.12.30",

     

    "pool__mask": "255.255.255.255",

     

    "pool__port": "53", "vs__AdvOptions": "",

     

    "vs__AdvProfiles": "",

     

    "vs__ConnectionLimit": "0",

     

    "vs__Description": "vsdescr",

     

    "vs__IpProtocol": "udp",

     

    "vs__Irules": "",

     

    "vs__Name": "",

     

    "vs__OptionConnectionMirroring": "disabled",

     

    "vs__OptionSourcePort": "preserve",

     

    "vs__ProfileAccess": "",

     

    "vs__ProfileAnalytics": "",

     

    "vs__ProfileClientProtocol": "/Common/udp_gtm_dns",

     

    "vs__ProfileClientSSL": "",

     

    "vs__ProfileClientSSLAdvOptions": "",

     

    "vs__ProfileClientSSLCert": "",

     

    "vs__ProfileClientSSLChain": "",

     

    "vs__ProfileClientSSLCipherString": "",

     

    "vs__ProfileClientSSLKey": "",

     

    "vs__ProfileCompression": "",

     

    "vs__ProfileConnectivity": "",

     

    "vs__ProfileDefaultPersist": "",

     

    "vs__ProfileFallbackPersist": "",

     

    "vs__ProfileHTTP": "",

     

    "vs__ProfileOneConnect": "",

     

    "vs__ProfilePerRequest": "",

     

    "vs__ProfileRequestLogging": "",

     

    "vs__ProfileSecurityDoS": "",

     

    "vs__ProfileSecurityIPBlacklist": "none",

     

    "vs__ProfileSecurityLogProfiles": "",

     

    "vs__ProfileServerProtocol": "/Common/udp_gtm_dns",

     

    "vs__ProfileServerSSL": "",

     

    "vs__SNATConfig": "automap",

     

    "vs__SourceAddress": "0.0.0.0/0"

     

    },

     

    "tables": {

     

    "feature__easyL4FirewallBlacklist": {

     

    "columns": [

     

    "CIDRRange"

     

    ],

     

    "rows": [

     

    [

     

    ""

     

    ]

     

    ]

     

    },

     

    "feature__easyL4FirewallSourceList": {

     

    "columns": [

     

    "CIDRRange"

     

    ],

     

    "rows": [

     

    [

     

    "0.0.0.0/0"

     

    ]

     

    ]

     

    },

     

    "pool__Members": {

     

    "columns": [

     

    "IPAddress",

     

    "Port",

     

    "ConnectionLimit",

     

    "Ratio",

     

    "State"

     

    ],

     

    "rows": [

     

    [

     

    "10.251.116.150",

     

    "53",

     

    "0",

     

    "1",

     

    "enabled"

     

    ],

     

    [

     

    "10.251.116.151",

     

    "53",

     

    "0",

     

    "1",

     

    "enabled"

     

    ],

     

    [

     

    "10.251.116.152",

     

    "53",

     

    "0",

     

    "1",

     

    "enabled"

     

    ],

     

    [

     

    "10.251.116.153",

     

    "53",

     

    "0",

     

    "1",

     

    "enabled"

     

    ]

     

    ]

     

    }

     

    },

     

    "generation": 0,

     

    "lastUpdateMicros": 0,

     

    "selfLink": ""

     

    }

     

    • Sarah_258804's avatar
      Sarah_258804
      Icon for Cirrus rankCirrus
      I tried that and no dice. I have a ticket open for this issue and it was pointed out that I didn't have a "DNS Profile" assigned to this virtual server. I added the basic DNS profile and still no resolving ip addresses with the virtual server IP.
    • Greg_Labelle_31's avatar
      Greg_Labelle_31
      Icon for Nimbostratus rankNimbostratus
      I notice that your virtual server is setup for UDP. When the response for a DNS query contains more records than can fit in a single UDP packet, it will leverage TCP instead to send the query. Try resolving a simple query that has only one record to test the theory. If this is the case, you'll need to setup a second virtual server at the same address and port using the TCP protocol as well to support both paradigms.