Forum Discussion
Mickey_Farmer_2
Nimbostratus
NimbostratusWhat IP's to use for DNS Listeners?
In another question on this forum, https://devcentral.f5.com/questions/f5-gtm-and-wide-ip, the poster asks if the Name Server records for his subdomain (.wip.) needed to use the self IP's of his F5's...
"A listener object that is not defined as a self IP address cannot direct name resolution requests to BIND"
If you don't require that (and I usually make sure that requests not serviced by GTM are dropped myself), then you have no issues AFAIK.
Possibly it's listed as not best practice because if GTM can't resolve it, you won't get any answer, and whoever wrote it wanted to make sure at least SOMETHING was given back (e.g. for addresses that ARE NOT serviced by GTM - i.e. not WideIP's).
However for most of the installs I've done, that was the DESIRED effect anyway... Because I don't like running GTM's inline with normal DNS services - i.e. I like my GTM's to be serving ONLY WideIP's.
See this scenario-----
A DNS server already exists at IP address 10.2.5.37.
There are two VLANs, named external and guests.
There are two wide IPs: www.siterequest.com and downloads.siterequest.com. After being integrated into the network, Global Traffic Manager is responsible for the following actions:
Managing and responding to requests for the wide IPs
Forwarding other DNS traffic to the existing DNS server
Forwarding any traffic from the guests VLAN to the rest of the network To implement this configuration, Global Traffic Manager requires three listeners:
A listener with an IP address that is the same as the self IP address of Global Traffic Manager. This listener allows the system to manage DNS traffic that pertains to its wide IPs.
A listener with an IP address of 10.2.5.37, the IP address of the existing DNS server. This listener allows the system to forward incoming traffic to the existing DNS server.
A wildcard listener enabled on the guests VLAN. This listener allows Global Traffic Manager to forward traffic sent from the guests VLAN to the rest of the network.
Mickey_Farmer_2Nimbostratus
NimbostratusThanks, Brad. From F5's site, the setup of a DNS Listener asks for a self IP address on the GTM:
(From https://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-implementations-11-5-0/4.html) Creating listeners to handle traffic for wide IPs
Determine the self IP address on which you want BIG-IP GTM to listen for DNS queries for the wide IPs configured on the system.
Create listeners that identify the wide IP traffic for which GTM is responsible. Create four listeners: two that use the UDP protocol (one each for an IPv4 address and IPv6 address), and two that use the TCP protocol (one each for an IPv4 address and IPv6 address). Note: DNS zone transfers use TCP port 53. If you do not configure a listener for TCP the client might receive the error: connection refused or TCP RSTs. 1. On the Main tab, click DNS > Delivery > Listeners. The Listeners List screen opens. 2. Click Create. The Listeners properties screen opens. 3. In the Name field, type a unique name for the listener. 4. For the Destination setting, in the Address field, type the IP address on which GTM listens for network traffic. The destination is a self IP address on GTM. 5. From the VLAN Traffic list, select All VLANs. 6. In the Service area, from the Protocol list, select UDP. 7. Click Repeat.
Brad_Parker
Cirrus
Cirrus"A listener is a specialized virtual server that passively checks for DNS packets on port 53 and the IP address you assign to the listener. When a DNS query is sent to the IP address of the listener, BIG-IP GTM either handles the request locally or forwards the request to the appropriate resource." Not sure why it says to use a self IP for the virtual server. While you can do that you don't have to. I don't believe that is a requirement. Your NS records will be whatever you setup as your listener(whether that is a self ip or some other IP).