Configuring the F5 BIG-IP to Perform Name Resolution Using a DNS Resolver Cache

After feedback on both DevCentral and direct email, it seems as though there is still confusion or a lack of clarity around how to configure the BIG-IP to perform name resolution. A common scenario o...
Published Dec 06, 2018
Version 1.0
application delivery
BIG-IP DNS
AndreasWall's avatar
AndreasWall
Icon for Nimbostratus rankNimbostratus
Mar 26, 2021

Hi,

Nice, clean configuration and explanation.

One question.

I have created a dns cache with forward zones. Each zone has a set of different nameservers configured.

The cache looks like this:

ltm dns cache resolver dns_cache_1 {

  answer-default-zones yes

  forward-zones {

    . {

      nameservers {

        10.10.10.10:53 { }

        10.10.10.11:53 { }

      }

    }

    zone1.com. {

      nameservers {

        10.11.11.10:53 { }

        10.11.11.11:53 { }

      }

    }

    zone2.com. {

      nameservers {

        10.11.11.10:53 { }

        10.11.11.11:53 { }

      }

    }

  }

  partition DNS_RESOLVER

  route-domain /Common/100

}

 

At the moment, from what I can tell, the F5 will use the self IP address of the egress interface when querying those nameservers.

Is it possible to tweak this in to using another address? I tried using source-address-translation under the dns listener but no luck.

It does not have to be different IP address source depending on which set of nameservers to query. Just that it uses another IP address then the self IP's.

Is an iRule the way to go here?

We have the F5 set up in a one-armed fashion.

 

Thanks in advance for any comments, suggestions and solutions.