Replacing a DNS Server with F5 BIG-IP DNS

First things first, you have decided to deploy F5 BIG-IP DNS to replace a BIND server after receiving notifications from your information assurance officer or your friendly LinkedIn community that ad...
Published Feb 23, 2018
Version 1.0
application delivery
BIG-IP
BIG-IP DNS
dns
gtm
Steve_Lyons's avatar
Steve_Lyons
Ret. Employee
Oct 22, 2018

Hi Misty! I apologize for the delayed response on each of these. So, let's take a look at the different use cases.

 

Authoritative - Client queries BIG-IP for authoritative DNS response based on a zone it currently owns or has been granted delegation to.

 

High-level different configuration options. 1. DNS Express consumes zone from off box bind. 2 DNS Express consumes zone from on box bind when managed by on box bind. 3. DNS Express consumes zone from on box bind which is performing zone transfers from off box bind or other BIG-IP DNS instance.

 

Within the DNS profile, it is recommended to disable the use of Bind to ensure DNS Express is the only component responding to queries. Likely this will be a separate virtual server than what you are using for recursive lookups and therefore using a different DNS profile.

 

Recursive DNS - Client or DNS server queries BIG-IP DNS and BIG-IP DNS then queries a separate DNS instance for an authoritative DNS response and BIG-IP then provides that response to the client.

 

High-level different configuration options. 1. DNS Express handles recursion with no DNS caching. 2. DNS Express handles recursion with DNS caching. 3. On box bind handles DNS recursion with no DNS caching. 4. On box bind handles DNS recursion with DNS caching.

 

I still recommend disabling Bind here though for functionality purposes it is not required. Things to validate. Process Recursion Desired is enabled in the DNS profile which is done so by default. If you are using Bind forwarders, ensure they are configured in System > Configuration > DNS > BIND Forwarder Server List. Also if using Bind ensure recursion is enabled in the named.conf file. If you are using a pool of DNS servers (recommended), ensure it is assigned to the listener or Virtual Server. Please let me know your results and I will help get this working with you. Don't forget tools like dig, nslookup and tcpdump. I prefer dig and tcpdump when troubleshooting any DNS related issue. tcpdump ensures the client is actually hitting my DNS listener and dig validates DNS resolution. Let me know.