Forum Discussion

oguzy's avatar
oguzy
Icon for Cirrostratus rankCirrostratus
Jan 07, 2018

A virtual server without a pool member gives wrong answers for the records in the Wide IP list.

Hi everyone,

 

I created a virtual server on LTM to be able to answer dns request and I have not assigned any pool member for that virtual server. My aim is just to return answers for the records stated in Wide IP lists.

 

In my scenario, I use a windows PC and nslookup tool. On nslookup prompt when I set the virtual server IP as a dns server which I mention above, the dns requests are sent as domain suffix added. Let's think my dns request is "; but the dns request is sent as "; and of course, f5 gives no response for the ";. This issue does not happen when I add a pool member to the virtual server.

 

  • The sample tcpdump output when a pool member exists, multiple dns trials exist such as ., ., .

     

  • The sample tcpdump output when no pool member exists, . (only one try).

     

Would you mind sharing the reason of that situation?

 

application delivery
BIG-IP DNS
LTM

13 Replies

Sort By
  • kolom's avatar
    kolom
    Icon for Altostratus rankAltostratus
    Jan 07, 2018

    Try Changing the DNS setting under your IPv4 adapter advanced settings , choose Append these DNS suffixes , and add dot (.) as a domain suffix .This should remove any extra suffix from your query.

     

    • oguzy's avatar
      oguzy
      Icon for Cirrostratus rankCirrostratus
      Jan 07, 2018

      Hi kolom22,

       

      Thanks to your method, I was able to make a successful dns query. With regard to my question, what do you think about the behavior of F5 for that kind of issue?

       

      Can you recommend some reading about that concept?

       

    • kolom's avatar
      kolom
      Icon for Altostratus rankAltostratus
      Jan 07, 2018

      So you were able to query the listener configured on F5 , and you got the right response .So what is the issue now ?

       

    • oguzy's avatar
      oguzy
      Icon for Cirrostratus rankCirrostratus
      Jan 07, 2018

      Actually, just I wonder if no pool member exists for a listener, and the dns settings of a windows client machine is set as "Append primary and connection specific DNS suffixes" and "Append parent suffixes of the primary DNS suffix", why the query attempts of dns are not made till the top-level domain (i mean till dot (.)).

       

      Please check the sample tcpdump output on the question to make it clear. Maybe it is not an important issue or it is specific to my settings, condition etc., if it does not make sense, you can just ignore it.

       

      Thank you for your interest.

       

  • kolom_265617's avatar
    kolom_265617
    Icon for Cirrostratus rankCirrostratus
    Jan 07, 2018

    Try Changing the DNS setting under your IPv4 adapter advanced settings , choose Append these DNS suffixes , and add dot (.) as a domain suffix .This should remove any extra suffix from your query.

     

    • oguzy's avatar
      oguzy
      Icon for Cirrostratus rankCirrostratus
      Jan 07, 2018

      Hi kolom22,

       

      Thanks to your method, I was able to make a successful dns query. With regard to my question, what do you think about the behavior of F5 for that kind of issue?

       

      Can you recommend some reading about that concept?

       

    • kolom_265617's avatar
      kolom_265617
      Icon for Cirrostratus rankCirrostratus
      Jan 07, 2018

      So you were able to query the listener configured on F5 , and you got the right response .So what is the issue now ?

       

    • oguzy's avatar
      oguzy
      Icon for Cirrostratus rankCirrostratus
      Jan 07, 2018

      Actually, just I wonder if no pool member exists for a listener, and the dns settings of a windows client machine is set as "Append primary and connection specific DNS suffixes" and "Append parent suffixes of the primary DNS suffix", why the query attempts of dns are not made till the top-level domain (i mean till dot (.)).

       

      Please check the sample tcpdump output on the question to make it clear. Maybe it is not an important issue or it is specific to my settings, condition etc., if it does not make sense, you can just ignore it.

       

      Thank you for your interest.

       

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Jan 08, 2018

    Hi,

     

    This is the expected behavior of dns suffixes.

     

    If the user dns record does not end with dot which means root dns, the dns lookup system will try first with all configured dns suffixes before trying root dns suffix.

     

    When you say you add a pool to virtual server, which vs are you talking about? The dns listener?

     

    If you don’t assign a pool to dns listener virtual server, and no wideIp matches, the dns request is sent to the local bind server which answer with nxdomain.

     

    If there is a listener assigned pool, the dns request is sent to the pool member. If it’s not a dns server, it won’t answer a valid dns response, bigip will drop it, so the nslookup won’t send following request with other suffixes.