cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

BIg-IP DNS Listener question

P_K
MVP
MVP

Hello Folks,

I'm having hard time understanding how a listener and wide IP works in the Big-IP DNS realm. Hoping to get an answer here.

 

I understand that Listener on Big-IP DNS listens and responds to DNS queries on UDP 53 and Wide-IP is the FQDN of the app that i want to load balance across Data centers.

what are the DNS changes should I make on my public DNS provider to have a query land on listener?

Should i need to create 2 listeners if i want to load balance app across 2 data centers?

 

Any help is appreciated!

 

Thanks,

PK

 

 

 

 

 

 

1 ACCEPTED SOLUTION

Simon_Blakely
F5 Employee
F5 Employee

You need to delegate the zone for production.company.com from company.com

 

So the zone file for company.com contains the following records:

 

production.company.com NS ns1.production.company.com production.company.com NS ns2.production.company.com ns1.production.company.com A 1.1.1.1 ns2.production.company.com A 2.1.1.1

So when someone queries www.production.company.com, they will send a NS query to a .com nameserver for company.com, and get a reply.

They then send a NS query to the company.com nameserver asking for a production.company.com nameserver.

The company.com nameserver replies that an NS record for production.company.com is at ns1.production.company.com, and to help you out, the A record for ns1.production.company.com is 1.1.1.1.

The client then sends a www.production.company.com A record request to 1.1.1.1 which resolves the WideIP for 1.1.1.1.

 

This is a standard DNS zone delegation, and your DNS provider or manager should be able to set this up without any difficulty at all.

View solution in original post

7 REPLIES 7

Simon_Blakely
F5 Employee
F5 Employee

You need to specify the IP of the listeners as the NS records for the domain that you want to return WideIPs for.

The domain i want to use is owned by our public DNS provider and as per registrar i can only use the name server from the provider.

For example, I want to use production.company.com and company.com is owned by a public DNS provider say ATT and so do the name servers.

Simon_Blakely
F5 Employee
F5 Employee

You need to delegate the zone for production.company.com from company.com

 

So the zone file for company.com contains the following records:

 

production.company.com NS ns1.production.company.com production.company.com NS ns2.production.company.com ns1.production.company.com A 1.1.1.1 ns2.production.company.com A 2.1.1.1

So when someone queries www.production.company.com, they will send a NS query to a .com nameserver for company.com, and get a reply.

They then send a NS query to the company.com nameserver asking for a production.company.com nameserver.

The company.com nameserver replies that an NS record for production.company.com is at ns1.production.company.com, and to help you out, the A record for ns1.production.company.com is 1.1.1.1.

The client then sends a www.production.company.com A record request to 1.1.1.1 which resolves the WideIP for 1.1.1.1.

 

This is a standard DNS zone delegation, and your DNS provider or manager should be able to set this up without any difficulty at all.

That's great explanation man!

Just to sum it up, i have 2 data centers which means i would just use one NS IP as listener per data center. So 1.1.1.1 is listener in DC 1 and 1.1.1.2 is the listener in DC2. does that look right?

Yes, that is correct.

I came across a question while thinking through this. If i have 2 NS records on my public DNS provider for the FQDN i want to load balance and use one NS as listener at each data center.

Now, when a user query the fqdn and DNS provider responds with a Name server (Listener) IP of DC1 but actually i want user to end up on DC2, how can i make the request end up in DC2 rather than DC1. is it achieved through GTM sync group?

Where the DNS query is made (DC1 or DC2) does not affect which DC the resolved IP address is pointing to - that is determined by the rules governing IP resolution (GTM pools, priority, topology etc) and both GTMs have the same information via the GTM Sync group and iQuery.