Can DNS-e and GSLB work together?

Question

I'm looking to rebuild my DNS environment to have local HA clusters of F5 DNS Devices using DNS-E to draw from a hidden master. The one part I can't get info about anywhere is whether/how GSLB will interact in this scenario. Should I have the GSLB elements running on the hidden master only? Should I run Zonerunner on the DNS clusters, use DNS e to draw from several sources? Is GSLB incompatible with hidden masters?

Is anyone able to describe if this is possible? IF so what the best practice implementation is please?

nikoolayy1 · Answer

When you say DNS-E/DNS e better give some examples or link as I admit I have not seen this technology as there are so many things in the IT world, you can't keep up with everything, so giving context is important.
&nbsp;
Why don't you just use F5 DNS Express that is DNS zone transfers and just block with firewall rules/access lists on a network device/firewall (you can use ip tables on the server but better block traffic before it reaches the DNS server) any DNS/AXFR/IXFR connections to the real DNS server that is not comming from F5 GTM/DNS self-ip?
&nbsp;
https://clouddocs.f5.com/training/community/dns/html/class2/module3/module3.html
&nbsp;
&nbsp;
About GSLB and DNS Express and Zone runner the F5 will always try to first use the GSLB wide ip for DNS resolution and if it does not have any matching wide ip then DNS Express then Zone Runner, so the features will work together:
&nbsp;
https://support.f5.com/csp/article/K63042196
https://community.f5.com/t5/technical-articles/lightboard-lessons-f5-dns-order-of-operations/ta-p/288562
https://support.f5.com/csp/article/K14510
&nbsp;

psfletchthetek · Answer

Hi,When you say&nbsp;DNS-E do you mean enhanced DNS, where you can send things like client IP of the orginating requester back to a internal DNS Server?I think there is an option for that in the profile somewhere, but is that what you where thinking?

nikoolayy1 · Answer

If we talking about&nbsp; edns-client-subnet (ECS) then it can work with GSLB and wide ip but you need to disable DNS cache. Please see:
https://support.f5.com/csp/article/K14555264
https://support.f5.com/csp/article/K41415626
https://support.f5.com/csp/article/K07808381
&nbsp;
If you managed to get the needed answers, please flag the question as answered.

Forum Discussion

Can DNS-e and GSLB work together?

3 Replies

Recent Discussions

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Can iRule be used to perform exception of IPI category based on Geolocation

[ASM] - what is "Browser Challange file" ?

LDAPS and renegotiation

Related Content

GSLB Split DNS by iRule

GSLB

F5 GTM GSLB replacement

F5 RHI Solution an alternative to GSLB load balancing between Datacenters

From GSLB to Modern Apps in the Cloud: A Transition Plan for Distributed Cloud.