Can DNS-e and GSLB work together?

Question

I'm looking to rebuild my DNS environment to have local HA clusters of F5 DNS Devices using DNS-E to draw from a hidden master. The one part I can't get info about anywhere is whether/how GSLB will interact in this scenario. Should I have the GSLB elements running on the hidden master only? Should I run Zonerunner on the DNS clusters, use DNS e to draw from several sources? Is GSLB incompatible with hidden masters?

Is anyone able to describe if this is possible? IF so what the best practice implementation is please?

nikoolayy1 · Answer

When you say DNS-E/DNS e better give some examples or link as I admit I have not seen this technology as there are so many things in the IT world, you can't keep up with everything, so giving context is important.
&nbsp;
Why don't you just use F5 DNS Express that is DNS zone transfers and just block with firewall rules/access lists on a network device/firewall (you can use ip tables on the server but better block traffic before it reaches the DNS server) any DNS/AXFR/IXFR connections to the real DNS server that is not comming from F5 GTM/DNS self-ip?
&nbsp;
https://clouddocs.f5.com/training/community/dns/html/class2/module3/module3.html
&nbsp;
&nbsp;
About GSLB and DNS Express and Zone runner the F5 will always try to first use the GSLB wide ip for DNS resolution and if it does not have any matching wide ip then DNS Express then Zone Runner, so the features will work together:
&nbsp;
https://support.f5.com/csp/article/K63042196
https://community.f5.com/t5/technical-articles/lightboard-lessons-f5-dns-order-of-operations/ta-p/288562
https://support.f5.com/csp/article/K14510
&nbsp;

psfletchthetek · Answer

Hi,When you say&nbsp;DNS-E do you mean enhanced DNS, where you can send things like client IP of the orginating requester back to a internal DNS Server?I think there is an option for that in the profile somewhere, but is that what you where thinking?

nikoolayy1 · Answer

If we talking about&nbsp; edns-client-subnet (ECS) then it can work with GSLB and wide ip but you need to disable DNS cache. Please see:
https://support.f5.com/csp/article/K14555264
https://support.f5.com/csp/article/K41415626
https://support.f5.com/csp/article/K07808381
&nbsp;
If you managed to get the needed answers, please flag the question as answered.

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Can DNS-e and GSLB work together?

3 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

irule execution error

Issue with TLS Version 1.1 Deprecated Protocol

can't access on prem dns when using F5LTM as a gateway

Adding logging to APM per-request policy without SWG license

Service discovery is not happening in AS3

Related Content

Can distributed cloud DNS and BigIP DNS perform GSLB together?

GSLB Split DNS by iRule

F5 XC Distributed Cloud DNS GSLB implementing Split-DNS

GSLB

BIG-IP and OPSWAT Together Implement DLP for AI Traffic

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS