AltostratusHi,
I have F5 GTM version 15.1.2.1 and I have problem in configure A record with cname pool.
I created cname pool with long member of Heroku domain and then I add this pool to A record with my domain.
When I try to get the A record I made it's not give me the cname I configured.
Does anyone can help me? what I'm doing wrong?
MVPHello have you followed this?:
Pay attention to this:
*********
If you want the BIG-IPDNS to respond to both A and CNAME record type requests, you must configure two wide IPs. One wide IP of type A with a CNAME pool type, and a second wide IP of type CNAME with a CNAME pool type. At a minimum, an A record type wide IP should be configured with a CNAME pool.
***********
Please mind that the f5 wide ip will use a CNAME pool that normally are pools with other WIDE IP objects that have real nomal A records, so the order is WideIP A record > CHAME record pool > WIDEIP A record > A record Pool. If the CNAME that dns is being redirected is not another Wide IP on the F5 device with a normal A record pool that can give real DNS resolution to the client LDNS then read:
Pay attention to this:
*********
Note: If you want BIG-IP DNS to use a CNAME record that does not exist on the device, check the Static Target box and type in CNAME (such as test.com) for Wide IP .
*********
AltostratusHi,
Thank you for your answer but I just want to understand it with example:
If I have address "a.com" and I want to create cname for it with wideip record from my domain "test.sefi" so the final outcome will be that everyone that type in their browser "test.sefi" will go to "a.com" I should create cname pool with static target to "a.com" and then create wideip A record and widip cname record that they both going to the cname pool I created for "a.com"??
MVPYes. From what I understand the a.com dns is not managed by the same f5 DNS/GTM device, so if this is the case create static target, so create A record wideip for test.sefi with Cname record pool with static target a.com. Just in case I will recomend to also create another wide ip for CNAME record type for test.sefi with the same CNAME pool as the A record wideip for test.sefi as some applications may make a CNAME DNS request.
If the F5 will manage also a.com, then you will also need to create A record wideip for a.com and use it as pool member for the Wide IP for test.sefi (not the static target).
This has the best explanation, even has pictures for what you want (Go to section " BIG-IP DNS load balancing > Wide IPs and pools"). I also recomend reading the whole guide as it is not so long and it covers most of the options for F5 DNS/GTM.
https://support.f5.com/csp/article/K55502976
AltostratusHi,
Thank you for your answer.
I tried to do what you wrote and I also verified it with the link you sent me and I still in the same situation - when I'm typing in my browser "test.sefi" I get "DNS_PROBE_FINISHED_NXDOMAIN"
When I trying to do nslookup for test.sefi it show me that the record exist but not showing the cname "a.com"
but when I'm writing in nslookup "set type=cname" and then I give him the "sefi.test" it show me that it refer to cname "a.com".
when I'm trying to do ping to test.sefi it give me an error that "Ping request could not find host".
What I'm doing wrong?
MVPYou have a wide IP A record type for "test.sefi" with a pool with a static target not only Wide IP with CNAME type ?
Also is the real server that hosts "a.com" correctly configured as the issue could be with it as when the F5 redirects the DNS requests to it then the issue to happen?
Also better test with dig not nslookup as nslookup is more limited and it could be that CNAME record for a.com is returned from F5 device but the Windows nslookup (or the configured LDNS server that the windows workstation uses) may want an A record and after that it may make an automatic A record DNS request. Try switching between using iterative or recursive DNS lookup or just use dig with the +trace option to see everything in the DNS reply.
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/nslookup-set-recurse
https://clouddocs.f5.com/training/community/dns/html/class4/module1/lab3.html
https://clouddocs.f5.com/training/community/dns/html/class4/module1/lab3.html
You may do a wireshark capture on the F5 device to 100% certain that it returns the "DNS_PROBE_FINISHED_NXDOMAIN" not the Local DNS (LDNS) server that your test workstation uses, as the traffic patern is Windows Workstation > LDNS > F5 device. You can also use th dig command from the F5 device itself with dig @<DNS Listener IP adderess> test.sefi and dig @<DNS Listener IP adderess> +trace test.sefi
Also I don't know your network as maybe the F5 DNS/GTM is your local DNS (LDNS), in other words your test workstation is configured to use it as DNS server you may need to enable recursive lookup from it and still when the client workstation sends a DNS request for 'test.sefi' and F5 tries to resolve it, after it sees the A record Wide IP for test.sefi with a CNAME static target it will try to another DNS resolution after the first one to get the A record for "a.com" and if you have not set correctly the DNS for "a.com", it may return error to the client workstation . This is how LDNS works as the customers send "recursive DNS queries" and the LDNS sends many "iterative" DNS queries. So do a little troubleshooting to confirm, from where you get the DNS error "DNS_PROBE_FINISHED_NXDOMAIN".
.
https://support.f5.com/csp/article/K14510