cancel
Showing results for 
Search instead for 
Did you mean: 

Configuring listener IP for TCP

Khaled_HA
Altostratus
Altostratus

Hay folks!

I am preparing for the 302 exam and I ran into this  " DNS zone transfers use TCP port 53. If you do not configure a listener for TCP the client might receive the error: connection refused or TCP RSTs."

Link: https://techdocs.f5.com/en-us/bigip-16-0-0/big-ip-dns-implementations/replacing-a-dns-server-with-bi...

Why should I configure listener for TCP, besides for zone transfer ?

If I am not using zone transfer, is UDP listener enough for answering DNS quesries ?

Another question:

What are the scenarios client might recieve connection refused from the Big-IP DNS ?

 

2 ACCEPTED SOLUTIONS

Hi @Khaled_HA,

UPD is limited to 512 bytes. Some of the newer record types might contain messages that exceed the 512 byte limit and use TCP as fallback.

I never tried to pass the 302 exam. However, I am 100% it is for BIG-IP 12.1. You are looking at an article that is relevant for 14.1 to 16.1. Make sure you are looking the relevant sources (K29900360: F5 certification | Exams and blueprints). 

KR
Daniel

View solution in original post

I will try to answer your second question too:

This solution (K14510: Overview of DNS query processing on BIG-IP systems) explains in which order the BIG-IP processes DNS requests and how to configure Unhandled Query Actions. One setting for unhandled queries is Reject.

  • Use the Reject setting to return a REFUSED status for the DNS query.

DISCLAIMER: I admit that I am not an expert for BIG-IP DNS. Maybe this is not the only correct answer to your question.

View solution in original post

6 REPLIES 6

Sebastiansierra
Cirrocumulus
Cirrocumulus

Hi,

Creating DNS listeners TCP or UDP will depend on the customer that consumes the service, or the device that must use the DNS for resolution.

To create a TCP listener you need to run the same steps when you create your UDP listener:

1. In the path DNS ›› Delivery : Listeners : Listener List click create.

2. Set a Name

3. Set the IP, it could be the same for TCP or UDP protocol.

4. In protocol select TCP.

5. Click Finished

 

Thanks but that was not my question.

My question is that "If I did not configure TCP lister, will the BigIP DNS refuse client connection ? and why? 

Isn't UDP enough? 

Sebastiansierra
Cirrocumulus
Cirrocumulus

When you create a listener a virtual server is deployed too with the IP and the Protocol that you selected for the listeners for example UDP.

If UDP is the only protocol that you want to allow for DNS it will be enough and TCP will not be required, but this depends on every scenery, I worked with some network devices that request the DNS resolution by TCP protocol and in this case, you must create both.

Hi @Khaled_HA,

UPD is limited to 512 bytes. Some of the newer record types might contain messages that exceed the 512 byte limit and use TCP as fallback.

I never tried to pass the 302 exam. However, I am 100% it is for BIG-IP 12.1. You are looking at an article that is relevant for 14.1 to 16.1. Make sure you are looking the relevant sources (K29900360: F5 certification | Exams and blueprints). 

KR
Daniel

Hay @Daniel_Wolf,

Thanks for bringing that to my mand.

Regarding my second question; what are the setuations where big-ip DNS would refuse the connection ?

If the big-ip DNS recieved a query for a domain that it is not authoritative for, will the big-ip DNS refuse the query ?

I will try to answer your second question too:

This solution (K14510: Overview of DNS query processing on BIG-IP systems) explains in which order the BIG-IP processes DNS requests and how to configure Unhandled Query Actions. One setting for unhandled queries is Reject.

  • Use the Reject setting to return a REFUSED status for the DNS query.

DISCLAIMER: I admit that I am not an expert for BIG-IP DNS. Maybe this is not the only correct answer to your question.