18-Feb-2022 02:56
Hay folks!
I am preparing for the 302 exam and I ran into this " DNS zone transfers use TCP port 53. If you do not configure a listener for TCP the client might receive the error: connection refused or TCP RSTs."
Why should I configure listener for TCP, besides for zone transfer ?
If I am not using zone transfer, is UDP listener enough for answering DNS quesries ?
Another question:
What are the scenarios client might recieve connection refused from the Big-IP DNS ?
Solved! Go to Solution.
18-Feb-2022 11:29 - edited 18-Feb-2022 11:30
Hi @Khaled_HA,
UPD is limited to 512 bytes. Some of the newer record types might contain messages that exceed the 512 byte limit and use TCP as fallback.
I never tried to pass the 302 exam. However, I am 100% it is for BIG-IP 12.1. You are looking at an article that is relevant for 14.1 to 16.1. Make sure you are looking the relevant sources (K29900360: F5 certification | Exams and blueprints).
KR
Daniel
20-Feb-2022 03:05
I will try to answer your second question too:
This solution (K14510: Overview of DNS query processing on BIG-IP systems) explains in which order the BIG-IP processes DNS requests and how to configure Unhandled Query Actions. One setting for unhandled queries is Reject.
DISCLAIMER: I admit that I am not an expert for BIG-IP DNS. Maybe this is not the only correct answer to your question.
18-Feb-2022 03:38
Hi,
Creating DNS listeners TCP or UDP will depend on the customer that consumes the service, or the device that must use the DNS for resolution.
To create a TCP listener you need to run the same steps when you create your UDP listener:
1. In the path DNS ›› Delivery : Listeners : Listener List click create.
2. Set a Name
3. Set the IP, it could be the same for TCP or UDP protocol.
4. In protocol select TCP.
5. Click Finished
18-Feb-2022 04:11
Thanks but that was not my question.
My question is that "If I did not configure TCP lister, will the BigIP DNS refuse client connection ? and why?
Isn't UDP enough?
18-Feb-2022 05:35
When you create a listener a virtual server is deployed too with the IP and the Protocol that you selected for the listeners for example UDP.
If UDP is the only protocol that you want to allow for DNS it will be enough and TCP will not be required, but this depends on every scenery, I worked with some network devices that request the DNS resolution by TCP protocol and in this case, you must create both.
18-Feb-2022 11:29 - edited 18-Feb-2022 11:30
Hi @Khaled_HA,
UPD is limited to 512 bytes. Some of the newer record types might contain messages that exceed the 512 byte limit and use TCP as fallback.
I never tried to pass the 302 exam. However, I am 100% it is for BIG-IP 12.1. You are looking at an article that is relevant for 14.1 to 16.1. Make sure you are looking the relevant sources (K29900360: F5 certification | Exams and blueprints).
KR
Daniel
18-Feb-2022 14:20
Hay @Daniel_Wolf,
Thanks for bringing that to my mand.
Regarding my second question; what are the setuations where big-ip DNS would refuse the connection ?
If the big-ip DNS recieved a query for a domain that it is not authoritative for, will the big-ip DNS refuse the query ?
20-Feb-2022 03:05
I will try to answer your second question too:
This solution (K14510: Overview of DNS query processing on BIG-IP systems) explains in which order the BIG-IP processes DNS requests and how to configure Unhandled Query Actions. One setting for unhandled queries is Reject.
DISCLAIMER: I admit that I am not an expert for BIG-IP DNS. Maybe this is not the only correct answer to your question.