cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

F5 DNS Wide IP and Express Questions

jkramer9
Altostratus
Altostratus

Hi everyone,

 

I'm looking for clarification on a couple of things related to the F5 DNS and Listener, and a monitoring question.

 

  1. Simple question, if I have an FQDN (Wide IP) configured, but disabled, how does the DNS Listener handle such queries? Would the F5 simply move on to DNS Express for an answer in such a situation where the matching Wide IP is disabled on the GTM/DNS?
  2. I'm curious as to how the F5 DNS handles queries which have matching zone records for the primary domain, but not the sub domain. For example, if I have a zone recorded created only for dev.f5.com and a DNS query is sent to the F5 for labs.dev.f5.com, would the F5 find a match and respond from the dev.f5.com zone record?
  3. May I know what the best method is (which doesn't require configuration changes) to monitor and track queries and responses sent to and from the F5. For eg, if I send a DNS query to the F5 for name resolution and load balancing, I would like to know how the F5 DNS handled such a request in detail (how it determined the resolution at the DNS and Load Balancing levels)

 

Thank you!

2 REPLIES 2

NAG
Cirrostratus
Cirrostratus

Hi,

 

1) Simple question, if I have an FQDN (Wide IP) configured, but disabled, how does the DNS Listener handle such queries? Would the F5 simply move on to DNS Express for an answer in such a situation where the matching Wide IP is disabled on the GTM/DNS?

 

ANS: Yes, BigIP will simply move on to DNS Express.

Refer to to "DNS request order of operation for BIG-IP systems" section of https://support.f5.com/csp/article/K14510

 

2) I'm curious as to how the F5 DNS handles queries which have matching zone records for the primary domain, but not the sub domain. For example, if I have a zone recorded created only for dev.f5.com and a DNS query is sent to the F5 for labs.dev.f5.com, would the F5 find a match and respond from the dev.f5.com zone record?

 

ANS: Request is handled as per "Unhandled Query Actions" setting.Following article explains quite well.

 

K14510: Overview of DNS query processing on BIG-IP systems

https://support.f5.com/csp/article/K14510

 

3) May I know what the best method is (which doesn't require configuration changes) to monitor and track queries and responses sent to and from the F5. For eg, if I send a DNS query to the F5 for name resolution and load balancing, I would like to know how the F5 DNS handled such a request in detail (how it determined the resolution at the DNS and Load Balancing levels)

 

ANS::

K25751652: How to configure Decision Logging for the F5 BIG-IP DNS/GTM to local log directory

https://support.f5.com/csp/article/K25751652

 

K65762138: Configuring BIG-IP DNS to log dns queries and responses

https://support.f5.com/csp/article/K65762138

 

 

Hope this is helpful.

 

Regards,

Nag

 

 

 

Simon_Blakely
F5 Employee
F5 Employee

>Simple question, if I have an FQDN (Wide IP) configured, but disabled, how does the DNS Listener handle such queries? Would the F5 simply move on to DNS Express for an answer in such a situation where the matching Wide IP is disabled on the GTM/DNS?

 

This depends on the resolution options set in the DNS profile on the listener - this defines the resolution steps taken by the BigIP to resolve the name. If you have DNS Express enabled in the DNS profile, then yes - that will be the next resolution step.

 

> I'm curious as to how the F5 DNS handles queries which have matching zone records for the primary domain, but not the sub domain. For example, if I have a zone recorded created only for dev.f5.com and a DNS query is sent to the F5 for labs.dev.f5.com, would the F5 find a match and respond from the dev.f5.com zone record?

 

Yes - that is basically how DNS glue records work. But responses from dev.f5.com for hosts in labs.dev.f5.com will not be authoritative.

Remember - this is just descending to bind - so the behaviour is as per bind.

 

> May I know what the best method is (which doesn't require configuration changes) to monitor and track queries and responses sent to and from the F5. For eg, if I send a DNS query to the F5 for name resolution and load balancing, I would like to know how the F5 DNS handled such a request in detail (how it determined the resolution at the DNS and Load Balancing levels)

 

K14615: Configuring the BIG-IP DNS system to log wide IP request information

K25751652:  How to configure Decision Logging for the F5 BIG-IP DNS/GTM to local log directory