Forum Discussion

jkramer9's avatar
jkramer9
Icon for Altostratus rankAltostratus
Feb 23, 2020

F5 DNS Wide IP and Express Questions

Hi everyone,

 

I'm looking for clarification on a couple of things related to the F5 DNS and Listener, and a monitoring question.

 

  1. Simple question, if I have an FQDN (Wide IP) configured, but disabled, how does the DNS Listener handle such queries? Would the F5 simply move on to DNS Express for an answer in such a situation where the matching Wide IP is disabled on the GTM/DNS?
  2. I'm curious as to how the F5 DNS handles queries which have matching zone records for the primary domain, but not the sub domain. For example, if I have a zone recorded created only for dev.f5.com and a DNS query is sent to the F5 for labs.dev.f5.com, would the F5 find a match and respond from the dev.f5.com zone record?
  3. May I know what the best method is (which doesn't require configuration changes) to monitor and track queries and responses sent to and from the F5. For eg, if I send a DNS query to the F5 for name resolution and load balancing, I would like to know how the F5 DNS handled such a request in detail (how it determined the resolution at the DNS and Load Balancing levels)

 

Thank you!

2 Replies

  • NAG's avatar
    NAG
    Icon for Cirrostratus rankCirrostratus

    Hi,

     

    1) Simple question, if I have an FQDN (Wide IP) configured, but disabled, how does the DNS Listener handle such queries? Would the F5 simply move on to DNS Express for an answer in such a situation where the matching Wide IP is disabled on the GTM/DNS?

     

    ANS: Yes, BigIP will simply move on to DNS Express.

    Refer to to "DNS request order of operation for BIG-IP systems" section of https://support.f5.com/csp/article/K14510

     

    2) I'm curious as to how the F5 DNS handles queries which have matching zone records for the primary domain, but not the sub domain. For example, if I have a zone recorded created only for dev.f5.com and a DNS query is sent to the F5 for labs.dev.f5.com, would the F5 find a match and respond from the dev.f5.com zone record?

     

    ANS: Request is handled as per "Unhandled Query Actions" setting.Following article explains quite well.

     

    K14510: Overview of DNS query processing on BIG-IP systems

    https://support.f5.com/csp/article/K14510

     

    3) May I know what the best method is (which doesn't require configuration changes) to monitor and track queries and responses sent to and from the F5. For eg, if I send a DNS query to the F5 for name resolution and load balancing, I would like to know how the F5 DNS handled such a request in detail (how it determined the resolution at the DNS and Load Balancing levels)

     

    ANS::

    K25751652: How to configure Decision Logging for the F5 BIG-IP DNS/GTM to local log directory

    https://support.f5.com/csp/article/K25751652

     

    K65762138: Configuring BIG-IP DNS to log dns queries and responses

    https://support.f5.com/csp/article/K65762138

     

     

    Hope this is helpful.

     

    Regards,

    Nag

     

     

     

  • >Simple question, if I have an FQDN (Wide IP) configured, but disabled, how does the DNS Listener handle such queries? Would the F5 simply move on to DNS Express for an answer in such a situation where the matching Wide IP is disabled on the GTM/DNS?

     

    This depends on the resolution options set in the DNS profile on the listener - this defines the resolution steps taken by the BigIP to resolve the name. If you have DNS Express enabled in the DNS profile, then yes - that will be the next resolution step.

     

    > I'm curious as to how the F5 DNS handles queries which have matching zone records for the primary domain, but not the sub domain. For example, if I have a zone recorded created only for dev.f5.com and a DNS query is sent to the F5 for labs.dev.f5.com, would the F5 find a match and respond from the dev.f5.com zone record?

     

    Yes - that is basically how DNS glue records work. But responses from dev.f5.com for hosts in labs.dev.f5.com will not be authoritative.

    Remember - this is just descending to bind - so the behaviour is as per bind.

     

    > May I know what the best method is (which doesn't require configuration changes) to monitor and track queries and responses sent to and from the F5. For eg, if I send a DNS query to the F5 for name resolution and load balancing, I would like to know how the F5 DNS handled such a request in detail (how it determined the resolution at the DNS and Load Balancing levels)

     

    K14615: Configuring the BIG-IP DNS system to log wide IP request information

    K25751652:  How to configure Decision Logging for the F5 BIG-IP DNS/GTM to local log directory