cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

F5 GSLB - delegation

Rahul_Yadav
Cirrus
Cirrus

Hi,

 

This query more focused toward normal DNS functionality, scenario given below, want to understand how normal DNS and F5 DNS/GSLB work together:

 

  • Let's we have delegated one domain on 2 F5-DNS host name as nameserver using CNAME from primary DNS server.
  • Now assume one of Site or F5 DNS is not working.

 

Query: In the above scenario, does primary DNS send queries to both F5 DNS or to only one F5 DNS?

 

If it will send to both F5 DNS, then what will happen to 50% of the queries which went down F5 DNS.

1 ACCEPTED SOLUTION

> My concern is that, does primary DNS every time goes to both GSLB/DNS irrespective to their availability?

 

That is a decision made by the DNS resolver, whatever that is, as it seeks to resolve the name.

If your primary DNS server allows recursive queries, then it might make that decision itself, but that is generally not the case.,

 

Your primary DNS (pDNS) serves mydomain.com.

Your BigIP DNS servers serve gslb.mydomain.com.

 

A DNS resolver (tDNSr)) asks pDNS for app1.mydomain.com.

pDNS replies with a CNAME app1.gslb.mydomain.com.

tDNSr sends a query to pDNS for NS records for gslb.mydomain.com.

pDNS replies with with 2 NS records

NS ns1.gslb.mydomain.com

NS ns2.gslb.mydomain.com

pDNS also appends the DNS glue records giving the A records for

ns1.gslb.mydomain.com A 1.1.1.1

ns2.gslb.mydomain.com A 2.2.2.2

 

tDNSr then makes queries to ns1.gslb.mydomain.com, ns2.gslb.mydomain.com using the provided A records.

How tDNSr makes those queries is up to the DNS resolver - it may always try the first nameserver returned, it may try both and see which one responds first, or it may randomly choose one, and if the query times out, choose the other. This cannot be controlled by the DNS configuration - it is DNS resolver implementation dependent.

 

If your pDNS allows recursive requests, then some of the above steps are internal to pDNS and it is a bit faster. But whether it makes sub-domain resolution requests in parallel or in series (using a round robin approach) depends on the primary DNS server configuration, and not the BigIPs or the DNS configuration.

View solution in original post

4 REPLIES 4

Simon_Blakely
F5 Employee
F5 Employee

The same thing as with any delegated DNS name server that happens to be down if a query is sent to it - the request eventually times out, so the request is re-tried to another of the specified name servers for the domain.

Thanks for responding,

My concern is that, does primary DNS every time goes to both GSLB/DNS irrespective to their availability?

And if the request is time out - then will it automatically reached another GSLB/DNS?

> My concern is that, does primary DNS every time goes to both GSLB/DNS irrespective to their availability?

 

That is a decision made by the DNS resolver, whatever that is, as it seeks to resolve the name.

If your primary DNS server allows recursive queries, then it might make that decision itself, but that is generally not the case.,

 

Your primary DNS (pDNS) serves mydomain.com.

Your BigIP DNS servers serve gslb.mydomain.com.

 

A DNS resolver (tDNSr)) asks pDNS for app1.mydomain.com.

pDNS replies with a CNAME app1.gslb.mydomain.com.

tDNSr sends a query to pDNS for NS records for gslb.mydomain.com.

pDNS replies with with 2 NS records

NS ns1.gslb.mydomain.com

NS ns2.gslb.mydomain.com

pDNS also appends the DNS glue records giving the A records for

ns1.gslb.mydomain.com A 1.1.1.1

ns2.gslb.mydomain.com A 2.2.2.2

 

tDNSr then makes queries to ns1.gslb.mydomain.com, ns2.gslb.mydomain.com using the provided A records.

How tDNSr makes those queries is up to the DNS resolver - it may always try the first nameserver returned, it may try both and see which one responds first, or it may randomly choose one, and if the query times out, choose the other. This cannot be controlled by the DNS configuration - it is DNS resolver implementation dependent.

 

If your pDNS allows recursive requests, then some of the above steps are internal to pDNS and it is a bit faster. But whether it makes sub-domain resolution requests in parallel or in series (using a round robin approach) depends on the primary DNS server configuration, and not the BigIPs or the DNS configuration.

Dojs
Cirrostratus
Cirrostratus