GTM secondary DNS to active directory

pedinopa_170325 · ‎09-Dec-2014

I am trying to configure a GTM to be a secondary DNS server to my AD domain. The examples I found discuss using a BIND server (not AD). Can anyone lend assistance?

Stewart · ‎09-Dec-2014

Hi,

Take a look at DNS express.

https://support.f5.com/kb/en-us/products/big-op_gtm/manuals/product/gtm_implementations_11_0_0/10.ht...

This will enable the GTM to serve out the addresses that you configure on your AD Servers. You'll need to setup TSIG to allow zone transfers.

Stewart · ‎09-Dec-2014

That link should read.

https://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm_implementations_11_0_0/10.ht...

pedinopa_170325 · ‎10-Dec-2014

I am running 11.5.1 HF5 so the menus do quite match up to the article. I found all of the options under the DNS menu (not Local Traffic Manager).

I created a TSIG

I created my zone using TSIG (I created a nameserver pointing to my AD domain controller)

under zonerunner I modified the named configuration

all of the listners (one for UDP and 1 for TCP) use the dns-express profile

when I tail the ltm log the gtm fails to transfer from AD.

Stewart · ‎10-Dec-2014

Did you set up TSIG on the AD controller as well?

pedinopa_170325 · ‎11-Dec-2014

no TSIG is not on the AD domain.

AubreyKingF5 · ‎27-Sep-2022

Video response. 🙂

This is the easiest way to get this done. I have personally configured this in a Tier 1 Service Provider mobility environment, so I can tell you that performance is QUITE high, when tuned appropriately with a udp profile.

This also allows you to add a full proxy caching dns firewall in front of your AD DNS.

DevCentral

GTM secondary DNS to active directory

MFA required on DevCentral