Forum Discussion
Michael_Goetz If you are not seeing the F5 perform any DNS requests for the forward proxy the DNS Resolver might not be configured correctly and that might be why this is failing. I never had any luck configuring a wildcard DNS Resolver but I was able to configure individual DNS Resolvers entries for each domain we were dealing with and that fixed our issues with DNS queries.
Paulius Good point! I've looked into the config portion of the Resolvers list and everything looks correct. The old iApp used a pool with the name servers as nodes which worked in v13, but coincidentally lack of DNS queries seemed to also be the issue with the iApp too, as indicated in the packet captures after moving to v16. No specific error either like 'no response' or 'connection refused', just would not perform the lookup part of the routine at all. Would be great if it was just a DNS issue.
Asking our network team to check if the F5 has a clear path to the nameservers and will report back.
- PauliusFeb 16, 2023MVP
Michael_Goetz sounds like a plan. On a device that I currently manage, if a FQDN that isn't configured as a resolve properly will still show DNS request but will not have a response back from the DNS caching server that you are querying. If you do the following tcpdump and receive nothing it is most likely an issue with the forward proxy and how it maps the Virtual Servers to the DNS resolver.
tcpdump -nni 0.0 port 53