F5 DNS with cPanel Web Hosting Server
Hi, We have a publicly accessible web hosting server backed by cPanel and currently we are using F5 to handle our DNS. The problem that we are facing is when one of our end customer adds a Zone /DNS record INSIDE his cPanel account and everytime we have to manually check and add those records in F5 to make things work. Is there a solution for this?.
BIG-IP DNS iRule issue with static variable
I am trying to develop an iRule bypassing DNS processing when a DNS request matching a wide ip comes via a specific listener on our BIG-IP DNS. Code is below: when RULE_INIT { set static::ul_ip "10.X.Y.Z" set static::ul_debug true } when DNS_REQUEST priority 100 { if { [IP::addr [IP::local_addr]/32 equals $static::ul_ip]} { DNS::disable all #apparently event disable is no longer accepted? #event disable if { [$static::ul_debug]} { log local0. "DNS Request [DNS::question name] triggered bypass" } } } This rule is meant to be applied to specific wide ip's (for reasons). When this rule is applied and tested, I am seeing the message below in /var/log/gtm: Apr 30 12:06:37 somebigipdns.nope.com err slot1 tmm[18454]: 011a7001:3: TCL error: Rule /Common/ul-bypass-rule <DNS_REQUEST> - can't read "static::ul_ip": no such variable while executing "IP::addr [IP::local_addr]/32 equals $static::ul_ip" I'm completely unclear on why the TCL error is occurring. For bonus points, any idea why 'event disable' isn't working in the DNS_REQUEST event? This message shows up in /var/log/ltm unless 'event disable' is commented out: Apr 30 11:11:27 somebigipdns.nope.com err slot1 mcpd[6981]: 01070151:3: Rule [/Common/ul-bypass-rule] error: /Common/ul-bypass-rule:23: error: [undefined procedure: event][event disable] Thanks in advance for any assistance provided. - RNIC on Server points Default Gateway to Big-IP's Self IP and does not see domain.
I have a load balancing situation that requires a strange setup for me. The Nodes that the VIP points to are Windows servers and they require a nic that has the default gateway point back to the Self IP of the Big-IP. The issue is the Network Location Awareness is seeing the network as a public network instead of a domain network. I am unsure of how-to setup the Bio-IP to make the server see the domain. The link below is a PDF with the instructions for the setup. Direct Link to pdf. https://www.kofaxdemocenter.com/IManager/Download/886/71293/17858/2017725/EN/17858_2017725_Jfij_03841bv1.TechTips_F5_DNAT_AutoStore_PCC5.1.pdf The website the pdf is located. High Availability using Network Load Balancers (kofaxdemocenter.com) All servers and clients are internal and on the same domain. All other VIPs work correctly. The Self IP and the servers are on the same VLAN.GTM as a Forwarder to multiple ADs
Hi I have gone through the community articles and F5 docs as well before posting this question. There are some information related to this query but I am still confused to how simply achieve this use case I want to deploy my GTM as a forwarder for internal queries to my ADs, ADs will still handle all the resolution and return the response to client via GTM. GTM will check the health, load balance etc for client request to AD and provide availability incase any primary AD fail. So do I need to configure anything specific on the GTM apart from SELF IPs, Listeners , Pools ( AD members ). and my understanding is correct regarding the traffic path User -> GTM -> AD and AD -> GTM -> User User will have GTM Listener as DNS server on the client machine. I have 2 GTM, one on Primary and other in DR Two AD servers in primary, one in DR
prober pool Round Robin with multi health monitors and with multi prober pool members
I have a question about The GTM monitors and prober pools: In my case, I have three datacenters, three gtm(one in each DC), and one prober pool, the prober pool include all three GTM, and the prober pool was set to use Round Robin. And two vs, vs1 and vs2 in different DC, each vs was configured two health monitors(each monitor with different porbe interval, eg. vs1's monitors have interval 5s and 7s, vs2's monitors have interval 9s and 11s). so, my questions is, how does the porber pool Round Robin work? Looking forward to your help, thank you.
LTM with DNS - logging query answers DNS_RESPONSE clientside
Hi All We have our DNS services behind LTM VIPs. We have the DNS license and are using DNS_QUERY and DNS_RESPONSE events for logging queries and answers. We are not using Express, BIGIP Bind, nor GTM configurations - straight LB work. Last week I was investigating some optimizations and wanted to add Answer header information, specifically the truncate flag. This will allow us to gather some stats on the amount of UDP to TCP based queries occuring. I added[DNS::headertc] to the log message on DNS_RESPONSE and proceeded to test from a client system using DIG for a test SRV record that exceeded 512bytes using UDP. DIG did the expected things and sent a UDP query, got a response with truncate on, and re-queried with TCP. All good. However, when I looked at the logs,[DNS::headertc] was always returning 0. From network trace, I see client to VIP, SNAT to service, service to SNAT, VIP to client. The client side traffic is as expected - no EDNS0, buffer set to 512bytes, etc. As well the answer in UDP shows the truncate flag set to 1. Further examination showed that while the client had specified no EDNS0, buffer 512bytes, etc., the SNAT to DNS service traffic showed EDNS0 on and buffer of 4096bytes. I asked our F5 account rep if he had any insights and he agreed that DNS_RESPONSE seems to be pulling from server-side. I tried using [clientside {DNS::header tc}] in the logging statement, but got the same results - truncate still shows 0. Questions: 1. Is there a way to tell LTM to respect the client settings for the server side communications? 2. Can I get the client-side info in the DNS_RESPONSE event? Thanks
