DNS LTM adding recommendation
Hello, What is the recommendation in adding GTM and LTM/AWAF devices in multi datacenter More explanation if we have HQ and DR datacenters HQ data center GTM device (One device) LTM/AWAF Device (Pair) DR data center GTM device (One device) LTM/AWAF Device (Pair) shall we add DR LTM/AWAF to HQ GTM by using DR LTM/AWAF self IP reachable through internet or internally? Please highlight pros and cons for each method Why are we think to add DR LTM/AWAF to HQ GTM is to ensure that HQ GTM will see VS on DR LTM/AWAF down when internet link is down in DR If there another way to ensure that by monitoring links please clarify22Views0likes3CommentsBIG-IQ DNS TPS Per Geo Location
Hi, I recently deployed a BIG-IQ, to manage all my F5 LTM and DNS Tenants, I'm reviewing the information shown on the different dashboards of BIG-IQ. On the DNS Dashboard, there is a section named TPS Per Geo Location. For some reason i'm just seeing the world map, but with no data. Does anyone knows how to enable information on this map? regards,18Views0likes0Commentswhat is the requirement about OS version when adding new gtm/dns to gtm sync group?
Hi , we need to replace one old gtm/dns equipment with new one. This gtm is one of gtm sync group. can anyone please advise whether there is any OS version compatibility issue or not. Thanks in advance!Solved19Views0likes2CommentsExternal and Internal DNS on same appliance
Hello F5 experts, Is it possible to somehow logically divide our current F5 DNS F5s so that they have external and internal DNS records without security risks? How it could/couldn't be done, do you have experience with it? Any brainstorming is highly appreciated :) . We have primary BIND servers that delegate a couple of DNS zones to F5s. However, internal services that translate to internal IPs also started to appear, while we want to use GSLB on our 2 data centers, but we clearly do not want these internal IPs to be visible from the Internet. I was thinking about creating a new DNS zone for internal services for which we want to use GSLB and delegate the zone from our primary DNS servers to our F5 DNS, where I would create a new DNS listener (that is, there will be different NS records on primary DNS servers for internal than for external services) on which I would put an ACL only for private IPs. But both the zone and the Wide IPs for internal services will be available on the F5, and I can't create/block it only for a specific listener, as far as I know. Which means that if someone from the Internet directly tries to resolve the internal services and asks the IP addresses of external listeners, F5 will provide them right... At the moment, I have iRule on a Wide IP for the internal services, which only allows private IPs, but I consider this to be only a temporary workaround and we need full solution as internal services will grow.Solved128Views0likes6CommentsSizing for HW and SW based
I am looking for a data for dimensioning for r5800 / 6000 etc where I am deploying DNS+PEM+AFM+URL Filtering + some iRules on ONE rSeries The same witch I am looking for is for VE deployment Where I can find data about such figures I can only find for DNS QPS, but for the rest of the modules can't Are there any exact numbers? How can I combine and calculate this module and see if feet into rSeries and VE HP??38Views0likes1Commentirule for DNS traffic
Hei We have to setup a DNS pointer in F5 for our web. User need to get the IP as per the region they login, if the login IP from Japan , they should get nearest loc IP. Please help to get a valid irule , pls? i tried so much, but nothing working as expected Tomi42Views0likes3CommentsF5 DNS with cPanel Web Hosting Server
Hi, We have a publicly accessible web hosting server backed by cPanel and currently we are using F5 to handle our DNS. The problem that we are facing is when one of our end customer adds a Zone /DNS record INSIDE his cPanel account and everytime we have to manually check and add those records in F5 to make things work. Is there a solution for this?.654Views0likes4CommentsAny way to do DNS loadbalancing without BIG-IP DNS module?
Hi, In our environment we have a number of domain controllers which act as DNS servers for everything internally. Now, we have one specific type of client that is only able to be configured with a single IP address for its DNS server and this causes problems when a DNS server is down for maintenance. We run BIG-IP VE v16.1.4 with LTM, but not DNS, provisioned. I'd like to solve thiswithout provisioning the BIG-IP DNS module in this particular instance, by doing this: 1. Creating a new Stateless VS to receive DNS queries on port 53/udp 2. Assign a UDP protocol profile with "datagram" enabled (so it LBs every single packet) to the VS 3. Create a pool of DNS-servers 4. Create an internal DNS record that will be used to check that a DNS server responds with the correct RR. 5. Assign a "DNS" monitor to the pool and configure it to check service status by sending a DNS query for the RR I created the and seeing if the response is correct. However, the "DNS" monitor puts every server in the DOWN state. By using tcpdump on the BIG-IP VE I can see that the BIG-IP doesnot send any DNS query packets from this monitor to the DNS servers in the pool. I see a lot of other DNS queries from the BIG-IP (the servers in question is also the DNS servers for the BIG-IP). SO - should it even be possible to create a normal LTM pool containing DNS serversand having the BIG-IP monitor the service state of each member using the "DNS" monitor?Solved76Views0likes5CommentsBIG-IP DNS iRule issue with static variable
I am trying to develop an iRule bypassing DNS processing when a DNS request matching a wide ip comes via a specific listener on our BIG-IP DNS. Code is below: when RULE_INIT { set static::ul_ip "10.X.Y.Z" set static::ul_debug true } when DNS_REQUEST priority 100 { if { [IP::addr [IP::local_addr]/32 equals $static::ul_ip]} { DNS::disable all #apparently event disable is no longer accepted? #event disable if { [$static::ul_debug]} { log local0. "DNS Request [DNS::question name] triggered bypass" } } } This rule is meant to be applied to specific wide ip's (for reasons). When this rule is applied and tested, I am seeing the message below in /var/log/gtm: Apr 30 12:06:37 somebigipdns.nope.com err slot1 tmm[18454]: 011a7001:3: TCL error: Rule /Common/ul-bypass-rule <DNS_REQUEST> - can't read "static::ul_ip": no such variable while executing "IP::addr [IP::local_addr]/32 equals $static::ul_ip" I'm completely unclear on why the TCL error is occurring. For bonus points, any idea why 'event disable' isn't working in the DNS_REQUEST event? This message shows up in /var/log/ltm unless 'event disable' is commented out: Apr 30 11:11:27 somebigipdns.nope.com err slot1 mcpd[6981]: 01070151:3: Rule [/Common/ul-bypass-rule] error: /Common/ul-bypass-rule:23: error: [undefined procedure: event][event disable] Thanks in advance for any assistance provided. - RSolved69Views0likes2Comments