F5 DNS with cPanel Web Hosting Server
Hi, We have a publicly accessible web hosting server backed by cPanel and currently we are using F5 to handle our DNS. The problem that we are facing is when one of our end customer adds a Zone /DNS record INSIDE his cPanel account and everytime we have to manually check and add those records in F5 to make things work. Is there a solution for this?.643Views0likes4CommentsAny way to do DNS loadbalancing without BIG-IP DNS module?
Hi, In our environment we have a number of domain controllers which act as DNS servers for everything internally. Now, we have one specific type of client that is only able to be configured with a single IP address for its DNS server and this causes problems when a DNS server is down for maintenance. We run BIG-IP VE v16.1.4 with LTM, but not DNS, provisioned. I'd like to solve thiswithout provisioning the BIG-IP DNS module in this particular instance, by doing this: 1. Creating a new Stateless VS to receive DNS queries on port 53/udp 2. Assign a UDP protocol profile with "datagram" enabled (so it LBs every single packet) to the VS 3. Create a pool of DNS-servers 4. Create an internal DNS record that will be used to check that a DNS server responds with the correct RR. 5. Assign a "DNS" monitor to the pool and configure it to check service status by sending a DNS query for the RR I created the and seeing if the response is correct. However, the "DNS" monitor puts every server in the DOWN state. By using tcpdump on the BIG-IP VE I can see that the BIG-IP doesnot send any DNS query packets from this monitor to the DNS servers in the pool. I see a lot of other DNS queries from the BIG-IP (the servers in question is also the DNS servers for the BIG-IP). SO - should it even be possible to create a normal LTM pool containing DNS serversand having the BIG-IP monitor the service state of each member using the "DNS" monitor?Solved55Views0likes5CommentsBIG-IP DNS iRule issue with static variable
I am trying to develop an iRule bypassing DNS processing when a DNS request matching a wide ip comes via a specific listener on our BIG-IP DNS. Code is below: when RULE_INIT { set static::ul_ip "10.X.Y.Z" set static::ul_debug true } when DNS_REQUEST priority 100 { if { [IP::addr [IP::local_addr]/32 equals $static::ul_ip]} { DNS::disable all #apparently event disable is no longer accepted? #event disable if { [$static::ul_debug]} { log local0. "DNS Request [DNS::question name] triggered bypass" } } } This rule is meant to be applied to specific wide ip's (for reasons). When this rule is applied and tested, I am seeing the message below in /var/log/gtm: Apr 30 12:06:37 somebigipdns.nope.com err slot1 tmm[18454]: 011a7001:3: TCL error: Rule /Common/ul-bypass-rule <DNS_REQUEST> - can't read "static::ul_ip": no such variable while executing "IP::addr [IP::local_addr]/32 equals $static::ul_ip" I'm completely unclear on why the TCL error is occurring. For bonus points, any idea why 'event disable' isn't working in the DNS_REQUEST event? This message shows up in /var/log/ltm unless 'event disable' is commented out: Apr 30 11:11:27 somebigipdns.nope.com err slot1 mcpd[6981]: 01070151:3: Rule [/Common/ul-bypass-rule] error: /Common/ul-bypass-rule:23: error: [undefined procedure: event][event disable] Thanks in advance for any assistance provided. - R49Views0likes3CommentsNIC on Server points Default Gateway to Big-IP's Self IP and does not see domain.
I have a load balancing situation that requires a strange setup for me. The Nodes that the VIP points to are Windows servers and they require a nic that has the default gateway point back to the Self IP of the Big-IP. The issue is the Network Location Awareness is seeing the network as a public network instead of a domain network. I am unsure of how-to setup the Bio-IP to make the server see the domain. The link below is a PDF with the instructions for the setup. Direct Link to pdf. https://www.kofaxdemocenter.com/IManager/Download/886/71293/17858/2017725/EN/17858_2017725_Jfij_03841bv1.TechTips_F5_DNAT_AutoStore_PCC5.1.pdf The website the pdf is located. High Availability using Network Load Balancers (kofaxdemocenter.com) All servers and clients are internal and on the same domain. All other VIPs work correctly. The Self IP and the servers are on the same VLAN.54Views0likes0CommentsGTM as a Forwarder to multiple ADs
Hi I have gone through the community articles and F5 docs as well before posting this question. There are some information related to this query but I am still confused to how simply achieve this use case I want to deploy my GTM as a forwarder for internal queries to my ADs, ADs will still handle all the resolution and return the response to client via GTM. GTM will check the health, load balance etc for client request to AD and provide availability incase any primary AD fail. So do I need to configure anything specific on the GTM apart from SELF IPs, Listeners , Pools ( AD members ). and my understanding is correct regarding the traffic path User -> GTM -> AD and AD -> GTM -> User User will have GTM Listener as DNS server on the client machine. I have 2 GTM, one on Primary and other in DR Two AD servers in primary, one in DR40Views0likes1Commentprober pool Round Robin with multi health monitors and with multi prober pool members
I have a question about The GTM monitors and prober pools: In my case, I have three datacenters, three gtm(one in each DC), and one prober pool, the prober pool include all three GTM, and the prober pool was set to use Round Robin. And two vs, vs1 and vs2 in different DC, each vs was configured two health monitors(each monitor with different porbe interval, eg. vs1's monitors have interval 5s and 7s, vs2's monitors have interval 9s and 11s). so, my questions is, how does the porber pool Round Robin work? Looking forward to your help, thank you.285Views0likes2CommentsLTM with DNS - logging query answers DNS_RESPONSE clientside
Hi All We have our DNS services behind LTM VIPs. We have the DNS license and are using DNS_QUERY and DNS_RESPONSE events for logging queries and answers. We are not using Express, BIGIP Bind, nor GTM configurations - straight LB work. Last week I was investigating some optimizations and wanted to add Answer header information, specifically the truncate flag. This will allow us to gather some stats on the amount of UDP to TCP based queries occuring. I added[DNS::headertc] to the log message on DNS_RESPONSE and proceeded to test from a client system using DIG for a test SRV record that exceeded 512bytes using UDP. DIG did the expected things and sent a UDP query, got a response with truncate on, and re-queried with TCP. All good. However, when I looked at the logs,[DNS::headertc] was always returning 0. From network trace, I see client to VIP, SNAT to service, service to SNAT, VIP to client. The client side traffic is as expected - no EDNS0, buffer set to 512bytes, etc. As well the answer in UDP shows the truncate flag set to 1. Further examination showed that while the client had specified no EDNS0, buffer 512bytes, etc., the SNAT to DNS service traffic showed EDNS0 on and buffer of 4096bytes. I asked our F5 account rep if he had any insights and he agreed that DNS_RESPONSE seems to be pulling from server-side. I tried using [clientside {DNS::header tc}] in the logging statement, but got the same results - truncate still shows 0. Questions: 1. Is there a way to tell LTM to respect the client settings for the server side communications? 2. Can I get the client-side info in the DNS_RESPONSE event? Thanks544Views0likes6CommentsLogs for local-db-publisher
We are running the DNS module on a dedicated box. We have DNS log publisher set to the "local-db-publisher" - however, we are not certain where these logs are located. DNS log queries and log responses are both enabled. I have found some articles that mention that the logs can be found in /var/log/gtm and some that state they are found in /var/log/ltm but the queries and responses are nowhere to be found. Suggestions?Solved843Views0likes6CommentsTiming/CPU info for BigIP DNS WideIP iRules
I just realized yesterday (or put better, one of my students pointed it out to me...) that BigIP DNS doesn't seem to hold timing information on the execution of iRules. For LTM, this ("show ltm rule <irule name>") is a great way of seeing roughly how much CPU power is required per iRule, and if there's any optimization that can be done, (https://clouddocs.f5.com/api/irules/timing.html). For BigIP DNS iRules though, and specifically the iRules under the Wide IP configuration, this doesn't seem to be recorded. "show gtm rule <irule name>" show the number of executions, but not the timing info. I've tried to lookup any information about this, or a clear statement that this does not NOT happen, but no luck so far. So, does anyone know if this information is available and I'm just looking in the wrong place, or if there's any reason why this isn't recorded? And if not, is there another way in which this information can be obtained? Thanks!Solved741Views0likes5Comments