DNS Query Flow

Hi Everyone,

I have a small query realted to DNS query and how GTM works.

I have GTM configured with 2 ISP links and acts as DNS. Now i need to know the following

1) A client makes a query for www.company.com , the LDNS of the client does not have the IP for this domain so it will perform the DNS process.

2) After receiving the reply from the GTM the client LDNS will save the IP of www.company.com i.e. it will be cashed. Lets say this IP is from ISP1.

3) Another client makes a request via the same LDNS for www.company.com so the LDNS will return the cashed IP of company.com .

4) Now if the 3rd user comes and queries for the same domain and the LDNS returns the same cashed IP Address, but at this moment ISP1 link goes down so the website will become unavaliable to this 3rd user.

5) What will happen during this situation.

Do I have any mis understanding in this explanation.

Regards,

config

design

19 Replies

Techgeeeg
Nimbostratus
Aug 10, 2015
Hi Cory,

I missed out your above reply... i do agree with you that DNS doesn't really have much impact on my situation but the main reason to use GTM as a DNS over the Generic DNS (BIND, MS DNS) is that it monitors the availability of ISP links and based on that it provides the IP address of the active link. That is the reason I am concerned about tweaking the configuration and minimizing the TTL to avoid a situation where the user tries to connect to the IP of the unavailable link or else i set the GTM to reply back with all the possible IP addresses.

Regards,
Techgeeeg
Nimbostratus
Aug 16, 2015
Hi Gregory,

Thanks man appreciate your response.... just one point... I know the DNS express tab appears in LTM but I believe unless the box is license for GTM this feature won't work, correct me if I am wrong. Also I need to further understand your point when you say " implementing only the GTM module can already help you protect against DDoS attacks" two points comes to my mind.

The no. of queries that the GTM can answer per second is very huge so in order to bring down this box the setup (attack) that may generate very huge amount of query is not easy to setup.

On GTM we can configure iRules to accept or block certain types of queries so that is one of the ways to enable protection.

What are more features that the GTM can offer that I have missed can you pls highlight.

Regards,
- Gregory_Thiell
  Employee
  Aug 21, 2015
  As I said, DNS Express is a GTM feature that is also available with LTM. To my knowledge, it should work even if GTM is not licensed nor provisioned. However, to make sure you can confirm with sales and with what is displayed under System > License. As for the features of GTM, you can start here: https://www.f5.com/pdf/products/big-ip-global-traffic-manager-overview.pdf If you have more questions, I encourage you to talk to an F5 sales rep. I'm just a consultant. :)
Techgeeeg_28888
Nimbostratus
Aug 16, 2015
Hi Gregory,

Thanks man appreciate your response.... just one point... I know the DNS express tab appears in LTM but I believe unless the box is license for GTM this feature won't work, correct me if I am wrong. Also I need to further understand your point when you say " implementing only the GTM module can already help you protect against DDoS attacks" two points comes to my mind.

The no. of queries that the GTM can answer per second is very huge so in order to bring down this box the setup (attack) that may generate very huge amount of query is not easy to setup.

On GTM we can configure iRules to accept or block certain types of queries so that is one of the ways to enable protection.

What are more features that the GTM can offer that I have missed can you pls highlight.

Regards,
- Gregory_Thiell
  Employee
  Aug 21, 2015
  As I said, DNS Express is a GTM feature that is also available with LTM. To my knowledge, it should work even if GTM is not licensed nor provisioned. However, to make sure you can confirm with sales and with what is displayed under System > License. As for the features of GTM, you can start here: https://www.f5.com/pdf/products/big-ip-global-traffic-manager-overview.pdf If you have more questions, I encourage you to talk to an F5 sales rep. I'm just a consultant. :)

Forum Discussion

DNS Query Flow

19 Replies

Recent Discussions

health monitor source IP address

Uri-based client cert authentication question

Wildcard SSL Certificate Deployment on F5 LTM

help irules for compatibilty

Grant access to users from F5 APM based on okta user group

Related Content

BIG IP DNS - Queries Per Second

BIG-IP Advanced Firewall Manager (AFM) DNS NXDOMAIN Query Attack Type Walkthrough - part two

BIG-IP Advanced Firewall Manager (AFM) DNS NXDOMAIN Query Attack Type Walkthrough

UDP DNS listener doesn't resolve DNS query but TCP DNS listener can

Behavior of outbound DNS query from LTM behavior