Forum Discussion

Nimbostratus

Jun 09, 2014

GTM DNSSEC and dig

In my quest to work with dotgov to get DNSSEC enabled on the GTM (it shouldn't be this hard) the latest thing they are saying is that dig is not returning the DNSKEY records. The command they are us...

BIG-IP DNS

deployment

Cory_50405

Noctilucent

Jun 10, 2014

Did you perform a tcpdump to see if a TCP connection was initiated from dotgov and arrived at your GTM?

We encountered a strange situation in our environment that I want to bring up as a consideration if you have Cisco Nexus switches in your network. We noticed some DNSSEC queries were failing and upon digging into it, we found our Nexus 7k was doing some fragment inspection and dropping the fragments. The command to turn off fragment inspection is 'no hardware ip verify fragment'. You can check if it's enabled by running 'show hardware ip verify'.

Forum Discussion

GTM DNSSEC and dig

Recent Discussions

Find GSLB pool membership from vip IP

Pool Members communication with B-party via F5 VIP

Server 2 causing application slowness

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Related Content

The BIG-IP GTM: Configuring DNSSEC

Enabling DNSSEC for 1 record only

BIG-IP DNS DNSSEC and DKIM

GTM synchronization group

Migrate part of GTM to another GTM