DNS and BigIP LTM

Question

Hello, 
&nbsp;  
&nbsp;  
&nbsp; I have a clustered pair of LTM6400s that manage several pools of web servers for a a series of complex application environments. My network design basically has the web servers in various DMZ's outside the Firewall, and the Data Tier inside. The F5 is defined as the default GW for all web servers.  My DNS server, has to remain on the side because of my customer requirements. I was wondering if there is a way to configure the F5 to act as a DNS server or forwarder for web servers; so I do not have to: 
&nbsp;  
&nbsp; 1) Manage several local host files 
&nbsp; 2) Punch big holes inbound on my Firewall for DNS for all the Web Servers 
&nbsp;  
&nbsp; I am suspecting setting up a DNS server is out of the question, but certainly thinking that DNS forwarder functionality. 
&nbsp;  
&nbsp;  
&nbsp; Thanks 
&nbsp; Greg

the_bhattman · Answer

Hi Greg, 
&nbsp;    Yes when you go to System &gt;&gt; General Properties &gt;&gt; Device &gt;&gt; DNS 
&nbsp;  
&nbsp; There are entry areas for the BIND Forwarder Server List so the LTM can ACT like a DNS proxy.  Thus the servers would point to the floating address or gateway that lives on the F5 for DNS resolution. 
&nbsp;  
&nbsp; Details of the configuration are in the BIGIP Network and System Management Guides on ask.f5.com 
&nbsp;  
&nbsp; Hope this helps 
&nbsp; CB &nbsp;

kris_52344 · Answer

hi CB, 
&nbsp; it helped in my LTM now i am workin with Link Controller. 
&nbsp; is it possible to replace DNS with lc, without GTM module to resolve FQDN for my web-server and webmail server. 
&nbsp; reading theory, i have to use my local DNS for canonical name (i.e. Zone file). 
&nbsp; so is there any way to replace DNS with LC,without GTM module. 
&nbsp;  
&nbsp; Many Thanks, 
&nbsp;    Kris~ &nbsp;

dennypayne · Answer

Hi Kris, 
&nbsp;  
&nbsp; LC can only hand out IP addresses that it hosts, as opposed to GTM which can hand out anything you tell it to. So it depends on whether LC will have a virtual server for your web &amp; webmail services. 
&nbsp;  
&nbsp; Denny

gregt_33960 · Answer

Hey CB, 
&nbsp;  
&nbsp; Thank you for the assistance... Looks like it is working. 
&nbsp;  
&nbsp;  
&nbsp; Greg

kris_52344 · Answer

it seems from your suggestion that, 
&nbsp; LC is not capable for "A" record,it will take help with zone file (C-NAME). 
&nbsp; while GTM can take care of all the things..

Forum Discussion

DNS and BigIP LTM

5 Replies

Recent Discussions

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

Related Content

F5 BIGIP WAF AND F5 DNS

Re: BigIP Report

Timing/CPU info for BigIP DNS WideIP iRules

Using F5 Distributed Cloud DNS Load Balancer health checks and DNS observability

BigIP DNS failover