Issue setting up dns proxy on LTM

Question

I am having an issue setting up DNS proxy on an LTM. I have added my DNS server to the BIND Forwarder Server List and have started named as well. When I point one of my servers dns requests to the floating IP on the F5 i get the following response back: 
&nbsp;  
&nbsp; nslookup www.whatever.com x.x.x.x (floating ip on the f5) 
&nbsp; Server:         x.x.x.x 
&nbsp; Address:        x.x.x.x53 
&nbsp;  
&nbsp; Non-authoritative answer: 
&nbsp; *** Can't find www.whatever.com: No answer 
&nbsp;  
&nbsp; If I ssh into the f5 and try and resolve the same name to the same dns server I get a successful response as follows: 
&nbsp;  
&nbsp; www.whatever.com     canonical name = whatever.com. 
&nbsp; Name:   whatever.com 
&nbsp; Address: x.x.x.x 
&nbsp;  
&nbsp;  
&nbsp; Any thoughts? 
&nbsp;  
&nbsp; Thanks, 
&nbsp; Bob

the_bhattman · Answer

Hi Bob, 
&nbsp;   Have you looked into the self address of the BIGIP to make sure port lockdown is either set to Allow Default or open for UDP 53? 
&nbsp;  
&nbsp; Hope this helps 
&nbsp; CB 
&nbsp;  &nbsp;

hooleylist · Answer

I ran into this and found the fix is described in SOL5299: 
&nbsp;  
&nbsp; SOL5299: The BIG-IP system does not forward DNS requests after configuring the BIND Forwarder Server List   
&nbsp; https://support.f5.com/kb/en-us/solutions/public/5000/200/sol5299.html 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Issue setting up dns proxy on LTM

2 Replies

Recent Discussions

Advise on setting up IRULE

google autenticator broken barcode

Port Group on F5OS network setting

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

Related Content

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

Regex issue

Proxy SSL unavailable suite (47) issue

F5 TCP Proxy mode

SSL PROXY