Forum Discussion

Emmett_116863's avatar
Emmett_116863
Icon for Nimbostratus rankNimbostratus
Mar 12, 2014
Solved

Use GTM Cluster for internal recursive name resolution

Hi Everyone,

 

I have been trying to set up what I would think would be a fairly normal configuration.

 

I have a pair of F5 GTM's running 11.3 running as authoritative name servers for a few domains we own. That part is working flawlessly. The part that I don't seem to be able to get working is that I would like to be able to point the machine inside my network to the floating INTERNAL IP of the GTM cluster for recursive name resolution for everything (my local domains as well as global).

 

I have tried turning on "recursion" in the named.conf (and restricting it to my local networks with an acl), and I've tried setting up a listener with an internal IP address, and the F5 document, "Replacing a DNS Server with BIG-IP GTM" (http://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-implementations-11-1-0/3.html)...but nothing has worked.

 

It really shouldn't be that hard, right? It seems like it should be a fairly straightforward setup, but I cannot seem to figure it out.

 

Does anyone have any pointers?

 

Thanks in advance!

 

-Emmett

 

BIG-IP DNS
deployment
design
  • Cory_50405's avatar
    Cory_50405
    Mar 12, 2014

    You can assign your listener address to whatever you want from that internal vlan. It doesn't have to be a floating IP address, but it can be. In the DNS profile you attached to your listener, did you enable 'Use BIND Server on BIG-IP'? Since you defined recursion through named, it'll need to be able to use BIND.

     

    If locally issued GTM queries can't recurse out to the Internet, then it could be something is preventing it from getting out, like a firewall.

     

5 Replies

Sort By
  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Mar 12, 2014

    Did you setup a GTM listener on your internal floating IP address and configure it appropriately?

     

  • Emmett_116863's avatar
    Emmett_116863
    Icon for Nimbostratus rankNimbostratus
    Mar 12, 2014

    I did set up a listener on my internal floating IP but apparently didn't configure it appropriately...otherwise it would have worked. :-)

     

    Well...I say that, but...maybe I didn't.

     

    Let me use some (fake) network numbers to help create a better picture:

     

    External Floating IP: 222.222.222.3 Internal Floating IP: 10.10.1.3

     

    I would like to be able to put "nameserver 10.10.1.3" in the /etc/resolv.conf of all my internal machines.

     

    If I create a listener on the 10.10.1 network, will it automatically be associated with the floating IP?

     

    I think I also have other configuration needs to get the GTM to resolve external addresses. If I run "dig www.google.com" when logged onto my active GTM in the cluser, it doesn't resolve.

     

    Like I said...I think it shouldn't be a unique setup.

     

    Thanks for your help.

     

    -Emmett

     

  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Mar 12, 2014

    You can assign your listener address to whatever you want from that internal vlan. It doesn't have to be a floating IP address, but it can be. In the DNS profile you attached to your listener, did you enable 'Use BIND Server on BIG-IP'? Since you defined recursion through named, it'll need to be able to use BIND.

     

    If locally issued GTM queries can't recurse out to the Internet, then it could be something is preventing it from getting out, like a firewall.

     

  • Emmett_116863's avatar
    Emmett_116863
    Icon for Nimbostratus rankNimbostratus
    Mar 13, 2014

    Thanks Cory!

     

    You nailed it ... the firewall was blocking the traffic.

     

    There really doesn't seem to be any consistent answer as to which interface the "cluster" is going to use when sending traffic...sometimes it seems to use the floating IP, sometimes the MGMT IP, sometimes the real EXTERNAL IP on the individual GTM (same goes for our LTMs)...it's a little frustrating sometimes.

     

    Anyway, thanks a ton. :-)

     

    (You wouldn't happen to know about dealing with multiple views, would you?)

     

  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Mar 13, 2014

    We don't use multiple views on our GTMs, so I can't assist there.

     

    The source IP address could depend on the ways in which the device is sending traffic. Since you stood up a virtual server for a DNS listener, I would expect client queries to this virtual server to use a floating IP as it egresses the LTM (assuming SNAT auto map is set on the VS).

     

    TMM should never send queries from clients over the management network.

     

    Queries issued from the device itself (doing a dig from command line for example) would probably use the external self IP (non-floating).