DNS failover

Question

Hi all,&nbsp;
Can someone advice please if it's possible to monitor a VPN line from GTM, and respond to a DNS query based on the line status?&nbsp;
For example client uses 2 VPN lines (primary to DC1 and secondary to DC2) and has a zone forwarder for a domain hosted on my GTMs.
Unfortunately it is not easy to setup zone forwarder to use the primary DNS by default, and secondary only in case of a failure. The DNS server uses round-robin instead. Let's assume it is not possible to re-configure the DNS server to use a different load-balancing algorithm at all. 
If that's the case then I have 2 choices:&nbsp;

Currently I have setup DC1 and DC2 in the way where all members of all pools have the same order. This will ensure that even if the client's server sends request to DC2, GTM will respond with IP address of the DC1. Business requirement is met, but this is not good solution in case of the primary VPN goes down.

Monitor DC1 line and response with a DC2 IP (from DC2 GTM) if the primary line is down.&nbsp;

Does anyone have similar problem? Is it possible to control this by an iRule?&nbsp;
Regards
Mariusz&nbsp;

mohamed_lrhazi · Answer

Can you clarify what this means:
 has a zone forwarder for a domain hosted on my GTMs.&nbsp;

mariusz_b · Answer

Hi Mohamed,&nbsp;
I have a domain example.com hosted on my GTMs primary one with IP 1.1.1.1 and secondary with 2.2.2.2
Client has a local DNS which says something like:&nbsp;
zone "example.com" {
    type forward;
    forward only;
    forwarders { 1.1.1.1; 2.2.2.2; };&nbsp;
There is no way to say:
 forwarders {primary 1.1.1.1; secondary 2.2.2.2} &nbsp;

mohamed_lrhazi · Answer

OK. and the zones are hosted means they are in GTM's BIND/ZoneRunner, and in the profile applied to the listeren/VIP you are saying use local BIND? and then what you are thinking about is applying an irule to the VIP, to reject all requests for the zone, if the corresponding DC is unreachable?

If this all correct, then what you are missing is just: how do I create a pool/monitor, than can monitor reachability to remote DC?

mariusz_b · Answer

Hi Mohamed,

This is more less what I am trying to achieve, here. I need to monitor reachability and  answer queries based on that.

Forum Discussion

DNS failover

4 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Using Distributed Cloud DNS Load Balancer with Geo-Proximity and failover scenarios

BigIP DNS failover

Using F5 Distributed Cloud DNS Load Balancer health checks and DNS observability

Configuring AWS HA Failover Across AZs Without EIPs Using F5 Cloud Failover Extension (CFE)

Logging of DNS Requests and Responses without a DNS license