Forum Discussion

John_Heyer_1508's avatar
John_Heyer_1508
Icon for Cirrostratus rankCirrostratus
Dec 11, 2014

GTM: SERVFAIL when looking up Internet hostnames

I need our GTMs to be able to resolve Internet hostnames. I've followed all the required steps, such as setting up '.' has a hint zone, downloading the named.root file, enabling recursion, and even rebooting. But no joy. It seems to be refusing the queries.

The internal listener is working fine and resolving internal hostnames:

$ nslookup   192.168.10.10
Server:     192.168.10.10
Address:    192.168.10.1053

Name:   
Address: 192.168.100.200

But for general internet hostnames I always see a SERVFAIL

$ nslookup   192.168.10.10
Server:     192.168.10.10
Address:    192.168.10.1053

** server can't find  SERVFAIL

Tcpdump shows the query is making it to the GTM, but being immediately rejected:

11:14:22.580698 IP 192.168.10.101.46457 > 192.168.10.10.domain:  64230+ A?  (32)
11:14:22.581140 IP 192.168.10.10.domain > 192.168.10.101.46457:  64230 ServFail 0/0/0 (32)

4 Replies

  • That's an interesting approach. Never see this recommended by F5 but something I'll consider. DNS express should offer better performance vs. the standard BIND backend.

    Anyway, I was able to figure out the problem - I needed to have an "allow-recursion" statement in the configuration. This can be done in the options of the named.conf file, or within the applicable view, i.e.

    options {
        recursion yes;
    }
    acl "rfc_1918" {
        10.0.0.0/8;
        172.16.0.0/12;
        192.168.0.0/16;
    };
    view "internal" {
        allow-recursion {
            "rfc_1918";
        };
    };