GTM DNS full integration with Active Directory DNS Insfrastructure

Question

Hi All,&nbsp;
I have viewed various posts regarding LTM DNS but I can't seem to find one that would assist me in attempting this.  We would like to integrate LTM DNS Express with our existing AD DNS infrastructure.  The purpose is to have internal clients resolve external DNS queries with the F5 (setup for caching, dnssec, etc).  DNS express will load it zone transfer from our internal AD Integrated DNS zones.  How can our internal clients update AD DNS (secured zones) when its pointing to the F5 for dns lookup.  My understanding is DNS Express imports DNS zones only.  We are a heavily AD integrated DNS environment.&nbsp;
Another option is to set our internal AD DNS servers to use the F5 as its forwarder for internet lookup.  As part of our security control.  We are syslogging dns queries through the F5 DNS setup.  I think the F5 only sees the internal DNS servers as clients instead of the original clients that made the dns request.  Can someone clarify that for me?&nbsp;
thanks in advance!
vqt411&nbsp;

patricia_gonzal · Answer

Did you ever deploy this solution? One issue I see for using DNS Express for Windows DNS is Dynamic DNS registration.&nbsp;
Referencing this technet article. https://technet.microsoft.com/en-us/library/dd197552(v=ws.10).aspx&nbsp;
"The client processes the SOA query response for its name to determine the IP address of the DNS server authorized as the primary server for accepting its name. It then proceeds to perform the following sequence of steps as needed to contact and dynamically update its primary server."&nbsp;
We compared the SOA response from a Windows AD integrated DNS server and the GTM with DNSExpress configured as a Secondary.&nbsp;
The GTM will only respond with an SOA record of the DNSExpress hidden master for the zone file. This appears to be a single point of failure for dynamic DNS registration.&nbsp;
What affect would this have if you have a large network that spans multiple countries? Maybe not an issue, but just a thought.&nbsp;
If anyone has deployed this successfully, it would be nice to know their experiences.&nbsp;

patricia_gonzal · Answer

It appears the Windows AD DNS does not have a single master. This environment is Mutli Master and very interesting. It would be a nice feature to allow a backup/secondary server for zone transfer in the event the primary fails. (Eliminate single point of failure.)

Forum Discussion

GTM DNS full integration with Active Directory DNS Insfrastructure

2 Replies

Recent Discussions

google autenticator broken barcode

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Related Content

Azure Active Directory and BIG-IP APM Integration

Making Mobile SDK Integration Ridiculously Easy with F5 XC Mobile SDK Integrator

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

Re: Azure Active Directory and BIG-IP APM Integration with PeopleSoft using Easy Button (Introduced

Azure Active Directory and BIG-IP APM Integration with PeopleSoft