Can't get recursive client DNS queries working on BigIP DNS 13.1.8

Question

I am trying to setup Bigip DNS instances that will be secondary authoritative for all of our internal zones. I have zone transfers working correctly between our internal Microsoft DNS servers directly to DNS Express running on the BigIP DNS. I am not using Zone Runner. The BigIP DNS instances are answering queries just fine for defined zones that were transferred into DNS Express but I can't seem to get recursive lookups to work at all. I have read multiple threads that seem to point to needing to have cache enabled and then define a forwarder. I have tried this but still can't seem to get it to work. Does anyone have any suggestions or a document that I can follow that will clearly lay out this configuration? One final note that may or may not be relevant but I am deploying AnyCast for my Listener(s). I have this piece working just fine via OSPF peering to my routing core.

surgeon · Answer

What do you mean "recursive lookups" in your case and how do you see it should work?&nbsp;

jackrodriguez · Answer

My understanding (not a DNS expert) is that I should be able to have the BigIp DNS be the main resolver for all of my internal clients. The BigIP DNS with DNS Express enabled will resolve queries for all of my corporate internal DNS zones. If a internal client requests DNS resolution for a zone that we don't host internally. ie. "google.com" I would assume that the BigIP DNS would need to send that request to a forwarder for an external lookup. I always thought this was called recursion or recursive lookup. I might have my terms mixed up but regardless, I am just trying to get my BigIP DNS boxes to forward those requests to the internal DNS servers for external resolution. Hope I explained it ok. Thanks in advance.

nathe · Answer

Jack,&nbsp;
DNS has an order of flow, depending on whether the inbound DNS request matches DNS irules, WideIPs or DNS express. You should be able to achieve what you desire by configuring the DNS Profile and assigning a pool of your internal DNS servers. This way any request not handled by DNS Express will be forwarded on.&nbsp;
See Overview of DNS query processing on BIG-IP systems and Overview of DNS Profile&nbsp;
These should help.&nbsp;
N&nbsp;

Forum Discussion

Can't get recursive client DNS queries working on BigIP DNS 13.1.8

3 Replies

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

Pool downtime query

iRule Processing query

iRuleLX Solution for OAUTH JWT authenticated Salesforce Query

BIG IP DNS - Queries Per Second

BIG-IP Advanced Firewall Manager (AFM) DNS NXDOMAIN Query Attack Type Walkthrough - part two