Forum Discussion

mahir's avatar
mahir
Icon for Altostratus rankAltostratus
Feb 20, 2020

Resolution Using a DNS Resolver Cache

I would like to configure my DNS box as a resolver. I have applied all the steps as described in the following link

https://devcentral.f5.com/s/articles/configuring-the-f5-big-ip-to-perform-name-resolution-using-a-dns-resolver-cache-32688

except that I noticed that the GTM uses other public IP which I have not configured in the Root hits part knowing that I have specified two external public IPs that the GTM must consult to resolve. is there a way to tell the GTM does the resolution only from these two IP XXXXX YYYYY

5 Replies

  • NAG's avatar
    NAG
    Icon for Cirrostratus rankCirrostratus

    Hi Mahir,

     

    Private Root Hint server IPs are configured when the network is completely isolated from public networks. For example, Military networks,classified networks etc.

     

    For the networks connected to Public internet, there is no need for defining private root hint servers as public root hint servers do the job pretty well.

     

    Here are the list of default Root Hint servers:

    https://www.iana.org/domains/root/servers

     

    Based on your problem description, I think, the DNS resolver you are building is not for air-gap or classified networks which are disjointed from public internet.

     

    If that is true, you need not configure root hint servers and leave it blank so it uses public root servers as it should.

     

    Moreover, when you query for a public domain name, and network is connected to public internet in any way, you can only get a Authoritative answer from a public source(IP) .

     

    Let me know if it is not clear enough.

     

    Regards,

    Nag

  • Hello NAG

     

    thank you for your help and support. is there a way to configure my DNS resolver to use just one public ip for example 8.8.8.8 to respond to internal DNS queries.

     

     

    today even if I configure my forwarded zone with 8.8.8.8 I still see that my GTM uses public root IP

     

    best regards

    Mahir

     

     

     

  • NAG's avatar
    NAG
    Icon for Cirrostratus rankCirrostratus

    Hi,

     

    On DNS Profile, 

     

    Unhandled Query Actions :: allow

    Use BIND Server on BIG-IP :: Disabled

    Process Recursion Desired :: Disabled

     

    Hope this helps,

    Nag

  • To configure the GTM (Global Traffic Manager) to perform name resolution using specific external public IPs, you can follow these steps:

    1. Log in to the GTM configuration utility.
    2. Go to the "DNS" section and select "DNS Resolver".
    3. Under "Name Server Configuration," you should see a list of configured DNS servers.
    4. Edit the existing DNS server or create a new one if needed.
    5. In the "Root Hints" section, you'll find a list of IP addresses for root DNS servers. Remove any IP addresses that you don't want the GTM to use for resolution.
    6. Add your desired external public IPs (XXXXX and YYYYY) to the "Root Hints" section. Make sure to follow the correct format (IP address/32).
    7. Save the configuration changes.

    By modifying the "Root Hints" section and removing unwanted IP addresses while adding your desired external public IPs, you can ensure that the GTM only consults the specified IPs for name resolution.

    Please note that the exact steps and terminology may vary depending on the version of the F5 BIG-IP software you are using. It's always a good practice to consult the official documentation or seek assistance from F5 Networks or their support community for specific instructions related to your GTM version.

    Regard & Support By https://insidertricks.net/how-to-make-smoker-in-minecraft/