Manual Chapter : Placing BIG-IP DNS in Front of a DNS Server

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 17.0.0, 16.1.5, 16.1.4, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0

BIG-IP DNS

  • 17.0.0, 16.1.5, 16.1.4, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Manual Chapter

Placing BIG-IP DNS in Front of a DNS Server

Overview: Configuring BIG-IP DNS to screen traffic to an existing DNS server

You can use BIG-IP DNS as a traffic screener in front of an existing DNS server. With this setup, all DNS traffic flows through BIG-IP DNS. Listeners that you configure on BIG-IP DNS verify incoming DNS queries. If the query is for a wide IP, BIG-IP DNS resolves the request. If the query is for a destination that does not match a wide IP or for an IP address that is not configured on BIG-IP DNS, the system forwards the query to the specified DNS server for resolution. When forwarding a query, BIG-IP DNS transforms the source address to a self IP address on BIG-IP DNS.
Traffic flow when BIG-IP DNS screens traffic to a DNS server
Traffic flow when BIG-IP DNS screens traffic to a DNS server

About listeners

A
listener
is a specialized virtual server that passively checks for DNS packets on port 53 and the IP address you assign to the listener. When a DNS request is sent to the IP address of the listener, the BIG-IP system either handles the request or forwards the request to the appropriate resource.

About wildcard listeners

A
wildcard listener
is a special listener that is assigned an IP address of
0.0.0.0
and the DNS query port (port 53). When you want BIG-IP DNS to respond to DNS queries coming into your network, regardless of the destination IP address of the given request, you use a wildcard listener.

Placing BIG-IP DNS on your network to forward traffic

Determine to which DNS server you want BIG-IP DNS to forward traffic.
Place BIG-IP DNS on your network between LDNS servers and clients making DNS name resolution requests.
  1. Physically connect BIG-IP DNS to your Internet connection.
  2. Connect the LDNS to an Ethernet port on BIG-IP DNS (optional).
  3. Connect the LDNS to a switch.

Creating listeners to forward traffic to a DNS server

Determine to which DNS server you want the listeners to forward DNS queries.
Create listeners to alert the BIG-IP system to queries destined for a DNS server. Create four wildcard listeners: two that use the UDP protocol (one each for an IPv4 address and IPv6 address), and two that use the TCP protocol (one each for an IPv4 address and IPv6 address).
DNS zone transfers use TCP port
53
. If you do not configure a listener for TCP the client might receive the error:
connection refused or TCP RSTs.
  1. On the Main tab, click
    DNS
    Delivery
    Listeners
    .
    The Listeners List screen opens.
  2. Click
    Create
    .
    The Listeners properties screen opens.
  3. In the
    Name
    field, type a unique name for the listener.
  4. For the Destination setting, in the
    Address
    field, type the IP address on which BIG-IP DNS listens for DNS queries.
    The destination is the IP address of a DNS server to which you want the listeners to route DNS queries.
    The destination must not match a self IP address on BIG-IP DNS.
  5. From the
    VLAN Traffic
    list, select
    All VLANs
    .
  6. In the Service area, from the
    Protocol
    list, select
    UDP
    .
  7. Click
    Finished
    .
Create another listener with the same IPv4 address and configuration, but select
TCP
from the
Protocol
list. Then, create two more listeners, configuring both with the same IPv6 address, but one with the UDP protocol and one with the TCP protocol.

Creating a wide IP for BIG-IP DNS

Ensure that at least one load balancing pool exists in the configuration before you start creating a wide IP.
Create a wide IP to map an FQDN to one or more pools of virtual servers that host the content of the domain.
  1. On the Main tab, click
    DNS
    GSLB
    Wide IPs
    .
    The Wide IP List screen opens.
  2. Click
    Create
    .
    The New Wide IP List screen opens.
  3. In the General Properties area, in the
    Name
    field, type a name for the wide IP.
    You can use two different wildcard characters in the wide IP name: asterisk (*) to represent several characters and question mark (?) to represent a single character. This reduces the number of aliases you have to add to the configuration.
  4. From the
    Type
    list, select a record type for the wide IP.
  5. In the Pools area, for the
    Pool List
    setting, select the pools that this wide IP uses for load balancing.
    The system evaluates the pools based on the wide IP load balancing method configured.
    1. From the
      Pool
      list, select a pool.
      A pool can belong to more than one wide IP.
    2. Click
      Add
      .
  6. Click
    Finished
    .