Manual Chapter :
Replacing a DNS Server with BIG-IP DNS
Applies To:
Show VersionsBIG-IP LTM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
BIG-IP DNS
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Replacing a DNS Server with BIG-IP DNS
Overview: Replacing a DNS server with BIG-IP DNS
BIG-IP
DNS load balances
incoming wide IP traffic to your network resources. BIG-IP DNS can also replace a local
DNS server as the authoritative nameserver for wide IPs, zones, and all other
DNS-related traffic. You can configure BIG-IP DNS to replace the DNS server that
currently manages
www.siterequest.com
. BIG-IP DNS becomes the
authoritative nameserver for www.siterequest.com
and load balances
traffic across the web-based applications store.siterequest.com
and
checkout.siterequest.com
. About
listeners
A
listener
is a specialized virtual server
that passively checks for DNS packets on port 53 and the IP address you assign to the
listener. When a DNS request is sent to the IP address of the listener, the BIG-IP system
either handles the request or forwards the request to the appropriate resource. Configure BIND servers to allow zone transfers
If you are unfamiliar with how to modify BIND server files, review the fifth edition of
DNS and BIND
, available from O’Reilly Media.Typically, BIND servers allow zone transfers to any DNS name server requesting a zone transfer. That is,
named.conf
on a typical BIND server does not contain an allow-transfer statement. However, the BIND server on the BIG-IP system is configured to allow zone transfers to only the localhost. Thus, named.conf
on the BIG-IP system contains this allow-transfer statement: allow-transfer { localhost; } ;
.
When you want to improve the speed of responses to DNS queries you can configure a BIND server to allow zone transfers only to the DNS Express engine on the BIG-IP system. You do this by adding an allow-transfer statement to
named.conf
on the BIND server. Adding an allow-transfer statement to a BIND server actually restricts zone transfers to a specified list of DNS name servers.
- Add to the BIND server an allow-transfer statement that specifies a self IP address on the BIG-IP system.You can modify the following allow-transfer statement to use a self IP address on the BIG-IP system:allow-transfer { localhost; <self IP address from which zone transfer request is sent to the server>; };allow-transfer { localhost; 10.10.10.1 ; };
Performing zone transfers from the legacy DNS server
Ensure that you have configured the legacy DNS server with an allow-transfer
statement that authorizes zone transfers to BIG-IP
DNS.
In order for BIG-IP DNS to perform a zone transfer from the legacy DNS server, create a
new zone.
- On the Main tab, click.The Zone List screen opens.
- ClickCreate.The New Zone screen opens.
- From theView Namelist, select the view that you want this zone to be a member of.The default view isexternal.
- In theZone Namefield, type a name for the zone file in this format, including the trailing dot:db.[viewname].[zonename].For example,db.external.siterequest.com.
- From theZone Typelist, selectMaster.
- From theRecords Creation Methodlist, selectTransfer from Server.
- In the Records Creation area, type the values for the SOA and NS record parameters.
- ClickFinished.
Creating a self IP address using the IP address of the legacy DNS server
To avoid a conflict on your network, unplug BIG-IP
DNS from the network.
When you want BIG-IP DNS to handle DNS traffic previously handled by a DNS server, create
a self IP address on BIG-IP DNS using the IP address of the legacy DNS server.
- On the Main tab, click.
- ClickCreate.The New Self IP screen opens.
- In theNamefield, type a unique name for the self IP address.
- In theIP Addressfield, type the IP address of the legacy DNS server.The system accepts IPv4 and IPv6 addresses.
- In theNetmaskfield, type the network mask for the specified IP address.For example, you can type255.255.255.0.
- ClickFinished.The screen refreshes, and displays the new self IP address.
Designating BIG-IP DNS as the primary server for the zone
Ensure that you have created a self IP address on BIG-IP
DNS using the IP address of the legacy DNS server.
Add this self IP address to the BIG-IP DNS server object, and then modify the DNS server
based on your network configuration.
- On the Main tab, click.The Server List screen opens.
- Click the name of the BIG-IP DNS system that you want to modify.The server settings and values display.
- In the Address List area, add the new self IP address.
- ClickUpdate.
- Do one of the following based on your network configuration:
- Modify the IP address of the legacy DNS server so that it becomes a secondary DNS server to BIG-IP DNS. Ensure that the IP address of the DNS server does not conflict with the self IP address that you added to the BIG-IP DNS server object.If you are using BIND servers, and you are unfamiliar with how to change a DNS server from a primary to a secondary, refer to the fifth edition ofDNS and BIND, available from O’Reilly Media.
- Remove the legacy DNS server from your network.
BIG-IP DNS is now the primary authoritative name server for the zone. The servers
for the zone do not need to be updated, because the IP address of the legacy DNS server
was assigned to BIG-IP DNS.
Creating listeners to alert BIG-IP DNS to DNS traffic destined for the system
To alert the BIG-IP
DNS system to DNS queries (previously handled by the DNS server),
create four listeners: two that use the UDP protocol (one each for an IPv4 address and
IPv6 address), and two that use the TCP protocol (one each for an IPv4 address and IPv6
address).
DNS zone transfers use TCP port
53
.
If you do not configure a listener for TCP the client might receive the error:
connection refused or TCP RSTs.
- On the Main tab, click.The Listeners List screen opens.
- ClickCreate.The Listeners properties screen opens.
- In theNamefield, type a unique name for the listener.
- For the Destination setting, in theAddressfield, type the IP address previously used by the legacy DNS server.
- From theVLAN Trafficlist, selectAll VLANs.
- In the Service area, from theProtocollist, selectUDP.
- ClickFinished.
Create another listener with the same IPv4
address and configuration, but select
TCP
from the
Protocol
list. Then, create two more listeners, configuring
both with the same IPv6 address, but one with the UDP protocol and one with the TCP
protocol.Creating a wide IP for BIG-IP DNS
Ensure that at least one load balancing pool exists in the configuration before you start
creating a wide IP.
Create a wide IP to map an FQDN to one or more pools of virtual servers that host the
content of the domain.
- On the Main tab, click.The Wide IP List screen opens.
- ClickCreate.The New Wide IP List screen opens.
- In the General Properties area, in theNamefield, type a name for the wide IP.You can use two different wildcard characters in the wide IP name: asterisk (*) to represent several characters and question mark (?) to represent a single character. This reduces the number of aliases you have to add to the configuration.
- From theTypelist, select a record type for the wide IP.
- In the Pools area, for thePool Listsetting, select the pools that this wide IP uses for load balancing.The system evaluates the pools based on the wide IP load balancing method configured.
- From thePoollist, select a pool.A pool can belong to more than one wide IP.
- ClickAdd.
- ClickFinished.