Manual Chapter :
Managing DNS
Listeners
Applies To:
Show Versions
BIG-IQ Centralized Management
- 8.3.0, 8.2.0, 8.1.0, 8.0.0, 7.1.0
Managing DNS
Listeners
How do I manage permissions for DNS GSLB
objects?
F5 BIG-IQ Centralized Management makes it
straightforward for you to manage permissions that allow users to view only
the specific DNS GSLB objects you assign to them.
To provide permissions for a specific set of objects, you complete these
tasks.
- Add a custom resource group- In this task, you specify the GSLB objects that you want this user to work with. You create a resource group for each collection of objects that you want to assign to a user.
- Add a custom role- Next, you associate the GSLB Viewer role type with the resource groups that contain the objects you want your delegates to view. For example, if you had a resource group made up of two wide IPs, one namedSeattlePrimeand the other namedSeattleSecond, you might name this roleviewSeattle.
- Add a custom user- Finally, you create a user and assign a custom role to that user. The role gives that user permissions to view the objects that belong to the objects in the resource group. In the current example, you could assign your custom user to theviewSeattlerole to give that user the ability to view the GSLB objects in the two Seattle wide IPs.
For step-by-step guidance on each of these tasks, refer to
How do I give users
customized permissions to specific BIG-IP resources based on their job
responsibilities?
on support.f5.com
.How do I manage a DNS listener in
BIG-IQ?
A
listener
is a specialized virtual
server that passively checks for DNS packets. Usually, the listener checks on port 53 and the IP address you assign to the
listener. When a DNS query is sent to the IP address of the listener, BIG-IP DNS either
handles the request locally, or forwards the request to the appropriate resource.The workflows are very similar for creating a new DNS listener or for changing the settings for a
DNS listener that already reside on devices in a managed sync group. In each
case, there are four tasks to perform.
This figure illustrates the workflow you perform to manage the DNS listeners in
a sync group. Changing the settings or creating the DNS listener is the second step in this
process.
Change DNS listener
workflow
You can view the DNS listeners configured for the DNS sync groups that you
manage by navigating to . Once there, click a listener to edit it, or click
Create
to set up a new one..View GSLB objects
Before you can use a BIG-IQ to manage DNS GSLB objects on a managed device, you must configure at least one Datacenter on that device using the BIG-IP user interface.
When you use F5 BIG-IQ Centralized Management to manage your DNS sync group, you can view the GSLB objects that are defined on devices in the sync group.
- At the top of the screen, clickConfiguration.
- On the left, click , and then select the object type that you want to view.The screen displays a list of the selected object type that are defined on devices managed by this BIG-IQ system. For each object (except iRules, topology records, or topology regions), icons describe the health status and availability.
- To view overview information about a particular object, select the check box for that object.An overview panel and a related items panel display for this object.
- To see a list of related items for a GSLB object:
- Select the check box for that object.
- In the Related Items panel, clickShow.You can view the list of related items; and, for many of the items, you can click a link to view properties for that item.
- To view the general properties for a GSLB object, click the name of that object.The screen displays the properties for the selected object.
Create a DNS listener
Before you create a DNS listener, make sure you have satisfied these prerequisites:
- Create the DNS server this listener will use.
- Create the DNS profile that this listener will use.
- Pin the listener's DNS profile to the device on which you plan to deploy the listener.
- Evaluate and deploy these changes to the sync group on which the listener will reside.
You can configure a listener that alerts BIG-IP DNS to DNS queries destined for a pool of DNS servers. The best practice is to create four listeners: one with an IPv4 address that handles UDP traffic, and one with the same IPv4 address that handles TCP traffic; one with an IPv6 address that handles UDP traffic, and one with the same IPv6 address that handles TCP traffic.
- At the top of the screen, clickConfiguration, then, on the left, click .The screen displays the list of listeners defined on this device.
- ClickCreate.The New Listener screen opens.
- Type aNamefor the DNS listener.
- Select a BIG-IPDeviceon which the DNS listener will run.
- In the Listener area, type the IPAddresson which the BIG-IP system listens for connections.The BIG-IP system receives traffic sent to this IP address and processes it as needed.
- Scroll down to the Service area and select theDNS Profilethat defines how the listener handles DNS traffic.The options are a list of system-supplied and user-defined DNS profiles.
- Specify any additional settings needed to suit the requirements for this listener.Name,Device,Address, andDNS Profileare the only required parameters when you create a listener. The remaining parameters on this screen are optional, and perform the same function as they do when you configure a listener on a BIG-IP device.For details about the purpose or function of a particular setting, refer to the BIG-IP system reference information onsupport.f5.com.
- ClickSave & Close.The system creates the new listener you specified and adds it to the list of listeners.
Changes that you make are
made only to the pending version. The
pending version
serves as a repository for changes you stage before deploying them to the managed device.
Object settings for the pending version are not the same as the object settings on the
actual BIG-IP device until they are deployed or discarded. To make your DNS listener fully ready to use, do the following:
- Create another listener with the same IPv4 address and configuration, but selectTCPfrom theProtocollist.
- Then, create two more listeners, configuring both with the same IPv6 address, but one with the UDP protocol and one with the TCP protocol.
- When you finish specifying the settings for this listener, the next step is to evaluate and then deploy the changes to devices in the sync group.
- When you deploy this listener, the BIG-IP device for which you created these listeners will be able to receive DNS queries, handle wide IP requests, and forward all other DNS queries to members of the pool of DNS servers.
Edit a DNS listener
You can view and modify the properties for
existing DNS listeners. Since you are working with an existing listener, you can modify
only some settings.
- At the top of the screen, clickConfiguration, then, on the left, click .The screen displays the list of listeners defined on this device.
- Click the name of the listener you want to edit.The screen displays the current settings for the selected listener.
- Make the changes to the settings you want to revise and then, when your edits are complete, clickSave & Close.The system updates the listener with the settings you specified.
Changes that you make are
made only to the pending version. The
pending version
serves as a repository for changes you stage before deploying them to the managed device.
Object settings for the pending version are not the same as the object settings on the
actual BIG-IP device until they are deployed or discarded. When you finish revising the settings for
this DNS listener, you need to evaluate and then deploy the changes to devices
in the sync group. Until you deploy the changes stored in the pending version, objects
on the devices in the sync group are not changed.
