Manual Chapter : Replacing a DNS Server with BIG-IP DNS

Applies To:

Show Versions Show Versions

BIG-IP DNS

  • 13.0.1, 13.0.0
Manual Chapter

Overview: Replacing a DNS server with BIG-IP DNS

BIG-IP® DNS load balances incoming wide IP traffic to your network resources. BIG-IP DNS can also replace a local DNS server as the authoritative nameserver for wide IPs, zones, and all other DNS-related traffic. You can configure BIG-IP DNS to replace the DNS server that currently manages www.siterequest.com. BIG-IP DNS becomes the authoritative nameserver for www.siterequest.com and load balances traffic across the web-based applications store.siterequest.com and checkout.siterequest.com.
Traffic flow when BIG-IP DNS replaces DNS server

Traffic flow when BIG-IP DNS replaces DNS server

About listeners

A listener is a specialized virtual server that passively checks for DNS packets on port 53 and the IP address you assign to the listener. When a DNS query is sent to the IP address of the listener, BIG-IP DNS either handles the request locally or forwards the request to the appropriate resource.

Task summary

Perform these tasks to replace a DNS server with BIG-IP DNS.

Configuring BIND servers to allow zone transfers

If you are unfamiliar with how to modify DNS server files, review the fifth edition of DNS and BIND, available from O’Reilly Media.
Typically, BIND servers allow zone transfers to any DNS nameserver requesting a zone transfer. That is, named.conf on a typical BIND server does not contain an allow-transfer statement. However, the BIND server on the BIG-IP® system is configured to allow zone transfers to only the localhost. Thus, named.conf on the BIG-IP system contains this allow-transfer statement: allow-transfer { localhost; } ;.

When you want to improve the speed of responses to DNS queries you can configure a BIND server to allow zone transfers only to the DNS Express™ engine on the BIG-IP system. You do this by adding an allow-transfer statement to named.conf on the BIND server.

Note: Adding an allow-transfer statement to a BIND server actually restricts zone transfers to a specified list of DNS nameservers.
Add to the BIND server an allow-transfer statement that specifies a self IP address on the BIG-IP system.
You can modify the following allow-transfer statement to use a self IP address on the BIG-IP system:
allow-transfer { 
        localhost; <self IP address from which zone transfer request is sent to the server>;
    }; 
allow-transfer { localhost; 10.10.10.1 ; };

Performing zone transfers from the legacy DNS server

Ensure that you have configured the legacy DNS server with an allow-transfer statement that authorizes zone transfers to BIG-IP® DNS.
In order for BIG-IP DNS to perform a zone transfer from the legacy DNS server, create a new zone.
  1. On the Main tab, click DNS > Zones > ZoneRunner > Zone List .
    The Zone List screen opens.
  2. Click Create.
    The New Zone screen opens.
  3. From the View Name list, select the view that you want this zone to be a member of.
    The default view is external.
  4. In the Zone Name field, type a name for the zone file in this format, including the trailing dot: db.[viewname].[zonename].
    For example, db.external.siterequest.com.
  5. From the Zone Type list, select Master.
  6. From the Records Creation Method list, select Transfer from Server.
  7. In the Records Creation area, type the values for the SOA and NS record parameters.
  8. Click Finished.

Creating a self IP address using the IP address of the legacy DNS server

To avoid a conflict on your network, unplug BIG-IP® DNS from the network.
When you want BIG-IP DNS to handle DNS traffic previously handled by a DNS server, create a self IP address on BIG-IP DNS using the IP address of the legacy DNS server.
  1. On the Main tab, click Network > Self IPs .
  2. Click Create.
    The New Self IP screen opens.
  3. In the Name field, type a unique name for the self IP address.
  4. In the IP Address field, type the IP address of the legacy DNS server.
    The system accepts IPv4 and IPv6 addresses.
  5. In the Netmask field, type the network mask for the specified IP address.

    For example, you can type 255.255.255.0.

  6. Click Finished.
    The screen refreshes, and displays the new self IP address.

Designating BIG-IP DNS as the primary server for the zone

Ensure that you have created a self IP address on BIG-IP® DNS using the IP address of the legacy DNS server.
Add this self IP address to the BIG-IP DNS server object, and then modify the DNS server based on your network configuration.
  1. On the Main tab, click DNS > GSLB > Servers .
    The Server List screen opens.
  2. Click the name of the BIG-IP DNS system that you want to modify.
    The server settings and values display.
  3. In the Address List area, add the new self IP address.
  4. Click Update.
  5. Do one of the following based on your network configuration:
    • Modify the IP address of the legacy DNS server so that it becomes a secondary DNS server to BIG-IP DNS. Ensure that the IP address of the DNS server does not conflict with the self IP address that you added to the BIG-IP DNS server object.
      Note: If you are using BIND servers, and you are unfamiliar with how to change a DNS server from a primary to a secondary, refer to the fifth edition of DNS and BIND, available from O’Reilly Media.
    • Remove the legacy DNS server from your network.
BIG-IP DNS is now the primary authoritative name server for the zone. The servers for the zone do not need to be updated, because the IP address of the legacy DNS server was assigned to BIG-IP DNS.

Creating listeners to alert BIG-IP DNS to DNS traffic destined for the system

To alert the BIG-IP® DNS system to DNS queries (previously handled by the DNS server), create four listeners: two that use the UDP protocol (one each for an IPv4 address and IPv6 address), and two that use the TCP protocol (one each for an IPv4 address and IPv6 address).
Note: DNS zone transfers use TCP port 53. If you do not configure a listener for TCP the client might receive the error: connection refused or TCP RSTs.
  1. On the Main tab, click DNS > Delivery > Listeners .
    The Listeners List screen opens.
  2. Click Create.
    The Listeners properties screen opens.
  3. In the Name field, type a unique name for the listener.
  4. For the Destination setting, in the Address field, type the IP address previously used by the legacy DNS server.
  5. From the VLAN Traffic list, select All VLANs.
  6. In the Service area, from the Protocol list, select UDP.
  7. Click Finished.
Create another listener with the same IPv4 address and configuration, but select TCP from the Protocol list. Then, create two more listeners, configuring both with the same IPv6 address, but one with the UDP protocol and one with the TCP protocol.

Creating a wide IP for BIG-IP DNS

Ensure that at least one load balancing pool exists in the configuration before you start creating a wide IP.
Create a wide IP to map an FQDN to one or more pools of virtual servers that host the content of the domain.
  1. On the Main tab, click DNS > GSLB > Wide IPs .
    The Wide IP List screen opens.
  2. Click Create.
    The New Wide IP List screen opens.
  3. In the General Properties area, in the Name field, type a name for the wide IP.
    Tip: You can use two different wildcard characters in the wide IP name: asterisk (*) to represent several characters and question mark (?) to represent a single character. This reduces the number of aliases you have to add to the configuration.
  4. From the Type list, select a record type for the wide IP.
  5. In the Pools area, for the Pool List setting, select the pools that this wide IP uses for load balancing.
    The system evaluates the pools based on the wide IP load balancing method configured.
    1. From the Pool list, select a pool.
      A pool can belong to more than one wide IP.
    2. Click Add.
  6. Click Finished.

Implementation result

BIG-IP® DNS replaces the legacy DNS server as the primary authoritative name server for the zone. BIG-IP DNS handles all incoming DNS traffic, whether destined for a wide IP or handled by the BIND instance on the system.