Manual Chapter : Delegating DNS Traffic to BIG-IP DNS

Applies To:

Show Versions Show Versions

BIG-IP DNS

  • 13.1.1, 13.1.0
Manual Chapter

Overview: Delegating DNS traffic to wide IPs on BIG-IP DNS

BIG-IP® DNS resolves DNS queries that match a wide IP name. BIG-IP DNS can work in conjunction with an existing DNS server on your network. In this situation, you configure the DNS server to delegate wide IP-related requests to BIG-IP DNS for name resolution.

Traffic flow when DNS server delegates traffic to BIG-IP DNS

Traffic flow when DNS server delegates traffic to BIG-IP DNS

This implementation focuses on the fictional company SiteRequest that recently purchased BIG-IP DNS to help resolve queries for two web-based applications: store.siterequest.com and checkout.siterequest.com. These applications are delegated zones of www.siterequest.com. Currently, a DNS server manages www.siterequest.com.

SiteRequest administrators have already configured BIG-IP DNS with two wide IPs, store.wip.siterequest.com and checkout.wip.siterequest.com. These wide IPs correspond to the two web applications.

About listeners

A listener is a specialized virtual server that passively checks for DNS packets on port 53 and the IP address you assign to the listener. When a DNS query is sent to the IP address of the listener, BIG-IP DNS either handles the request locally or forwards the request to the appropriate resource.

Task summary

Perform these tasks to delegate DNS traffic to wide IPs on BIG-IP DNS.

Creating a delegated zone on a local DNS server

Determine which DNS servers will delegate wide IP-related requests to BIG-IP® DNS.

If you are using BIND servers and you are unfamiliar with how to modify the files on these servers, consider reviewing the fifth edition of DNS and BIND, available from O’Reilly Media.

In order for BIG-IP DNS to manage the web applications of store.siterequest.com and checkout.siterequest.com, you must create a delegated zone on the DNS server that manages www.siterequest.com. Perform the following steps on the selected DNS server.
  1. Create an address record (A record) that defines the domain name and IP address of each BIG-IP DNS in your network.
  2. Create a nameserver record (NS record) that defines the delegated zone for which BIG-IP DNS is responsible.
  3. Create canonical name records (CNAME records) for each web application, which forwards requests to store.siterequest.com and checkout.siterequest.com to the wide IP addresses of store.wip.siterequest.com and checkout.wip.siterequest.com, respectively.

Creating listeners to handle traffic for wide IPs

Determine the self IP address on which you want BIG-IP® DNS to listen for DNS queries for the wide IPs configured on the system.
Create listeners that identify the wide IP traffic for which BIG-IP DNS is responsible. Create four listeners: two that use the UDP protocol (one each for an IPv4 address and IPv6 address), and two that use the TCP protocol (one each for an IPv4 address and IPv6 address).
Note: DNS zone transfers use TCP port 53. If you do not configure a listener for TCP the client might receive the error: connection refused or TCP RSTs.
  1. On the Main tab, click DNS > Delivery > Listeners .
    The Listeners List screen opens.
  2. Click Create.
    The Listeners properties screen opens.
  3. In the Name field, type a unique name for the listener.
  4. For the Destination setting, in the Address field, type the IP address on which BIG-IP DNS listens for network traffic.
    The destination is a self IP address on BIG-IP DNS.
  5. From the VLAN Traffic list, select All VLANs.
  6. In the Service area, from the Protocol list, select UDP.
  7. Click Repeat.
Create another listener with the same IPv4 address and configuration, but select TCP from the Protocol list. Then, create two more listeners, configuring both with the same IPv6 address, but one with the UDP protocol and one with the TCP protocol.

Implementation result

You now have an implementation of BIG-IP® DNS in which the DNS server manages DNS traffic unless the query is for store.sitrequest.com or checkout.siterequest.com. When the DNS server receives these queries, it delegates them to BIG-IP DNS, which then load balances the queries to the appropriate wide IPs.