Manual Chapter : Replacing a DNS Server with BIG-IP GTM

Applies To:

Show Versions Show Versions

BIG-IP GTM

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
Manual Chapter

Replacing a DNS Server with BIG-IP GTM

Overview: Replacing a DNS server with BIG-IP GTM

BIG-IP® Global Traffic Manager™ (GTM™) load balances incoming wide IP traffic to your network resources. BIG-IP GTM can also replace a local DNS server as the authoritative nameserver for wide IPs, zones, and all other DNS-related traffic. You can configure BIG-IP GTM to replace the DNS server that currently manages www.siterequest.com. BIG-IP GTM becomes the authoritative nameserver for www.siterequest.com and load balances traffic across the web-based applications store.siterequest.com and checkout.siterequest.com.
Traffic flow when BIG-IP GTM replaces DNS server

Traffic flow when BIG-IP GTM replaces DNS server

About listeners

A listener is a specialized virtual server that passively checks for DNS packets on port 53 and the IP address you assign to the listener. When a DNS query is sent to the IP address of the listener, BIG-IP GTM™ either handles the request locally or forwards the request to the appropriate resource.

Task summary

Perform these tasks to replace a DNS server with BIG-IP GTM.

Configuring BIND servers to allow zone transfers

If you are unfamiliar with how to modify DNS server files, review the fifth edition of DNS and BIND, available from O’Reilly Media.
Typically, BIND servers allow zone transfers to any DNS nameserver requesting a zone transfer. That is, named.conf on a typical BIND server does not contain an allow-transfer statement. However, the BIND server on the BIG-IP® system is configured to allow zone transfers to only the localhost. Thus, named.conf on the BIG-IP system contains this allow-transfer statement: allow-transfer { localhost; } ;.

When you want to improve the speed of responses to DNS queries you can configure a BIND server to allow zone transfers only to the DNS Express™ engine on the BIG-IP system. You do this by adding an allow-transfer statement to named.conf on the BIND server.

Note: Adding an allow-transfer statement to a BIND server actually restricts zone transfers to a specified list of DNS nameservers.
Add to the BIND server an allow-transfer statement that specifies a self IP address on the BIG-IP system.
You can modify the following allow-transfer statement to use a self IP address on the BIG-IP system:
allow-transfer { 
        localhost; <self IP address from which zone transfer request is sent to the server>;
    }; 
allow-transfer { localhost; 10.10.10.1 ; };

Performing zone transfers from the legacy DNS server

Ensure that you have configured the legacy DNS server with an allow-transfer statement that authorizes zone transfers to BIG-IP® GTM™.
In order for GTM to perform a zone transfer from the legacy DNS server, create a new zone.
  1. On the Main tab, click DNS > Zones > ZoneRunner > Zone List .
    The Zone List screen opens.
  2. Click Create.
    The New Zone screen opens.
  3. From the View Name list, select the view that you want this zone to be a member of.
    The default view is external.
  4. In the Zone Name field, type a name for the zone file in this format, including the trailing dot: db.[viewname].[zonename].
    For example, db.external.siterequest.com.
  5. From the Zone Type list, select Master.
  6. From the Records Creation Method list, select Transfer from Server.
  7. In the Records Creation area, type the values for the SOA and NS record parameters.
  8. Click Finished.

Creating a self IP address using the IP address of the legacy DNS server

To avoid a conflict on your network, unplug BIG-IP® GTM™ from the network.
When you want GTM to handle DNS traffic previously handled by a DNS server, create a self IP address on GTM using the IP address of the legacy DNS server.
  1. On the Main tab, click Network > Self IPs .
  2. Click Create.
    The New Self IP screen opens.
  3. In the Name field, type a unique name for the self IP address.
  4. In the IP Address field, type the IP address of the legacy DNS server.
    The system accepts IPv4 and IPv6 addresses.
  5. In the Netmask field, type the full network mask for the specified IP address.

    For example, you can type ffff:ffff:ffff:ffff:0000:0000:0000:0000 or ffff:ffff:ffff:ffff::.

  6. Click Finished.
    The screen refreshes, and displays the new self IP address.

Designating GTM as the primary server for the zone

Ensure that you have created a self IP address on BIG-IP® GTM™ using the IP address of the legacy DNS server.
Add this self IP address to the GTM server object, and then modify the DNS server based on your network configuration.
  1. On the Main tab, click DNS > GSLB > Servers .
    The Server List screen opens.
  2. Click the name of the GTM system that you want to modify.
    The server settings and values display.
  3. In the Address List area, add the new self IP address.
  4. Click Update.
  5. Do one of the following based on your network configuration:
    • Modify the IP address of the legacy DNS server so that it becomes a secondary DNS server to BIG-IP GTM. Ensure that the IP address of the DNS server does not conflict with the self IP address that you added to the BIG-IP GTM server object.
      Note: If you are using BIND servers, and you are unfamiliar with how to change a DNS server from a primary to a secondary, refer to the fifth edition of DNS and BIND, available from O’Reilly Media.
    • Remove the legacy DNS server from your network.
BIG-IP GTM is now the primary authoritative name server for the zone. The servers for the zone do not need to be updated, because the IP address of the legacy DNS server was assigned to BIG-IP GTM.

Creating listeners to alert GTM to DNS traffic destined for the system

To alert the BIG-IP® GTM™ system to DNS queries (previously handled by the DNS server), create four listeners: two that use the UDP protocol (one each for an IPv4 address and IPv6 address), and two that use the TCP protocol (one each for an IPv4 address and IPv6 address).
Note: DNS zone transfers use TCP port 53. If you do not configure a listener for TCP the client might receive the error: connection refused or TCP RSTs.
  1. On the Main tab, click DNS > Delivery > Listeners .
    The Listeners List screen opens.
  2. Click Create.
    The Listeners properties screen opens.
  3. In the Name field, type a unique name for the listener.
  4. For the Destination setting, in the Address field, type the IP address previously used by the legacy DNS server.
  5. From the VLAN Traffic list, select All VLANs.
  6. In the Service area, from the Protocol list, select UDP.
  7. Click Finished.
Create another listener with the same IPv4 address and configuration, but select TCP from the Protocol list. Then, create two more listeners, configuring both with the same IPv6 address, but one with the UDP protocol and one with the TCP protocol.

Creating a wide IP

Ensure that at least one load balancing pool exists in the configuration before you start creating a wide IP.
Create a wide IP to map a FQDN to one or more pools of virtual servers that host the content of the domain.
  1. On the Main tab, click DNS > GSLB > Wide IPs .
    The Wide IP List screen opens.
  2. Click Create.
    The New Wide IP screen opens.
  3. In the Name field, type a name for the wide IP.
    Tip: You can use two different wildcard characters in the wide IP name: asterisk (*) to represent several characters and question mark (?) to represent a single character. This reduces the number of aliases you have to add to the configuration.
  4. From the Pool list, select the pools that this wide IP uses for load balancing.
    The system evaluates the pools based on the wide IP load balancing method configured.
    1. From the Pool list, select a pool.
      A pool can belong to more than one wide IP.
    2. Click Add.
  5. Click Finished.

Implementation result

BIG-IP® GTM™ replaces the legacy DNS server as the primary authoritative name server for the zone. BIG-IP GTM handles all incoming DNS traffic, whether destined for a wide IP or handled by the BIND instance on the system.