You can use BIG-IP® DNS as a traffic screener in front of an existing DNS server. With this setup, all DNS traffic flows through BIG-IP DNS. Listeners that you configure on BIG-IP DNS verify incoming DNS queries. If the query is for a wide IP, BIG-IP DNS resolves the request. If the query is for a destination that does not match a wide IP or for an IP address that is not configured on BIG-IP DNS, the system forwards the query to the specified DNS server for resolution. When forwarding a query, BIG-IP DNS transforms the source address to a self IP address on BIG-IP DNS.
Traffic flow when BIG-IP DNS screens traffic to a DNS server
A listener is a specialized virtual server that passively checks for DNS packets on port 53 and the IP address you assign to the listener. When a DNS query is sent to the IP address of the listener, BIG-IP DNS either handles the request locally or forwards the request to the appropriate resource.
A wildcard listener is a special listener that is assigned an IP address of 0.0.0.0 and the DNS query port (port 53). When you want BIG-IP® DNS to respond to DNS queries coming into your network, regardless of the destination IP address of the given request, you use a wildcard listener.
Perform these tasks to send traffic through BIG-IP® DNS.
Create listeners to alert the BIG-IP system to queries destined for a DNS server. Create four wildcard listeners: two that use the UDP protocol (one each for an IPv4 address and IPv6 address), and two that use the TCP protocol (one each for an IPv4 address and IPv6 address).
You now have an implementation in which BIG-IP® DNS (formerly GTM™) receives all DNS queries. If the query is for a wide IP, BIG-IP DNS load balances the request to the appropriate resource. If the query is for an IP address of a DNS server, BIG-IP DNS either routes or forwards the query to the DNS server for resolution.