Manual Chapter : Placing BIG-IP GTM in Front of a DNS Server

Applies To:

Show Versions Show Versions

BIG-IP GTM

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
Manual Chapter

Overview: Configuring GTM to screen traffic to an existing DNS server

You can use BIG-IP Global Traffic Manager (GTM) as a traffic screener in front of an existing DNS server. With this setup, all DNS traffic flows through BIG-IP GTM. Listeners that you configure on BIG-IP GTM verify incoming DNS queries. If the query is for a wide IP, BIG-IP GTM resolves the request. If the query is for a destination that does not match a wide IP or for an IP address that is not configured on BIG-IP GTM, the system forwards the query to the specified DNS server for resolution. When forwarding a query, BIG-IP GTM transforms the source address to a self IP address on BIG-IP GTM.

Traffic flow when BIG-IP GTM screens traffic to a DNS serverTraffic flow when BIG-IP GTM screens traffic to a DNS server

About listeners

A listener is a specialized virtual server that passively checks for DNS packets on port 53 and the IP address you assign to the listener. When a DNS query is sent to the IP address of the listener, BIG-IP GTM either handles the request locally or forwards the request to the appropriate resource.

About wildcard listeners

A wildcard listener is a special listener that is assigned an IP address of 0.0.0.0 and the DNS query port (port 53). When you want BIG-IP GTM to respond to DNS queries coming into your network, regardless of the destination IP address of the given request, you use a wildcard listener.

Task summary

Perform these tasks to send traffic through BIG-IP GTM.

Placing BIG-IP GTM on your network to forward traffic

Determine to which DNS server you want BIG-IP GTM to forward traffic.
Place GTM on your network between LDNS servers and clients making DNS name resolution requests.
  1. Physically connect GTM to your Internet connection.
  2. Connect the LDNS to an Ethernet port on GTM (optional).
  3. Connect the LDNS to a switch.

Creating listeners to forward traffic to a DNS server

Determine to which DNS server you want the listeners to forward DNS queries.

Create listeners to alert the BIG-IP system to queries destined for a DNS server. Create four wildcard listeners: two that use the UDP protocol (one each for an IPv4 address and IPv6 address), and two that use the TCP protocol (one each for an IPv4 address and IPv6 address).

Note: DNS zone transfers use TCP port 53. If you do not configure a listener for TCP the client might receive the error: connection refused or TCP RSTs.
  1. On the Main tab, click DNS > Delivery > Listeners. The Listeners List screen opens.
  2. Click Create. The Listeners properties screen opens.
  3. In the Name field, type a unique name for the listener.
  4. For the Destination setting, in the Address field, type the IP address on which GTM listens for DNS queries. The destination is the IP address of a DNS server to which you want the listeners to route DNS queries.
    Important: The destination must not match a self IP address on GTM.
  5. From the VLAN Traffic list, select All VLANs.
  6. In the Service area, from the Protocol list, select UDP.
  7. Click Finished.
Create another listener with the same IPv4 address and configuration, but select TCP from the Protocol list. Then, create two more listeners, configuring both with the same IPv6 address, but one with the UDP protocol and one with the TCP protocol.

Creating a wide IP

Ensure that at least one load balancing pool exists in the configuration before you start creating a wide IP.
Create a wide IP to map a FQDN to one or more pools of virtual servers that host the content of the domain.
  1. On the Main tab, click DNS > GSLB > Wide IPs. The Wide IP List screen opens.
  2. Click Create. The New Wide IP screen opens.
  3. In the Name field, type a name for the wide IP.
    Tip: You can use two different wildcard characters in the wide IP name: asterisk (*) to represent several characters and question mark (?) to represent a single character. This reduces the number of aliases you have to add to the configuration.
  4. From the Pool list, select the pools that this wide IP uses for load balancing. The system evaluates the pools based on the wide IP load balancing method configured.
    1. From the Pool list, select a pool. A pool can belong to more than one wide IP.
    2. Click Add.
  5. Click Finished.

Implementation result

You now have an implementation in which BIG-IPGTM receives all DNS queries. If the query is for a wide IP, BIG-IP GTM load balances the request to the appropriate resource. If the query is for an IP address of a DNS server, BIG-IP GTM either routes or forwards the query to the DNS server for resolution.