Jump to content

DNS Queries

Cowboy Denny

Entry posted by Cowboy Denny

127 views

 Share

Check how each DNS Server is doing.

NOTE: DNS can use UDP or TCP port 53

Zone transfers use TCP

Queries use UDP

ALSO DNS is considered Layer7 (Application Layer)

 

ARCHITECTURE EXAMPLE

External/Internet Facing

Utilize F5 BIG-IP DNS (GTM) as the name server since they are practically impossible to kill

Internal/Intranet

Utilize Infoblox with a minimum of two DNS Views (Internal DNS View for intranet only DNS and External DNS View for internet only)

REFERENCE LOGICAL DIAGRAM BELOW

<insert photo>

 

Of course we could configure many different ways for DNS but let's just concentrate on the External DNS for now since Internal DNS could get complicated with Microsoft Active Directory and using F5 BIG-IP DNS (GTM) for WideIPs and leveraging Anycast then dealing with DDNS..  as you can see, internal DNS is much more complicated then External DNS.

To add an External facing DNS Domain (adding a subdomain is the same process)

First create the new external domain in Infoblox.  I personally like using the csv import process that Infoblox supports.  You just populate a CSV like this one here and then go into Infoblox and import the CSV to create the domain (or subdomain).  Using the same process (just a different csv) I would add any records that belong in that new domain.

Second create the new external domain on your F5 BIG-IP DNS by running command but you need to know a couple things before you can run the command.

What name servers are defined on your F5 device that point to the IP address of your Infoblox GridMaster.  You can identify this by running this command: 

iSupport@(mifnt1slbgtm03)(cfg-sync Standalone)(Active)(/Common)(tmos)# list ltm dns nameserver
ltm dns nameserver dnsx_server_0 {
    address 10.11.12.205
    route-domain 0
    tsig-key Sup3Rs3CreT
}
ltm dns nameserver dnsx_server_1 {
    address 10.11.12.205
    route-domain 0
}

tmsh create ltm dns zone eventguyz.com dns-express-server  dnsx_server_0 dns-express-notify-tsig-verify no

Explanation

dns-express-server

 

TSIG Notes

Use transaction signature (TSIG) keys to authenticate communications about zone transfers between the BIG-IP system and authoritative DNS servers, and between the BIG-IP system and DNS nameservers (clients).

 Share

0 Comments

Recommended Comments

There are no comments to display.

Guest
Add a comment...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×

Announcements



×
×
  • Create New...

Important Information

Privacy Policy

  I accept