![]() I should be making use of the local BIND for recursion instead of relying on the backend DNS. the irule I pasted is my attempt to make my setup handle recursive requests while keeping some of the DNSX and Cache functionnality. the DNS profile configuration is crucial in what stage the DNS request will go through but I could not build an completly accurate picture of the flow : if I check use-local-bind will the BIND get queried before or after the Cache ? the DNSX ? the difference between transparent and resolver cache is not clear at all to me, maybe the documentation could be improved. ![]() I expected this to intelligently query DNSX to answer what it can and forward what it cannot to the cache and other stages. setting the process-rd switch to no basically disable everything since every single request in recursive nowadays. These requests do not even reach the DNS Cache stage : they go straight the servers you may have set in the pool to your virtual server unless unhandled-query-action says otherwise but most options are not that usefull for this case. DNSX does NOT handle requests to domains it holds no authority well : CNAME requests get no A records if the canonical is not in a DNSX zone, NS answers with the relevant root for any requests to unknown records. Ltm dns cache transparent transparent_cache Requests will be mostly recursive, answer records may be in the zone transfered to the F5 but not all will.Ĭurrent setup : a pair of 3600 running TMOS 11.2.1 HF6, provisionning LTM dedicated for now, the license allows for GTM module as well. Primary DNS servers are mostly domains controllers, their load should be as low as possible. Goal : run as a secondary DNS cluster for a large population of servers and workstations (both Windows and Linux). I have been preparing a proof of concept DNS setup using F5 devices and would like your input.
0 Comments
Leave a Reply. |