Any way to do DNS loadbalancing without BIG-IP DNS module?
Hi,
In our environment we have a number of domain controllers which act as DNS servers for everything internally.
Now, we have one specific type of client that is only able to be configured with a single IP address for its DNS server and this causes problems when a DNS server is down for maintenance.
We run BIG-IP VE v16.1.4 with LTM, but not DNS, provisioned.
I'd like to solve this without provisioning the BIG-IP DNS module in this particular instance, by doing this:
1. Creating a new Stateless VS to receive DNS queries on port 53/udp
2. Assign a UDP protocol profile with "datagram" enabled (so it LBs every single packet) to the VS
3. Create a pool of DNS-servers
4. Create an internal DNS record that will be used to check that a DNS server responds with the correct RR.
5. Assign a "DNS" monitor to the pool and configure it to check service status by sending a DNS query for the RR I created the and seeing if the response is correct.
However, the "DNS" monitor puts every server in the DOWN state. By using tcpdump on the BIG-IP VE I can see that the BIG-IP does not send any DNS query packets from this monitor to the DNS servers in the pool.
I see a lot of other DNS queries from the BIG-IP (the servers in question is also the DNS servers for the BIG-IP).
SO - should it even be possible to create a normal LTM pool containing DNS servers and having the BIG-IP monitor the service state of each member using the "DNS" monitor?
So yes, there was a L3 problem - which was that I chose the wrong interface on the BIG-IP VE to monitor traffic. Turned out the monitor packets were sent on the management interface because of a routing thing I just happened to remember.
Anyway: PROBLEM SOLVED. In order to monitor a DNS server by sending a query and checking for a correct response, I did it the hard way by hand-crafting the packets sent to replicate the bytestring as seen when doing a manual DNS lookup, through dumping the packet.
In the "Send string" field you can enter individual bytes by prefixing the hex value with "\x", so I copied the DNS header (including transaction id, query number etc) plus the actual query, converted it to \x format and put it in the Send string field.
In the Receive string field I entered just the ASCII IP address which I knew the correct query would result in if the server is healthy.