K14923: Configuring the BIG-IP DNS system to answer

TCP or UDP DNS requests (11.x - 14.x)

Non-Diagnostic

Original Publication Date: Feb 01, 2014

Updated Date: Dec 06, 2018
Applies to (see versions):

Topic
This article applies to BIG-IP 11.x - 14.x. For information about other versions, refer to the
following article:

 K7716: Configuring the BIG-IP GTM to answer TCP or UDP DNS requests (9.3.x - 10.x)

You should consider using this procedure under the following conditions:

 You are configuring a User Datagram Protocol (UDP) listener for standard DNS queries.
 You are configuring a TCP listener in conjunction with UDP for large size DNS responses.
 You are configuring a TCP listener for use with DNS zone transfers.

Description
To configure the BIG-IP DNS system, you can define one or more listener objects to control what
protocols are available for the BIG-IP DNS system to process DNS requests. A listener is
assigned to a specific IP address and protocol UDP or TCP on which the BIG-IP DNS system
receives and processes traffic. When the BIG-IP DNS system listener address receives a DNS
request, the request is forwarded to the Traffic Management Microkernel (TMM). The TMM then
processes the traffic locally, or forwards the traffic to the appropriate resource.
The gtmd process manages tasks such as configuration synchronization (ConfigSync),
monitoring, metrics collection, device discovery, and dynamic load balancing.
You can configure the BIG-IP DNS listener objects to use the TCP and UDP protocols. This
feature is useful when a DNS response may span multiple packets that exceed the maximum
DNS UDP packet size of 4096 bytes. When a DNS UDP response is larger than 4096 bytes, the
client initiating the DNS request uses the TCP protocol to make a subsequent TCP request. This
situation is typical when the system resolves DNS records that have been configured to respond
with Domain Name System Security Extensions (DNSSEC). Additionally, if you want to import
zones to the BIG-IP DNS system with a zone transfer from other DNS servers, you need to
configure the BIG-IP DNS system with a listener IP address using the TCP protocol.

Prerequisites
You must meet the following prerequisite to use this procedure:

 You have administrative access to the BIG-IP DNS system.

Procedures
Configuring a new UDP or TCP listener (11.5.0 and later)
Impact of procedure: Performing the following procedure should not have a negative impact on
your system.

1. Log in to the Configuration utility.

 2. Navigate to DNS > Delivery > Listeners.
3. Click Create.
4. For Name, type a name for the listener.
5. For Destination, type the listener IP address.
6. Under Service, for Protocol, click either UDP or TCP.
7. To enable an IP address to be a listener for both UDP and TCP, repeat the previous steps
using the same IP address and creating a listener for each of the protocols.

Configuring a new UDP or TCP listener (11.0.0 - 11.4.1)

1. Log in to the Configuration utility.

2. Navigate to Global Traffic > Listeners.
3. Click Create.
4. For Destination, type the listener IP address.
5. Under Service, for Protocol, click either UDP or TCP.
6. To enable an IP address to be a listener for both UDP and TCP, repeat the previous steps
using the same IP address and creating a listener for each of the protocols.

Supplemental Information
 K17329: BIG-IP GTM name has changed to BIG-IP DNS
 K9113: BIG-IP GTM support for Domain Name System Security Extensions
 K5427: Selecting IP addresses for local resolution listener objects
 The Replacing a DNS Server with BIG-IP DNS chapter of the BIG-IP DNS:
Implementations manual
 The Replacing a DNS Server with BIG-IP GTM chapter of the BIG-IP Global Traffic
Manager: Implementations manual

Note: For information about how to locate F5 product manuals, refer to K12453464: Finding
product documentation on AskF5.