F5 DNS order of operations means the sequence in which the F5 DNS system’s modules process and resolve a DNS query. This is what we discuss in this section.
Table of Contents
F5 DNS Process Hierarchy
When a DNS query with destination of DNS listener is received in F5 DNS system, there are several modules to resolve it.
It can be intelligently resolved through Wide IP, it can be accelerated using DNS Express, DNS cache or through load balancing to a pool of DNS servers, it can be resolved recursively over external DNS servers or iteratively over root hint servers or even via a local BIND service.
The question is which of them are used to resolve the DNS query?
All of these F5 DNS modules are discussed during the course but the order of operation is what we discuss in this section.
This table shows how DNS queries are processed in order in the F5 DNS system and the lessons we discussed and demonstrated for each module.
| DNS Orde of Operation | Description | Lessons |
|---|---|---|
| DNS iRules | DNS > GSLB > iRules. exceptions within the DNS query workflow. allow for tailored processing and routing of requests based on specific conditions | 19. F5 DNS iRule Examples |
| Wide-IP | DNS > GSLB > Wide IPs. the query is resolved using intelligent decision-making based on the user's location and the network metrics. | Lessons 11 to 16. 11. what is F5 GSLB and intelligent name resolution |
| DNS Express | DNS > Zones. DNS Express zones are those for which F5 acts as a secondary authoritative DNS server | Lessons 3 to 7. 3. F5 DNS Express with Microsoft as primary DNS server |
| DNS Cache | DNS > Caches. resolve the query based on DNS cache. Uses external DNS resolver to resolve queries and then caches the responses. | 9. F5 DNS Transparent Cache |
| DNS Resolver Cache | DNS > Caches. resolve the query based on DNS cache. resolve DNS queries itself through iterating to root DNS server, TLD DNS server and authoritative DNS server and then cache the responses. | 10. F5 DNS Resolver Cache |
| DNS Load Balancing | DNS > Delivery > Load Balancing. based on the load balancing algorithm, the query is forwarded to one of the DNS servers configured in the pool assigned to the listener. | 8. F5 LTM DNS load balancing |
| ZineRunner (BIND) | DNS > Zones > ZoneRunner. resolve DNS queries using the local F5 DNS BIND service | 5. F5 ZoneRunner to create a local Bind DNS service |
iRules
When a DNS query comes into the F5 DNS system, the first priority goes to iRules to process and resolve the query. iRules are actually the exceptions within the DNS query workflow and allow for tailored processing and routing of requests based on specific conditions.
Wide-IP
If a DNS query does not correspond to any pre-configured iRules, it proceeds to the Wide IP module. The system then checks for a Wide IP that matches the query. If a match is found, the query is resolved using intelligent decision-making based on the user’s location and the network metrics configured within the Wide IP settings.
DNS Express
When a DNS query does not match any of the configured Wide IPs, it is then compared with the zones configured as DNS Express within the F5 DNS system. DNS Express zones are those for which F5 acts as a secondary authoritative DNS server.
DNS Caches
If the query does not match any of DNS express zones, then it try to resolve the query based on DNS cache. there are two types of caches, DNS transparent cache or DNS resolver cache.
DNS transparent cache uses external DNS resolver to resolve queries and then caches the responses. When a subsequent query for the same resource is received, the system can immediately return the response from the cache.
DNS resolver cache resolve DNS queries itself through iterating to root DNS server, TLD DNS server and authoritative DNS server and then cache the responses. When the system receives a query for a response that exists in the cache, it returns the cached response
DNS Load Balancing
If no DNS caches are configured, it checks whether a DNS server pool is assigned to the DNS listener. If present, based on the load balancing algorithm, the query is forwarded to one of the DNS servers configured in the pool to resolve the query.
F5 DNS BIND service (ZoneRunner)
Although this is not efficient and therefore no recommended, it is possible to resolve DNS queries using the local F5 DNS BIND service as the last priority.
Notice that a Listener is required for any DNS resolution except local BIND (ZoneRunner).
And the last point is that If a DNS query arrives on F5 DNS that is not destined for a Listener address but is destined for a self-IP that has port UDP 53 unlocked, the query will be processed by F5 local BIND service.