Table of Contents
What is F5 BIG-IP DNS ?
F5 BIG-IP DNS is a DNS server that can be used as an enterprise local DNS server or an authoritative DNS server.
It gives you more options than a regular Microsoft DNS server or an open source Bind DNS server which will be discussed in this section.
F5 BIG-IP DNS Fundamental
F5 BIG-IP DNS Server is an advanced DNS server that can be used at any point in the hierarchy of the DNS resolution process. Especially as a local DNS server or authoritative DNS server.
What is the advantage of F5 BIG-IP DNS compared to Microsoft DNS server or open source BIND DNS server?
Here I have listed the main features of F5 BIG-IP DNS.
F5 DNS as a GTM or Site Load Balancer, as an accelerated DNS, as a secure DNS solution (DNSSEC) and also as a DNS IPv6 to IPv4 translation solution (DNS64) are the key features of F5 BIG-IP DNS.
F5 DNS as GTM
The main feature of BIG-IP DNS refers to the previous name of this product called GTM or F5 Global Traffic Manager.
If you have multiple data centers, this feature routes users to the best performing data center based on geographic location or other performance parameters.
This figure shows you somehow how do I mean by F5 DNS as GTM.
Suppose we have two data centers, one in America and the other in Europe. We consider F5 DNS as the authoritative DNS server for the domain rayka-co.com.
The application in the rayka-co.com domain has a server in the American data center with the IP address IP1 and another in the European data center with the IP address IP2.
Both IP1 and IP2 are stored in F5 BIG-IP as a DNS server.
When a user from Europe or America sends a request to find the IP address to access the application in rayka-co.com, F5 BIG-IP DNS does not necessarily respond only as a round robin algorithm, IP1 to some user and IP2 to other users.
F5 BIG-IP DNS decides which IP address to return to the user based on the geographical location of the user’s LDNS or the best performing data center from the user’s LDNS perspective.
compare F5 LTM with F5 DNS (GTM)
If you want to compare F5 LTM with F5 DNS (GTM), we can say that in F5 GTM it decides which data center the user connects to. With F5 LTM it decides which server the user connects to.
This is done in F5 DNS through F5 DNS Load Balancing algorithm and in F5 LTM through F5 LTM Load Balancing algorithm.
F5 LTM Load Balancing algorithm are discussed in the previous course.
F5 DNS Load Balancing algorithm will discussed in this course.
F5 DNS as accelerated DNS
However, GTM is the oldest function of the current BIG-IP DNS, but it is not the only function and for this reason the name was changed from GTM to DNS.
Accelerated DNS due to features like DNS load balancing, DNS express, and DNS caching is another feature of this product.
Because BIG-IP DNS and BIG-IP LTM can be integrated, we can use BIG-IP LTM in front of some BIG-IP DNS to load balance large DNS queries between multiple BIG-IP DNS devices.
We can also use BIG-IP DNS as a DNS cache solution or as a secondary read-only DNS server (DNS Express) to answer large number of DNS queries, thereby accelerating and scaling the DNS solution.
All these solutions will be implemented in the coming sections.
F5 DNS as a secure DNS solution (DNSSEC)
DNS protocol is one of the most attractive targets for hackers because the client does not verify the authenticity and integrity of DNS responses.
In other words, the DNS response can be obtained from an unauthorized and fake DNS server, or the DNS reply can be tampered with along the way.
Client accepts any DNS response it receives. This allows attackers to perform various types of DNS attacks such as spoofing, hijacking, tunneling or flooding to redirect, intercept or disrupt traffic between client and intended target.
DNSSEC or DNS Security Extensions is a technology that allows clients and DNS servers to verify authenticity and integrity of DNS responses to ensure that they are not forged or tampered.
In a dedicated lesson, we will discuss and implement DNSSEC technology with F5 BIG-IP DNS.
F5 DNS as a DNS64 solution
Another feature of BIG-IP DNS is its use as DNS64. DNS64 is a solution required in the IPv6 migration process.
When an IPv6 user wants to connect to a server in an IPv4 environment, DNS64, as the user’s local DNS server, queries the IPv4 address of the server, but returns an IPv6 address to the user because the IPv6 user does not understand the IPv4 address.
Now the user can connect to the IPv4 server but with the IPv6 address returned by DNS64.
Another component NAT64 helps convert the IPv6 addresses to IPv4 and vice versa to enable communication between IPv6 user and IPv6 server.
Now we know how to use BIG-IP DNS and how it differs from normal DNS servers like Microsoft and BIND DNS Server.
During the course, we will discuss and implement BIG-IP DNS features in more detail.