F5 GTM human error adding domain name leads to failure of intelligent resolution. 01/19 Update SLTechnology News&Howtos

F5 GTM human error adding domain name leads to failure of intelligent resolution.

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

I. problem phenomenon

The user uses F5 GTM, the version is V11.5.4 HF2, and the user has a private network dual active service. There are two members in test.f5.com,pool, one is located in Foshan DC, and the other is located in Hong Kong DC.

Added one such as test.f5.com. Domain name, and then through the ping test test.f5.com found that the domain name resolution when there are 2 IP, rather than the nearest topology intelligent resolution!

The current test does not have this problem in the V11.5.3/V11.6.1 version, because the FQDN domain name cannot be created! Will report an error.

Second, the cause of the problem

It is mainly due to the user's misconfiguration of test.f5.com. Take. Suffix domain name, the problem is that F5 did not report an error! However, the user thought that the configuration was correct, and during the test, it was found that two addresses were resolved at the same time, and the intelligent resolution failed.

After deletion, intelligent resolution is normal after adding wideips of test.f5.com.

So why did it fail, and two addresses were resolved? During the Ping domain name test, F5 received the DNS request request, but it was parsed by BIND because it did not match wide-ips. However, because the matching mechanism between wideips and BIND is different and the wrong domain name created in wideips will be omitted from BIND, just like the normal BIND record, BIND certainly has this domain name A record, so BIND naturally returns all domain name records to the client, which can be confirmed through Dig. If a record such as NS can be parsed, it is proved that the DNS response is replied by BIND!

III. Solutions

Delete the wrong domain name and add the correct domain name.

Activate case to confirm that this problem is caused by an unknown BUG (there is no fix description of this problem in the latest HF)

Whether the subsequent audit passed the upgrade of fix this issue

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.