DNS Basic Use Cases
DNS Basic Use Cases April 17, 2013
Rev. 3
Introduction
This documents the individual use cases of major DNS features in the context of both authoritative and recursive servers. The last section describes the interaction between the major features.
Primary Features
DNSX (DNS Express)
DNSSEC
GSLB (Global Server Load-Balancing/ GTM)
Load-Balancing (via Pools)
Cache (Transparent)
Resolver
Basic Use Cases
Authoritative Server
DNS Express
DNSX caches authoritative zones in memory via zone transfers and notifies. This is as a faster alternative to load-balancing and is the preferred method of authoritative offloading when the DNS admin has access to zone transfers.
This has a side benefit of allowing an admin to configure their zone using BIND, but never having to send traffic to BIND, which is slow and has vulnerabilities.
DNSSEC
DNSSEC on a BIG-IP is used to provide authoritative answers for DS and DNSKEY records as well as signing answers (RRSIG records) obtained from authoritative sources (GSLB, DNSX, or an LB pool).
GSLB
This allows a DNS admin to filter out certain domain names within an authoritative zone and load-balance the answers to pools of available (monitored) A/AAAA addresses.
The TTL is set to 0 such that the answer is not cached by a resolver, however, this does increase the amount of traffic being directed at the BIG-IP (because clients are not caching answers and must ask the BIG-IP every time).
Load-Balancing
A common configuration for hosting authoritative servers is to use a pool of BIND servers. By attaching a pool to a listener, users can place the BIG-IP in front of their BIND servers and load-balance queries across them.
The preferred method is to use DNSX and zone transfers, but this is not always possible. Having an alternative way of load-balancing queries to existing servers without a zone transfer (DNSX) is often desired (usually due to organizational issues).
Cache
Not a valid use case. This is also
Rev. 3
Introduction
This documents the individual use cases of major DNS features in the context of both authoritative and recursive servers. The last section describes the interaction between the major features.
Primary Features
DNSX (DNS Express)
DNSSEC
GSLB (Global Server Load-Balancing/ GTM)
Load-Balancing (via Pools)
Cache (Transparent)
Resolver
Basic Use Cases
Authoritative Server
DNS Express
DNSX caches authoritative zones in memory via zone transfers and notifies. This is as a faster alternative to load-balancing and is the preferred method of authoritative offloading when the DNS admin has access to zone transfers.
This has a side benefit of allowing an admin to configure their zone using BIND, but never having to send traffic to BIND, which is slow and has vulnerabilities.
DNSSEC
DNSSEC on a BIG-IP is used to provide authoritative answers for DS and DNSKEY records as well as signing answers (RRSIG records) obtained from authoritative sources (GSLB, DNSX, or an LB pool).
GSLB
This allows a DNS admin to filter out certain domain names within an authoritative zone and load-balance the answers to pools of available (monitored) A/AAAA addresses.
The TTL is set to 0 such that the answer is not cached by a resolver, however, this does increase the amount of traffic being directed at the BIG-IP (because clients are not caching answers and must ask the BIG-IP every time).
Load-Balancing
A common configuration for hosting authoritative servers is to use a pool of BIND servers. By attaching a pool to a listener, users can place the BIG-IP in front of their BIND servers and load-balance queries across them.
The preferred method is to use DNSX and zone transfers, but this is not always possible. Having an alternative way of load-balancing queries to existing servers without a zone transfer (DNSX) is often desired (usually due to organizational issues).
Cache
Not a valid use case. This is also