What is it?
There is a setting within the GSLB (Global Server Load Balancing) settings that allows multiple BIG-IP DNS devices to belong to a group allowing for synchronization of configs between them. There are actually multiple settings that can be configured (as you can see below) but I want to focus solely on the Group Name setting as it’s important for troubleshooting issues.
It is important to note that the default group name is “default“. It is configurable and a recommended best practice by F5 is to rename it to something unique.
Why do we care?
F5 BIG-IP DNS uses a protocol called iQuery, which operates over port 4353 (4 3DNS). I was once told that this was a reference to their old 3-DNS controller but not 100% sure if that’s true.
The iQuery protocol passes configuration information across the devices in XML format and allows an administrator to add a configuration object, such as a Wide IP or Server object, to only one device and it will replicate to the others within the sync group. Here is a sample of XML from iQuery:
As you can see above, there’s some information such as name, uptime, and port info. This information is important when you’re troubleshooting why a virtual server on the BIG-IP DNS is showing offline but the corresponding virtual server on the LTM is showing as available.
The iqdump command can be run from the command line and you just need to specify the Self-IP of the BIG-IP LTM that you want to see the XML being passed.
Changing the Synchronization Group Name
The screenshot in the earlier section was run with the synchronization group name still saying “default“. You can see this in the headers when running iqdump:
This works great out of the box, right? It does but it becomes problematic later down the road when you have a device that either needs to be RMA or reset to its default config. If this happens and all your devices are running the configuration sync group name as default and you add a new device, that blank configuration could wipe out the configuration on the other devices because they belong to the “default” sync group.
To remedy this issue, we can update the synchronization group name to something more unique like “FANCY-DNS“:
This allows us to add a new device without wondering if it will blow away our existing configuration on the other devices in the synchronization group. The new device would have a group name of “default” and would need to be added to the our existing sync group.
Where did it go?
When we run the same command before, we only get basic information. We do not see any of the virtual server information that we saw before. Here is why:
When we run our normal command of iqdump with the Self-IP of the LTM we are wanting to see data, we are still only looking at the “default” synchronization group. We changed this to “FANCY-DNS“. So in order to see the information, we have to add the “-s” switch to the command and use our new synchronization group name:
Now we can see our data again should we need to do any additional troubleshooting.
Story Time
This stumped me for a bit when we had a virtual server object on the BIG-IP DNS that showed as offline (red) but on the corresponding LTM, the virtual server was showing as available (green). Once I figured out how to see the virtual server data in the XML being passed back and forth, I could see that the virtual server name on the BIG-IP DNS did not match with the virtual server name on the LTM it was referencing. Once this was fixed, we were good to go.
The data in the XML is simple and gives you some good information so being able to understand and run iqdump will be a great add to anyone who has to administer BIG-IP DNS.
Hopefully this will help someone in the future but at the very least, I can refer back to it.
Helpful Links
Overview of BIG-IP DNS synchronization
Overview of BIG-IP DNS system software upgrades
Overview of the BIG-IP DNS big3d, bigip_add, and gtm_add utilities (11.x – 16.x)