Lab – Use DIG command to query with client subnet GSLB objects

In this lab, we will utilize the dig command on a linux machine to query the F5 dns engines and observe the responses sent. We will change the options on the dig command to use the new client subnet option.

We will be using a new version of the dig command. My hope is you should be familiar with the general use of the dig command from your previous work with DNS.

The new version of Dig is version 9.10 and it includes an option called the “edns-client-subnet” which allows us to insert the client subnet in the query.

As the client itself cannot insert the client subnet in the query we use the dig command to simulate a query coming from a LDNS which has already inserted the client subnet.

Due to the restrictions on lab resources we have tried to keep this lab of such a size not to be too large or cumbersome, for this reason we will use the dig command instead of a LDNS.

Task – Log into the linux server and check out the new dig command

In this task you will open a terminal session and ssh to the linux server to use the local new version of dig.

Follow these steps to complete this task:

1. Log into the linux server at 10.0.1.253 using the user named ubuntu and the password ubuntu
2. Once logged into the linux server check out the linux dig command by typing dig -v
3. Take a look at the following output dig -h | grep subnet
4. Now do a simple query for the wideip that is configured on one of the east or west DC listener IPs dig @listener_IP app.f5demo.com

Task – View the query logs and observe the dig query

Now that we have the new dig command we are almost ready to do some querys but it would be nice to see the query and decision logs that we are looking for just to make sure things are going correctly and we see any output that might be different than we might expect.

1. Open two new terminal windows if you do not have them open from previous sessions, logging into both the East and West DC BigIPs.
2. Once you have logged in as admin you can then tail -f /var/log/ltm in both windows to view the logs for the listeners.

Task – Use the +subnet option in dig to change the client subnet

Lets test to see if the client subnet affects the response given by the topology records in our GSLB configuration. To do this we will be using our friend dig.

1. Use the dig command to hit your favorite listener and query the wideip app.f5demo.com
2. dig @10.1.0.245 app.f5demo.com
3. Change the client subnet using dig @10.1.0.245 app.f5demo.com +subnet=9.9.9.0/24
4. Examine the response and the logs to see what decision was made … why?
5. Change your query request to include a matching client subnet for a topology record that matches the configuration. dig @10.1.0.245 app.f5demo.com=1.2.2.0/24 .