DNSSEC (BIG-IP v10.x: GTM)
This F5 deployment guide shows how to configure Authoritative DNSSEC signing for a zone in front of a pool of DNS servers, to sign responses from virtual servers in a global server load balancing configuration, or to do both in Authoritative Screening mode.
There are three main ways to configure the BIG-IP GTM system for DNSSEC shown in this guide.
- Authoritative Screening Mode
The Authoritative Screening architecture enables BIG-IP GTM to receive all DNS queries, managing very high-volume DNS by load balancing requests to a pool of DNS servers. Additionally, the Authoritative Screening architecture seamlessly provides all of the benefits of intelligent GSLB services.
- DNS Load Balancing
You can also use only the DNS load balancing components of screening mode to sign responses
from 3rd-party DNS servers. This saves time by using F5’s DNSSEC rather than signing the DNS
zones manually.
- Delegation
Delegation has been the traditional deployment method. This solution involves delegating a
specific subzone that contains all the GSLB elements of the DNS architecture. In this scenario, a
CNAME is used to redirect other names to one located in the delegated subzone. One drawback
with delegation mode is that the administrator is required to create a CNAME for all related DNS
records.
The following diagram shows the Authoritative screening mode with DNS load balancing described in this guide.

Download Deployment Guide
Related Guides
F5 BIG-IP GTM with APM for Global Remote Access (BIG-IP 11.2+: GTM, APM)
Infoblox Grid Servers for DNSSEC (BIG-IP v11: GTM)
Microsoft Dynamics CRM 2013 and 2011 (BIG-IP v11 - v13: LTM, APM, AFM)
Microsoft Exchange Server 2010 (BIG-IP v10: LTM/GTM/WOM/APM/Edge/WA/FirePass)
Microsoft Exchange Server 2010 and 2013 (BIG-IP v11 - v13: LTM, APM, AFM)
Microsoft Forefront Threat Management Gateway 2010 (BIG-IP v11, 10.2.x: LTM, APM)
Microsoft Lync Server 2010 and 2013 - Site Resiliency (BIG-IP v11: GTM, LTM)
Microsoft SharePoint 2010 and 2013 (BIG-IP v11.4: LTM, APM, ASM, AAM)