Due to customer pressures we went for iRule on listener which seemed to work, hopefully this was the best option, below if it helps anyone, just add relevant info in the case statement
set dns timeouts in TMSH so timeout is 3 tries with 2 second timeouts for command RESOLV::lookup, default is 3 and 5
modify /sys db tmm.resolv.retry value 2
modify /sys db tmm.resolv.timeout value 2
save /sys config
quit
Within GTM GUI
navigate to DNS -> Delivery : iRules : iRule List
create new irule -> AWS-lookup
enter text:
#iRule captures when an A record is requested on the listener and then based on that lookup performs a
#DNS lookup on the related AWS long domain name, this returns a single IP address back to the client.
#log.local logs to /var/ltm
when DNS_REQUEST {
#log local0.info "Request type: [DNS::question type], Requested name: [DNS::question name]"
if {[DNS::question type] equals "A"} {
set aws_domain ""
#Case search DNS query and set lookup settings based on the A record lookup
switch [string tolower [DNS::question name]] {
short.domain.name1 {
set aws_domain "<<long name>>"
set awsdns1 "<<AWS DHCP IP>>"
set awsdns2 "<<AWS DHCP IP>>"
}
short.domain.name2 {
set aws_domain "<<long name>>"
set awsdns1 "<<AWS DHCP IP>>"
set awsdns2 "<<AWS DHCP IP>>"
}
}
#if record matched in above case lookup AWS domain name
if {$aws_domain ne ""} {
set aws_ip ""
#Lookup ip address to AWS DNS servers
set aws_ip [lindex [RESOLV::lookup @$awsdns1 -a $aws_domain] 0 ]
if { $aws_ip eq "" }{
log local0.info "1st resolution to $awsdns1 AWS DNS Failed"
set aws_ip [lindex [RESOLV::lookup @$awsdns2 -a $aws_domain] 0]
if { $aws_ip eq "" }{
log local0.info "2nd resolution to $awsdns2 AWS DNS Failed"
return
}
}
#if one of the DNS has responded return the answer
if {$aws_ip ne ""} {
DNS::answer insert "[DNS::question name]. 30 [DNS::question class] [DNS::question type] $aws_ip"
DNS::return
}
}
}
}