Forum Discussion

Paul1's avatar
Icon for Altostratus rankAltostratus
Jul 23, 2020

cname and a record

Is there a way to get the GTM to respond with the cname and corresponding a records.

Have a WIP set up as A record (short domain name) to a CNAME pool (long AWS record). The bespoke devices looking up DNS to the GTM the are unable to perform a 2nd lookup on the returned CNAME.

The GTM forwards requests on the long AWS record onto AWS DNS servers to resolve the dynamic A records.


So in summary need the GTM to return the end A records to the client on the first request to the WIP?


4 Replies

  • Hi Paul,


    You didn't say what version you were running, but if you are running a version >=12.0, take a look at disabling the Minimal Response option on your WIP. Help documentation says the following:


    Minimal Response:

    Specifies that the system forms the smallest allowable DNS response to a query. Typically, this is a single resource record in the answer section. When set to disabled, the system attempts to chase CNAME chains, if required, to obtain the ultimate answer, and it attempts to add address resource records to the additional section of the response for each answer when needed. The default is Enabled.


    If you try this out, please report back with your results.

  • Hi Rob, I did try that but I think as the DNS servers are under forwarders it doesn't work. I did see this video of explaining the chaining of it but wasn't sure if adding the long domain to the zonerunner was possible or even how to do it,

  • Due to customer pressures we went for iRule on listener which seemed to work, hopefully this was the best option, below if it helps anyone, just add relevant info in the case statement

    set dns timeouts in TMSH so timeout is 3 tries with 2 second timeouts for command RESOLV::lookup, default is 3 and 5

    modify /sys db tmm.resolv.retry value 2

    modify /sys db tmm.resolv.timeout value 2

    save /sys config


    Within GTM GUI

    navigate to DNS -> Delivery : iRules : iRule List

    create new irule -> AWS-lookup

    enter text:

    #iRule captures when an A record is requested on the listener and then based on that lookup performs a
    #DNS lookup on the related AWS long domain name, this returns a single IP address back to the client.
    #log.local logs to /var/ltm
    when DNS_REQUEST {
           #log "Request type: [DNS::question type], Requested name: [DNS::question name]"
           if {[DNS::question type] equals "A"} {
                   set aws_domain ""
                   #Case search DNS query and set lookup settings based on the A record lookup
                   switch [string tolower [DNS::question name]] {
                           short.domain.name1 {
                                   set aws_domain "<<long name>>"
                                   set awsdns1 "<<AWS DHCP IP>>"
                                   set awsdns2 "<<AWS DHCP IP>>"
                           short.domain.name2 {
                                   set aws_domain "<<long name>>"
                                   set awsdns1 "<<AWS DHCP IP>>"
                                   set awsdns2 "<<AWS DHCP IP>>"
                   #if record matched in above case lookup AWS domain name
                   if {$aws_domain ne ""} {
                           set aws_ip ""
                           #Lookup ip address to AWS DNS servers
                           set aws_ip [lindex [RESOLV::lookup @$awsdns1 -a $aws_domain] 0 ]
                           if { $aws_ip eq "" }{
                                   log "1st resolution to $awsdns1 AWS DNS Failed"
                                   set aws_ip [lindex [RESOLV::lookup @$awsdns2 -a $aws_domain] 0]
                                   if { $aws_ip eq "" }{
                                           log "2nd resolution to $awsdns2 AWS DNS Failed"
                           #if one of the DNS has responded return the answer
                           if {$aws_ip ne ""} {
                                   DNS::answer insert "[DNS::question name]. 30 [DNS::question class] [DNS::question type] $aws_ip"
    • rob_carr's avatar
      Icon for Cirrostratus rankCirrostratus

      I like your solution, but anyone interested in using it should note that the RESOLV::lookup command is deprecated in v15.1