Forum Discussion

REddy's avatar
REddy
Icon for Nimbostratus rankNimbostratus
Dec 07, 2024

CNAME Flattening

Hi,

F5 GTM's are our domain (let us say example.com) authorized DNS servers. Our website is accessible on  example.com and www.example.com. We are migrating to the cloud and the DNS queries will still hit the GTM's and we need to redirect to the Cloud front door (CNAME Record).

The existing set up is with the 2 WIP's(www.example.com and example.com) on the GTM points to the pool. To migrate, we have created the CNAME records in the zonerunner , the challenge is we cant create the CNAME record for the root zone (example.com) as there will be NS records etc. We have created CNAME based WIDEIP for example.com with the CNAM based pool (Cloud front door).  When i access example.com , we get the error on the browser saying "DNS prod finished nxdomain error".  When i dig specifically with CNAME on google DNS, Dig interface I can see the CNAME record.

Tried with few irules, however we are getting errors.

#########################################################

when DNS_REQUEST {
set queried_name [DNS::question name]
set Cloud_FD "abc.xyz"
    if { [string tolower $queried_domain] eq "example.com" } {
        set cname_record "${queried_name}. 300 IN CNAME ${Cloud_FD}."
        set new_rr [DNS:rr ${cname_record}]
        DNS::answer clear
        DNS::answer insert $new_rr
        DNS::return
    }
}

##########################################################

F5 GTM DNS
  • Mohamed_Salah_'s avatar
    Mohamed_Salah_
    Icon for MVP rankMVP
    Dec 11, 2024

    If you haven't mentioned in ZoneRunner that those records are configured as CNAMEs instead of A records, you will not receive a result when querying for these records. This is because no delegation is taking place. It will only work when you query for the CNAME as you have mentioned, as the response will be returned from the WIDE-IP.

    If I understand the setup correctly, you have ZoneRunner acting as the authoritative DNS, and there are some records that need to be delegated to the cloud.

    For example, if www.example.com have an A record in ZoneRunner, you will need to create a CNAME instead, such as www.host.example.com. This subzone should then be linked with the glue records, which are the NS records for the cloud.

    After making these changes, you can test the again.