Forum Discussion
Eduardo_Vieira
Altocumulus
AltocumulusDeliver different ips having the same dns zone name but in different views
Good morning gentlemen.
I have an interesting case to be solved, the scenario is:
I have 2 listening and I have two views, one internal and one external, however the name of the zones are the sam...
Paulius
MVP
MVPEduardo_Vieira You might be able to use the following article to help out with this.
https://clouddocs.f5.com/api/irules/DNS_REQUEST.html
The better alternative here would be to have the GTM listening on only the 20.20.20.20 and then configure your perimeter firewall to perform DNS doctoring which changes the destination in the DNS response from the mapped IP to the real IP so that when people outside of your organization make the query they are still provided the public IP and everyone internally receive the real IP which is usually a private IP.
Eduardo_VieiraAltocumulus
AltocumulusBut in that case I still have the same problem?
At this point I will have a listening, in this case the 20.20.20.20 and requests will arrive at it and it will respond only to one zone right? So I understand that the problem is the same.
The idea of having 2 listening would be for each one to deliver the resolution of a different view, in this case one delivers INTERNAL and the other EXTERNAL.
- Paulius
Eduardo_Vieira If your edge firewall has DNS doctoring then you wouldn't have the same issue because lets say you have a NAT that is 20.20.30.10 that nats to private IP 10.10.30.10 with DNS doctoring. If an internal client received any DNS response from anywhere that the response has to pass back through your firewall and the destination of that record is 20.20.30.10 the firewall would change the response to now use 10.10.30.10 which would then send you to the internal destination rather than the public destination.