Forum Discussion
brad_11440
Nimbostratus
NimbostratusDNS Blackhole Routing with iRules
I'm really intrigued by the recent DevCentral post about DNS blackhole routing. However the solution is based on a DNS server being serviced by a LTM virtual server.
My setup utilizes a DNS server physically in-line behind a GTM. The server runs OSPF and has a neighborship with the router on the other side of the GTM. The DNS IP is advertised from the server while the GTM has a listener configured to intercept any wideIP's it owns. Obviously we don't utilize a virtual server where we could place the iRule.
Any ideas what I could do to implement such a feature? I know our IS guys would love it....
2 Replies
hoolioCirrostratus
For others' reference, Jason answered you in the article comments:
http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1086519/v111-DNS-Blackhole-with-iRules.aspx
> This is very cool. But my setup is different. My DNS server sits physically in-line behind a GTM. The DNS IP address is being advertised from the server via OSPF. In that instance, would I be able to apply the iRule to the WideIP?
< Sure thing, only it needs to be applied to the wideIP's virtual server, not the wideIP itself. The GTM setup is here: http://devcentral.f5.com/wiki/iRules.DNS_Blackhole.ashx
> I did look for that but i don't have a virtual servers section under "local traffic" on my GTM. I am running 10.2, maybe that is why? I do realize I'll need to upgrade for this to work, by the way :)
< With GTM license these abilities will be in place when you upgrade. I will update the article to note that at a minimum the DNS Services module is required for LTM-only solution to work.
Aaron
brad_11440Yes he did, I appreciate that. From my understanding, once we upgrade the GTM to v11, we will have a virtual server created automatically for the listener at which point we can apply the iRule.
