Forum Discussion

brad_11440's avatar
Icon for Nimbostratus rankNimbostratus
Jan 03, 2012

DNS Blackhole Routing with iRules

I'm really intrigued by the recent DevCentral post about DNS blackhole routing. However the solution is based on a DNS server being serviced by a LTM virtual server.



My setup utilizes a DNS server physically in-line behind a GTM. The server runs OSPF and has a neighborship with the router on the other side of the GTM. The DNS IP is advertised from the server while the GTM has a listener configured to intercept any wideIP's it owns. Obviously we don't utilize a virtual server where we could place the iRule.



Any ideas what I could do to implement such a feature? I know our IS guys would love it....



2 Replies

  • For others' reference, Jason answered you in the article comments:






    > This is very cool. But my setup is different. My DNS server sits physically in-line behind a GTM. The DNS IP address is being advertised from the server via OSPF. In that instance, would I be able to apply the iRule to the WideIP?



    < Sure thing, only it needs to be applied to the wideIP's virtual server, not the wideIP itself. The GTM setup is here:



    > I did look for that but i don't have a virtual servers section under "local traffic" on my GTM. I am running 10.2, maybe that is why? I do realize I'll need to upgrade for this to work, by the way :)



    < With GTM license these abilities will be in place when you upgrade. I will update the article to note that at a minimum the DNS Services module is required for LTM-only solution to work.




  • Yes he did, I appreciate that. From my understanding, once we upgrade the GTM to v11, we will have a virtual server created automatically for the listener at which point we can apply the iRule.