GTM - Combined Delegated and Auth Screen modes

All, I am currently deploying new GTM devices in a new datacenter. All devices will be running the same code. GTM devices are not running BIND. My existing DC GTMs are set up in a Delegated Mode architecture, meaning the DNS servers respond to clients with the NS records for any domains that reside on the GTM. Then the client hits the GTM for resolution. We are planning to eventually convert this entire architecture to Auth Screening mode. In deploying the new DC hardware, we are taking a look at what it might take to deploy JUST the new DC in Auth Screening mode, and leave the other sites in Delegated Mode(until we can update them).

 

Here are my questions:

 

1. Has anyone done/attempted this? a. If so, any issues or challenges were faced?

    

2. Given the DNS server behind the auth screening GTM will still have NS records being handed out for the delegated subdomains, what sort of ideas would help prevent clients from getting stuck in a DNS loop? Ex. GTM gets a request for a record in a domain it responds for, but doesn't have. GTM passes request to DNS server which sends the client the NS record, and on and on. iRule ideas? Maybe drop all NS DNS responses that are NS and list the GTM, just on the one DC Listener?

    

3. Any discussion at all about this topic. Just looking for opinions, ideas, solutions... whatever ya got!

    

Let me know!

 

D