Forum Discussion
NimbostratusGTM and Wide IPs
Hi Guys,
New to GTM and DNS in general and already this site has helped hugely so thanks all that contribute. However struggling a little with the GTM setup, DNS delegation and wide IPs.
Want to be in a position where the GTM responds to requests for Wide IPs (multiple different customers). Currently we do not want to look after DNS for the entire domain or even sub domains necessarily just a portion of it. Customer A may have 2-3 FQDN from a domain that they want to delegate to us. I Would like to understand the options available to the customer to delegate those specific FQDNs so that the GTM can respond and present the relevant IPs appropriately. Furthermore in doing so I would like to understand the Zonerunner records that would need to be created (or in fact are created automatically) to serve such rrequests. Any advice or links would be much appreciated
6 Replies
Bhanu_9561Cirrus
Here is what you can do.
Say that your DNS servers are authoritative for example.com domain and it answers for all queries for example.com domain. Say you need the GTM to hand out DNS requests for forward.example.com.
Create a new domain wip.example.com and make the GTM authoritative for this new domain (Create a new Zone record in Zonerunner for wip.example.com domain - This will create a new SOA record and a NS record on the GTM).
Create new CNAME entry for forward.example.com which points to forward.wip.example.com on the regular DNS.
forward.example.com CNAME forward.wip.example.com
Create a new WideIP on the GTM for forward.wip.example.com
At this point any DNS query for forward.example.com that a client asks for will eventually end up at the GTM.
What happens:
-
Client asks regular DNS for forward.example.com
-
DNS server has a CNAME pointing to forward.wip.example.com
-
DNS server knows that GTM is authoritative for the wip.example.com domain
-
DNS sends a request to the GTM for forward.wip.example.com
-
GTM responds back with the IP for forward.wip.example.com to the DNS server
-
DNS server responds back to the client with the IP address
Note: In this scenario the GTM is going to see the DNS server as the source of the DNS query and not the actual client machine.
- IRONMAN_183357
Hi Bhanu,
here in GTM i want to add 2 VIP from 2 data center to single wide IP
forward.wip.exmaple.com
has two servers, should I create A record for below VIP in GTM Zone runner/.
forward.east.wip.exmaple.com forward.west.wip.exmaple.com
i need steps in GTM box , from wide IP and zone records
-
david0512_20548Hi Bhanu,
Thanks for this. Very clear and concise. So the GTM would have to have an SOA and NS record for each domain it was responding for? I notice that when creating a wide ip the SOA and NS record gets setup automatically. But, If i am in a position where we have 100 FQDNS required for a specific customer (lets say forward.example.com, forward1.example.com, forward1.example1.com, forward.example1.com) i would like to use wildcards to ease administration. For the above perhaps i have tried to create a wide ip such as .example.com that would cover off each FQDN (or used wilcards in aliases). Is this possible? When i test with DIG (DIG @ forward.example1.com) i get a correct response as expected but if an actual DNS server makes the request it fails. It seems that using wildcards doesnt seem to create the SOA/NS records automatically and i assume that because we dont have an SOA/NS record for the domain in question the query from the DNS server fails as the GTM is not authoritative for the domain?
- david0512_20548wildcard should read *.example*.com
- Bhanu_9561
David,
Correct, when you create a wild card WIDE IP it will not create the SOA/NS records on the GTM. Once you create the SOA/NS records, the wild card WIDE IPs should work as expected.
If you configure the wild card WIDE IP as forward*.wip.example.com, the GTM will respond to forward2.wip.example.com, forward7.wip.example.com, etc...
http://support.f5.com/kb/en-us/products/lc_9_x/manuals/product/lc_config_10_2/lc_wideips.html
Thanks.
- david0512_20548
Thanks again......one confusing aspect is that docs suggest wide ips are separate from zonerunner files. But with the above in mind i dont see how the two are not related. For wide ips to work you need zonerunner entries even if you are not using full functionality of bind
