For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

f5user_108265's avatar
f5user_108265
Icon for Nimbostratus rankNimbostratus
Jul 17, 2008

GTM iRule defining external DNS server

Hi everybody,     I am facing the following problem. I would like to force the GTM to query an internal (accessible only by the BIG-IP on the private side) DNS server if the DNS record cann...
application delivery
dev
devops
iRules
JRahm's avatar
JRahm
Icon for Admin rankAdmin
Jul 21, 2008
Yes, you would enable recursion (beware, note the CERT VU800113 published a couple of weeks ago) and set up forwarders in your bind configuration (GTM->ZoneRunner->Named Configuration) 

  
  options {  
      forward only;  
      forwarders {  
          ns1.internal.company.com;  
          ns2.internal.company.com;  
      };  
      recursion yes;  
  };

You don't need an iRule for this to work, but you could write one to only forward valid requests, which would require you to list in the rule each request not handled by the GTM that your internal servers would have an answer for. The need for this would depend on your business (and security) rules.