For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

KingMeow_3883's avatar
KingMeow_3883
Icon for Altostratus rankAltostratus
Mar 26, 2015

GTM iRule to forward dns request to a pool of DNS servers

Hi,   On the GTM, is it possible to use an iRule to disable wideIP and forward a dns request to a pool of DNS servers instead?   I have a situation where LTM pool members attempt to resolve eac...
StephanManthey's avatar
StephanManthey
Icon for Nacreous rankNacreous
Mar 30, 2015

Hi KingMeow,

to simplify the iRule above the conditions can be combined, i.e. as follows: 
when DNS_REQUEST {
    if {[IP::addr [IP::client_addr] equals 10.10.10.10/32] and ([string tolower [DNS::question name]] ends_with "xyz.domain.com")} {
        log local0. "dns query <[DNS::question name]> from local network: <[IP::client_addr]>"
        DNS::disable gtm
    }
}

(To verify the query name a comparison can be done by "ends_with", "equals", "starts_with" or "contains".)

Btw, there are two alternative methods for GTM to achieve a similar behavior as settings scopes on a DNS server.

The topology based method allows definition of regions and map them to available resources.

A way to configure them is described in this post "Topology LB - Not allow Wide IP to resolve to Internet".

The second method would be a similar rule as above in the context of the WideIP to pick a GTM-pool containing the internal resource records.

In both cases it would be necessary to monitor the internal real servers by the GTM controller.

Thanks, Stephan