Forum Discussion

Jeff_Ferrell_11's avatar
Jeff_Ferrell_11
Icon for Nimbostratus rankNimbostratus
Jan 10, 2017

GTM query bind, if not found query DNS pool

I have an iRule configured by an F5 PSE. It works fine as designed, but now I have a need to query zonerunner on the GTM after the WIP check and if not found there, then continue looking to the DNS pool.

I'll post the iRule below. In short, this was done b/c I needed a way for my internal clients to get a GTM answer for WIP's, but still have the ability to query my internal DNS servers. Windows can not delegate records, ie: www to the GTM, so in asking GTM for all queries, it checks its WIP, then disables bind and forwards to my AD servers via the internal DNS pool list. This came about b/c I need a cname for my main domain that points to an external domain, ie: record.domain.com which I own points to

Windows won't do that, but GTM can and does currently, I just need a way to gte to that record.

   DNS Selective Recursion iRule  
   CPU impact:   Low
   Requirement:  GTM Module, DNS Profile

   Orginal Creator: Blake Deakins, Consultant II, F5 Professional Services
   Author Date: 3/20/2014

   This iRule is intended to selectively perform recursion of queries
   received by the internal GTM listener
   If the query received contains congressionalfcu.org, the iRule
   disables the validating resolver cache and load-balances
   the query to the AD DNS server pool.
   Otherwise, the query is recursively resolved.

when RULE_INIT {
     set debug to 1 to see debug messages
    set static::Selective_Recursion_debug 1
}

when DNS_REQUEST {
   Ensure the DNS query is not for root
    if {!([DNS::question name] == ".")} {
        set question_name [DNS::question name]
        set fqdn_name .[DNS::question name]
        if { $static::Selective_Recursion_debug } {
            log local2.alert "Recursion DNS Question: $question_name"
            log local2.alert "Recursion Setting FQDN to: $fqdn_name"
        }
    } else {
        if { $static::Selective_Recursion_debug } {
            log local2.alert "Recursion DNS Query was for root ($question_name)"
        }
    }

   If the dns query matches one of the internal zones, disable cache and LB to AD servers
    if { [class match $fqdn_name ends_with internal_zone_list] } {
        DNS::disable cache
        DNS::disable bind
        pool DNS_Internal_Pool
        if { $static::Selective_Recursion_debug } {
            log local2.alert "Recursion Query is for internal zone.  Disabling Cache and assigning pool."
        }
    }
}
BIG-IP DNS
devops
iRules
No RepliesBe the first to reply