Forum Discussion
Jason_40733
Cirrocumulus
CirrocumulusGTM Topology Architecture with DNS resolvers
We are implementing GTM and have some general topology rules setup for routing our traffic. Something we have come across, is a potential need for us to route different groups of DNS clients that are using the same DNS resolver to different IPs for the same Wide-IP. Of course the DNS resolver doesn't pass the originating client's IP address, so we only see the IP of the resolver.
Has anyone found an iRule or way to help design around this issue? Our current solutions are to point the smaller group directly at the GTM for DNS, or to assign different resolvers to different routing needs.
Any help or thinking outside the box is greatly appreciated.
Thanks
J
- Sounds like you want to do some topology based ADCing..
From a high level, you can specify the resolution based on the LDNS...
This should get you going..
Overview of BIG-IP GTM Topology records
http://support.f5.com/kb/en-us/solutions/public/10000/400/sol10434.html?sr=13793338 
Jason_40733That is a good document. It's something we've gone over. Our needs are a bit more in depth than that goes into. It appears that given the behavior of DNS, to accomplish what we wish to do we'll need to point anything that needs a more specific rule directly to the GTM. Which will eliminate part of our deployment simplicity gains by implementing GTM, but its not a huge difference.
So.... for a general topology set
subnet1 -> LDNS1 -> GTM
subnet2 -> LDNS1 -> GTM
subnet3 -> LDNS2 -> GTM
Will become this when more specific topology records are needed. It's either that or add more LDNS servers.
subnet1 -> LDNS1 -> GTM
subnet2 -> GTM
subnet3 -> LDNS2 -> GTM
With subnet2 being the subnet/IP address with specific topology needs.- Ahhh I'm sorry about that, I missed you're coming from the same LDNS.. Pointing directly at the GTM will work for subnet 2, like you mentioned, but it's not where you want to end up redundancy wise..
Not sure what a good option is here.. As you mentioned, you're stuck with the LDNS source.. As of today.. I don't believe the original source is passed along.. but I do remember reading some people from google were trying to push it.. Anybody know where that is at?
http://tools.ietf.org/id/draft-vandergaast-edns-client-ip-01.html
I'm not sure what your flow is after the GTM...? Are they all in different data centers? or same? You could always do something at the LTMs by IP..and redirect from there.. but not a good long term solution either.. - Jason_40733Our flow after GTM is a cross of generic servers and LTM VIPs. We're going to go with the more generic topology and anyone with specific routing requests would need to be pointed at the GTMs.
Sly_85819Nimbostratus
I am not sure if this thread is still live but I am also in the same situation. We have our main DNS server as Infoblox and sub-zone delegation pointing to GTM. The tcpdump shows queries coming from DNS server and not the client polling for record. Anycast DNS is also making it a bit difficult. Any more ideas?
chris01_159200Sly, we are trying to implement topology based load balancing as well for clients referred to the GTMs from Infoblox. Were you ever able to overcome the fact that the requesting client address is not associated with the topology decisions due to the LDNS source being Infoblox instead of the client's actual DNS server? Thanks! -Chris
