Forum Discussion
CirrusGTM/DNS - separate listeners for internal vs. external DNS requests recommended?
Have had our GTMs setup for internal gslb for a bit now - going to expose the GTMs for public DNS access as well. An external firewall will NAT the incoming traffic to the GTM's listener (which is a private IP).
In such a scenario, is it recommended to have a separate listener for the public traffic? Or what are the considerations that would decide on reusing the internal listener vs. establishing a separate one?
thx
Vijay_EThere is really no need to have 2 separate WIPs for internal and external DNS requests.
There is one thing that you may want to consider - DNS tends to get DoS'd quite frequently with brute force/flood of requests. Can the firewall in front of the GTM handle flood of traffic ? If the firewall also filters non-DNS traffic for other applications, you can remove the firewall and use a standalone GTM with public IP address in order to prevent other services from going down because of a DNS DoS attack.
Stanislas_Piro2Cumulonimbus
Hi,
Creating 2 different listeners won’t change gtm behavior.
The only benefit to create a second listener is to apply an irule on it to rewrite request value. Then, gtm will handle différents wideip for internal and external listeners