For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Garth_104943's avatar
Garth_104943
Icon for Nimbostratus rankNimbostratus
Feb 18, 2010

Name resolution based on source IP

Newbie question, but please let me know if this is possible.

 

 

I have a domain www.mydomain.com that resolves publicly to one address (akamai cached)

 

The same domain www.mydomain.com resolves to a different address on our internal network (direct connection the the F5 Virtual Server address)

 

There are certain conditions when I want to route the traffic from our internal network to the Akamai hosted address (http redirects don't work)

 

Is there a way to force a dns lookup using a specified external nameserver when certain conditions are met on a HTTP_Request?

 

 

Thanks

 

 

G
application delivery
dev
devops
iRules

5 Replies

  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Feb 18, 2010
    Hi Garth,

     

    I believe so.

     

    Take a look at this wiki for NAME resolution commands

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules.NAME

     

     

    I hope this helps

     

     

    Bhattman
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Feb 18, 2010
    You could take the name lookup functionality from the first Codeshare example below and modify it to do a lookup every X seconds as in the second example:

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/DestinationSnatUsingDNS.html

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/LogEveryXSeconds.html

     

     

    You might also want to consider upgrading to 10.1 to use the new RESOLV::lookup command:

     

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/resolv__lookup

     

     

    Like the NAME::lookup command, RESOLV::lookup performs a DNS query, returning the A record for the indicated hostname, or the PTR record for the indicated IP address. The functional difference between the two is that RESOLV::lookup suspends and returns the result inline, whereas NAME::lookup continues and eventually causes NAME_RESOLVED to fire and then you need to call NAME::response to retrieve it.

     

     

     

     

    Aaron
  • kev_245_28249's avatar
    kev_245_28249
    Icon for Nimbostratus rankNimbostratus
    Apr 29, 2011
    Can one use this code share in the following mannor?

     

    In regards to using the LTM as a reverse proxy could the iRule be used to determine the destination that gets applied to the pool in a VIP?

     

    An example, an internal server does file transfer to an ip that is a VIP on the external LTM. The LTM then is triggered by the iRule mentioned above, does a lookup to resolve the actual destination ip address and sends the traffic outbound.

     

     

    Is it fair to say, a static name like update.sun.com would be applied to the iRule mentioned in the code share, when the response is received the destination is then set.

     

     

    If this is the case would you have to configure all possible replies as members of a pool? Or would the response from the dns lookup result in being set as the destination?

     

     

     

     

     

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Apr 29, 2011
    You can use the node command to assign an arbitrary IP and port for a load balancing destination. The IP:port does not need to be a pool member.

     

     

    I'll see about writing an example with RESOLV::lookup sometime soon with caching of the response(s) in a subtable. Else, you can use the Codeshare examples posted above as a start.

     

     

    Aaron
  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    May 02, 2011
    So what Aaron's trying to say is, "No, you don't have to configure all of the possible IPs as a member of a pool". ;)

     

     

    Colin