NSlookup returning both Private and Public IPs for a URL

Hi, If you have properly configured the topology records and regions, and the preferred method is Topology, might decision have failed for some other reason. You could see in the statistics if it's not being done by alternating or fallback mode. Regards. [ ]

Thanks. I'll check that. Another question i had is, if i used the fall back mechanism as return to DNS, in this case would it return both the private and the public IPs? Is there a way to ensure that only public is returned to internet users and only private is returned to WAN users?

if i used the fall back mechanism as return to DNS, in this case would it return both the private and the public IPs?

 

Ans : Yes fallback mode Return_to_dns can return any possible ip because bind is not intelligent enough to determine the source based resolution.

 

Yes that is also possible , for that using the irule is solution

 

Is there a way to ensure that only public is returned to internet users and only private is returned to WAN users?

 

the best approach i would suggest is to use Fallback IP rather than return to dns (configure external pool with fallback ip as external , and internal pool with fallback ip as internal )

 

But if very specific to Return to dns There are two possible logics in which irule will work as a solution

 

1. if the response is blank insert the DNS response ip based on the source (in this configure fallback mode to none in both the pools )

    

2. if the RR ip and source combination is incorrect then change to the correct one.

    

   In both the above cases you have to create 2 data groups (internal_subnet , external subnet) to use in the irule.

    

if i used the fall back mechanism as return to DNS, in this case would it return both the private and the public IPs?

 

Ans : Yes fallback mode Return_to_dns can return any possible ip because bind is not intelligent enough to determine the source based resolution.

 

Yes that is also possible , for that using the irule is solution

 

Is there a way to ensure that only public is returned to internet users and only private is returned to WAN users?

 

the best approach i would suggest is to use Fallback IP rather than return to dns (configure external pool with fallback ip as external , and internal pool with fallback ip as internal )

 

But if very specific to Return to dns There are two possible logics in which irule will work as a solution

 

1. if the response is blank insert the DNS response ip based on the source (in this configure fallback mode to none in both the pools )

    

2. if the RR ip and source combination is incorrect then change to the correct one.

    

   In both the above cases you have to create 2 data groups (internal_subnet , external subnet) to use in the irule.

    

Hi, I agree of the above 1st point of Anoop & it will work. Please use method below & use iRule. Hope issue will resolved.

Preferred: Topology; Alternet:Return to DNS; fallback : None.

  when DNS_REQUEST { 
if { ([IP::addr [IP::client_addr]/8 equals 10.0.0.0])}{ 
} elseif { 
([IP::addr [IP::client_addr]/12 equals 172.16.0.0])}{ 
} elseif { 
([IP::addr [IP::client_addr]/16 equals 192.168.0.0])}{
} else { 
discard 
}
}

Refer Link

Samir,

 

Your approach will discard all the requests coming from Public dns , and external users will not able to resolve the ip at all, so we should prefer DNS_RESPONSE event and modify the rr record based on the subnet.

 

The logic should be like below. when DNS_RESPONSE { if the dst ip contains the internal ip and the rr record is external then change rr to internal ip.

 

if the dst ip contains the external ip and the rr record is internal then change rr to external ip.

 

else keep the rr record unchanged. }

 

Anoop/Samir - Thank you so much guys!! That makes sense. I will go ahead and try both the Fallback IP method and the iRULE and see of these work.

 

I'll keep us posted.