Forum Discussion
CirrusPossible to use GTMs for public DNS records without allowing internet access to GTMs?
We use GTMs internally for GSLB services - however, we don't use them for general purpose DNS. Instead, we allow our internal DNS servers to recursively resolve the references to GTM-hosted zone records/wide IPs, so that the clients never directly execute DNS requests against the GTMs. (we understand and accept that this limits us to not using latency or client source IP geo for wide IP conditioning).
We would like to employ the same strategy for our public DNS records. However, we don't want to turn recursion on for our public name servers, because of the risk of DOS attacks.
Has anyone successfully configured DNS services to accomplish this goal - having public internet DNS clients only send requests to the standard, non-GTM DNS servers, but have those servers accomplish the same goal as recursively responding, without turning on recursion in general for the DNS server?
2 Replies
Hi,
If you want to use standard DNS as the first option to resolve (BIG-IP DNS Later), without turning on recursion, you could try DNS Delegation: K277: Delegating a subdomain to a BIG-IP DNS or BIG-IP Link Controller system from another DNS server
I hope this helps.
Stanislas_Piro2Cumulonimbus
Hi,
you can create a VS in front of DNS server and enable dns-gtm profile (like a GTM listener).
if GTM has a record, it will answer, else it will forward the request to the DNS server.
