Right way of configuring GTM and parent DNS?

Question

The training manual has this to say about the steps to migrating to a system where the GTM will only receive requests for wide IPs within a domain.&nbsp;
&nbsp;Configure the existing name databases on the current DNS servers e.g. ns1.ispX.com and ns2.ispX.com that the Wide IPs are delegated to the GTM System. Note that the GTM System should be configured to resolve the wide IP prior to implementing this change in the current system.&nbsp;
&nbsp;Example database prior to delegation:&nbsp;
&nbsp;www.domain.com.        IN           A             200.10.10.10
&nbsp;www.domain.com.        IN           A             150.10.10.10&nbsp;
&nbsp;Example database after delegation:&nbsp;
&nbsp;wip.domain.com.        IN           NS            gtm1.wip.domain.com.
&nbsp;wip.domain.com.        IN           NS            gtm2.wip.domain.com.
&nbsp;gtm1.wip.domain.com.   IN           A             200.10.10.53
&nbsp;gtm2.wip.domain.com.   IN           A             150.10.10.54
&nbsp;www.domain.com.        IN           CNAME         www.wip.domain.com.&nbsp;
&nbsp;There is another way that would work:&nbsp;
&nbsp;www.domain.com.        IN           NS          gtm1.domain.com.
&nbsp;www.domain.com.        IN           NS          gtm2.domain.com.
&nbsp;gtm1.domain.com.       IN           A           200.10.10.53
&nbsp;gtm2.domain.com.       IN           A           150.10.10.54&nbsp;
&nbsp;This approach defines the www.domain.com as being a sub domain of domain.com, and the GTMs won’t care how they received the request for www.domain.com as long as the WIP exists then they should respond. The down side to this approach is that any further hosts which will be hosted on GTM will also require two NS record lines whereas the first approach just needs the CNAME entry.&nbsp;
&nbsp;My question to you all is ‘which way is right?’ and is the latter approach actually wrong? &nbsp;
&nbsp; &nbsp;&nbsp;

russell_moore_8 · Answer

The first method is correct. The second method can be made to work but you must create SOA and full domain records on the GTM or you run the risk of having customer issues. Remember, GTM will fall through to standard DNS and must have the proper structure to respond appropriately to resolvers.

deb_allen_18 · Answer

Both are actually valid approaches that are widely used. GTM automatically creates the required zone file including the appropriate SOA info when any name is added as a WideIP.&nbsp;
&nbsp;However, F5's recommended best practice is actually the first:  To use a CNAME in your primary DNS that points to a name in a subdomain delegated to GTM.  That way you are delegating only the name-to-IP relationship, and the parent zone configuration is still authoritative for MX etc.&nbsp;
&nbsp;HTH
&nbsp;/deb

juwusuo_48228 · Answer

would there be GTM DNS name resolution difference between the two approaches?

Forum Discussion

Right way of configuring GTM and parent DNS?

Recent Discussions

How do I create a traffic log for two different route domains?

Http / https health monitor issue

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

Related Content

F5 BIG-IP Advanced WAF – DOS profile configuration options.

Maintaining BIG-IP's Golden Compliance Configuration in Financial Services

Configuring BIG-IP for Zone Transfer and DNSSEC

BIG-IP BGP Routing Protocol Configuration And Use Cases

Certificate Expiry Email alert configuration

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS