For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

danielpenna's avatar
danielpenna
Icon for Cirrus rankCirrus
Jun 24, 2014

Selective DNS queries

Hi All, I am trying to route DNS queries to authoritative servers based on DNS/Hostname request. I have run up a 11.5.1 host in AWS and trying to figure out the GTM configuration but I think/hope what I want to do can be achieved by a DNS iRule but having issues figuring it out.

What I want to do is something like below, anything in AWS will use the F5 DNS Virtual Server as the default DNS server and when a DNS request comes in for a amazonaws.com DNS name it routes the request by a DNS server with external DNS resolution capability. If a request comes in to F5 DNS VS with a DNS request for an internal AD dns name it gets routed to our internal DNS servers.

Is this possible ? Something similar to the iRule below hopefully...still getting my head around GTM at the moment.

when DNS_REQUEST {

if { [DNS::question name] contains "amazonaws.com" }
{
    pool pool-external-dns
}
else {
        pool-default-internal-dns
}

}

application delivery
BIG-IP DNS
cloud
devops
iRules

3 Replies

  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Icon for Nacreous rankNacreous
    Jun 24, 2014

    Try the following. The pools you are selecting need to be DNS server pools

    when DNS_REQUEST { 
  if { [DNS::rrname] ends_with "amazonaws.com" } { 
    pool pool-external-dns 
  } else { 
    pool-default-internal-dns
  }
}
  • danielpenna's avatar
    danielpenna
    Icon for Cirrus rankCirrus
    Jun 24, 2014

    I was getting errors with DNS::rrname so have changed it to [DNS::question name], will test and confirm.

     

    Thanks Kevin