Forum Discussion

Phil_Boorman_70's avatar
Phil_Boorman_70
Icon for Nimbostratus rankNimbostratus
Nov 07, 2016

Spilt DNS resolution for Dev and Prod domains in APM (portal access)

Hi All

 

I have an issue where a client has a DEV environment and a Production environment, both using the same Domain Space. They have an issue when using APM Portal resources and DNS lookups. Basically they have 2 VIPs set up, one for Dev and one for production but the issue occurs when the F5 needs to do a lookup for the portal resources. The F5 can be configured with multiple DNS servers but the device will always query one DNS server (most likely the first one) for a DNS resolution, and cant distinguish if it should return a DEV address or a portal address.

 

The long and short is that when a client accesses the dev VIP i want any DNS requests to go to the DEV DNS servers and all other DNS requests go to the Prod DNS servers.

 

I tried looking down the route of configuring a DNS VIP and pointing the F5's DNS servers at that, but all the requests are coming from the F5 so we can't make a decision based on client source address, and all the DNS requests are the same URL/domain so we cant make decisions on that either!

 

They dont have GTM but im not sure that would help in this situation either.

 

Any help or suggestions would be greatly appreciated.

 

Regards

 

Phil

 

  • Hi Phil,

     

    • I tried looking down the route of configuring a DNS VIP and pointing the F5's DNS servers at that, but all the requests are coming from the F5 so we can't make a decision based on client source address, and all the DNS requests are the same URL/domain so we cant make decisions on that either!

    A silly idea to distinguish the different environments: You could use a different CASE (upper/lower) for your Dev and Prod portal ressources and then simply check the used CASE of the DNS queries on your DNS VIP before forwarding the queries to your Dev or Prod DNS Server pools.

     

    Note: To parse the CASE of the DNS Queries you may need to have a DNS-Express license...

     

    Cheers, Kai

     

  • Laudec's avatar
    Laudec
    Icon for Nimbostratus rankNimbostratus

    Hi Phil,

     

    If your dev users are coming from a specific subnet, or small number of specific IPs, you can use an irule or traffic policy, to differentiate them, and send them to the dev pool. That way you can use the same VIP for both.