Split brain forwarder query

Question

Given a split brain zone xyz.com.&nbsp;I want to be able to specify which forwarder is used to fully resolve the ip with no referrals.&nbsp;ie awssftp.xyz.com internally goes to a cname awsftp.int.xyz.com which via wide ip will give a appropriate  10.x.x.xawssftp.xyz.com externally goes to a cname awsftp.ext.xyz.com which  maps to multiple aws dns entrys resolved via google dns (8.8.8.8) is 3.x.x.x&nbsp;Like is there a way if I create two dns listeners say x.x.x.1 and x.x.x.2 the forwarder for .1 if needed goes to 10.x.x.10 or if .2 if needed is 8.8.8.8&nbsp;

spalande · Answer

So I assume zones int.xyz.com and ext.xyz.com are delegated to F5 DNS (GTM) and F5 DNS is authoritative for them. Main primary zone xyz.com is owned by primary DNS (LDNS) server (may be Inflobox, Bluecat or MS server). Please correct if this understanding is wrong.&nbsp;There could be many other smart ways to split this, but one of the way I think is&nbsp;If ext.xyz.com is authoritative with your F5 DNS (GTM), you can just go that zone and create new NS record for awsftp.ext.xyz.com and point to appropriate NS server. GTM will forward queries for this to that NS server. Or if all records inside ext.xyz.com needs to be forwarded to external NS server, you can delegate the entire zone via GTM. If your F5 is not authoritative for zone ext.xyz.com (or doesn't need to be) , you can simply delegate that zone to it's NS servers from your main DNS server itself who is owning xyz.com&nbsp;

Forum Discussion

Split brain forwarder query

Recent Discussions

ip x-forwarding

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Related Content

GSLB Split DNS by iRule

iRule Shenanigans - My Brain hurts

Google and Chrome proposed split, CISA insights, AI OSS-Fuzz, Roundup

SSL VPN Split Tunneling and Office 365

VPN Split Tunneling: The Benefits and Risks

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS