Forum Discussion
Mikesisav
Altostratus
AltostratusSubdomain Delegation using Windows DNS needs to go to different set of GTMs based on WideIPs
We implemented subdomain delegation based on this link https://my.f5.com/manage/s/article/K277 and it worked as expected. We were keeping external DNS associated with our external GTMs and internal DNS with our internal from an architectural perspective.
Now, we have come accross a situation where we possibly need to have our internal DNS requests to WideIPs configured on our external GTMs and our subdomain in Windows DNS only points to the listeners - NS Records - of our internal GTMs.
So, trying to see if there is a methodology in Windows DNS to configure certain WideIPs request to go to our external GTMs listeners for the same subdomain? Can I create a more specifc record in the Windows DNS hierarchy to the external listeners?
I want to just add the External GTMs listeners as NS records in the subdomain just like the internal GTM listeners that already exist but I am not sure how the GTMs would handle requests for WideIPs it does not have configured as now internal and external requests could go to both set of GTMs. Maybe there is some function of the unhandled query optioin in the DNS Profile I can use here?
I think ultimatly...I will just add the external LTMs to the internal GTMs and create the necessary Wide IPs. But, that seems to less secure than I want and I have to do twice the admin overhead when I have an external WideIP to configure on both sets of GTMs - internal and external. So just trying to see if Windows can do anything for me.
For visalization :
Client requests www.example.com from LDNS - Windows DNS.
Windows DNS has a CNAME www.wip.example.com associated with host www.example.com
wip.example.com subdomain has NS records of internal GTM listners.
Internal GTM gets queried for www.wip.example.com which is configured as WideIP and returns Virutal Server IP based on configuration.
__________________________________
Now...I have the situation : Client requests externalwww.example.com from LDNS - Windows DNS.
Windows DNS has a CNAME externalwww.wip.example.com associated with host externalwww.example.com
wip.example.com subdomain has NS records of internal GTM listners.
But, externalwww.example.com is not configured on Internal GTMs so it just allows, rejects, hints or no errors the traffic based on the dns profile configuration.
So, i want to see if Windows can be configured to do anything to send the request for externalwww.wip.example.com to our external listeners.
Thank you for your time.
I have recently completed DNS separation of 2 GTMs in Sync Group for carrying all Internal and EXT WideIPs in old setup to 2 NeW Internal GTMs in Sync Group and 2 More NeW External GTMs in Sync Group
EXAMPLE.NET Domain related WIPS as Internal GTM
EXAMPLE.COM Domain related WIPS as EXT GTM
But there was lots of preparation and documentation which i think cannot explain in a forum response as it was more of a project. You can get in touch with F5 Professional services for project related services.
you must check thi when delegating subdomains from a DNS server to BIG-IP DNS or BIG Link Controller systems.
https://my.f5.com/manage/s/article/K277
reverse from f5 GTM to delegate subdoain to EXT DNS
https://my.f5.com/manage/s/article/K34150459
https://clouddocs.f5.com/training/community/dns/html/class3/module1/lab07/lab07.html
https://clouddocs.f5.com/training/community/dns/html/class3/module1/lab07/task1.html
Hope this Helps
🙏
- zamroni777
Nacreous
you can try to use irules in the internal gtm's wide ip:
if request comes from intranet (based on client/source ip address) , then reply with cname/alias to external gtm's wide ip.
