Disable DNS Express to allow recursion of a delegated sub-domain

Problem this snippet solves:

If you are using GTM to act both a authoritative slave with DNS Express and as a recursive cache, recursion will not work if a request is made for a delegated sub-domain if the parent domain exists in DNS Express. i.e. domain.com exists in DNS Express but has delegated the dev.domain.com sub-domain to a different set of name server. Any request to dev.domain.com will just get a referral rather than being recursed. This is because of the order of operations in GTM, https://support.f5.com/kb/en-us/solutions/public/14000/500/sol14510.html. Recursion is the very last process that could happen and since DNS Express makes an authoritative referral response no recursion will occur.

How to use this snippet:

To use this your listener and corresponding DNS profile need to have DNS Express configured and recursion enabled(cache). Then the iRule just needs to be attached to the listener.

Code :

when DNS_REQUEST {
#query DNS Express to look for a sub-domain delegation
set rrr [DNS::query dnsx [DNS::question name] [DNS::question type]]
#evaluate if the queried zone is defined in DNS Express
#empty response indicates DNS Express does not have the requested domain
#so we should exit and continue to recursion
if {$rrr equals "{} {} {}"}{return}
#check if DNS Express response is a delegated sub-domain referral
if { [lindex $rrr 0] equals "" && [DNS::type [lindex [lindex $rrr 1] 0]] equals "NS"} {
#no ANSWER was returned AND AUTHORITY is an NS record(not a SOA)
#this is a referral so we should disble DNS Express to allow for the subdomain to be recursed
DNS::disable dnsx
}
}

Tested this on version:

11.6