Disable DNS Express to allow recursion of a delegated sub-domain
Problem this snippet solves: If you are using GTM to act both a authoritative slave with DNS Express and as a recursive cache, recursion will not work if a request is made for a delegated sub-domain...
Published May 25, 2016
Version 1.0
Brad_Parker
Cirrus
Cirrus
Patricia_Gonzal
Nimbostratus
NimbostratusI got it to work, but need to add additional functionality.
Is it possible to add additional conditions to forward queries based on client ip to a specific dns pool after we have performed the recursive query for NS records of our DNS Express Zones?
I can split this Irule into two parts (DNS Express Recursive Query Fix) and (Route based on source IP) independently. When I combine the irules it breaks. I have a feeling it has to do with the order in which the F5 processes the traffic. (CLIENT_ACCEPT before DNS_REQUEST)
`when DNS_REQUEST {
query DNS Express to look for a sub-domain delegation
set rrr [DNS::query dnsx [DNS::question name] [DNS::question type]]
evaluate if the queried zone is defined in DNS Express
empty response indicates DNS Express does not have the requested domain
check if DNS Express response is a delegated sub-domain referral
if { [lindex $rrr 0] equals "" && [DNS::type [lindex [lindex $rrr 1] 0]] equals "NS"} {
log local0.debug "ns record detected"
no ANSWER was returned AND AUTHORITY is an NS record(not a SOA)
this is a referral so we should disble DNS Express to allow for the subdomain to be recursed
DNS::disable dnsx
log local0.debug "Subdomain"
} elseif { [IP::addr [IP::client_addr] equals 192.168.0.0/24] } {
pool /Common/ServerResolver
log local0.debug "ServerResolver"
return
} else {
pool /Common/UserResolver
log local0.debug "UserResolver"
return
}
}`