Forum Discussion

daboochmeister's avatar
Jul 25, 2017

BIG-IP DNS (GTM) best practice for internal vs. external zone naming

We have a BIG-IP DNS setup that relies on delegated zones in our primary DNS (Infoblox), with CNAMEs to alias the primary FQDNs that clients use to wide IP names on the GTMs. For example:

 

  • Primary domain is .company.com
  • Zone lb.company.com is delegated from Infoblox to the GTMs
  • WIP test.lb.company.com is a wide IP on the GTMs
  • CNAME test.company.com aliases to test.lb.company.com
  • Clients request resolution of test.company.com of Infoblox, and Infoblox recursively resolves it (contacts the GTMs, and receives back an IP, which Infoblox returns to the client)

My question - we have both external and internal DNS views on our Infoblox, and we need to have WIPs in both (in our public DNS, and in our internal DNS) so for example, "test.company.com" should get CNAMEd to a different WIP depending on whether clients are accessing over the internet vs. via internal network (so that the client gets back a corresponding publicly available IP vs. an internally available IP, depending on their access path).

 

What is the best practice for zone and WIP naming in such situations? Do people generally use the same zone name on both internal and external, and differentiate the internal vs. external WIP in the WIP hostname (e.g. test-internal-wip.lb.company.com vs test-external-wip.lb.company.com)? Or do people generally differentiate the internal vs. external zone names, (e.g., lb-ext.company.com and lb-int.company.com) and use the same hostname for an internal vs. external WIP (e.g., test.lb-int.company.com vs. test.lb-ext.company.com)?

 

Sorry this is kind of convoluted, i couldn't think of a more straightforward way to ask it.

 

1 Reply

  • I have a vary similar setup. What I've done in the infoblox public view, created a sub zone that delegates to a DMZ GTMs(where Wide IPs are configured resolve NAT addresses). For the Infoblox Internal view, created another sub zone that forwards the delegation to an internal pair of GTMs.(resolves to real IP)

     

    Then in infoblox, we just create cname records in the appropriate view/zone to point to the appropriate name.delegationzone.