Deliver different ips having the same dns zone name but in different views

Question

Good morning gentlemen.

I have an interesting case to be solved, the scenario is:

I have 2 listening and I have two views, one internal and one external, however the name of the zones are the same, for example xpto.com.br, I need that when a request is made to test.xpto.com.br to listening 1 ( 10.10.10.10) it delivers the ip of the internal view, and when a request is made to listening 2 (20.20.20.20) it delivers the ip of the external view.thanks for all the help in advance.&nbsp;&nbsp;

paulius · Answer

Eduardo_Vieira You might be able to use the following article to help out with this.
https://clouddocs.f5.com/api/irules/DNS_REQUEST.html
The better alternative here would be to have the GTM listening on only the 20.20.20.20 and then configure your perimeter firewall to perform DNS doctoring which changes the destination in the DNS response from the mapped IP to the real IP so that when people outside of your organization make the query they are still provided the public IP and everyone internally receive the real IP which is usually a private IP.

eduardo_vieira · Answer

But in that case I still have the same problem?

At this point I will have a listening, in this case the 20.20.20.20 and requests will arrive at it and it will respond only to one zone right? So I understand that the problem is the same.

The idea of having 2 listening would be for each one to deliver the resolution of a different view, in this case one delivers INTERNAL and the other EXTERNAL.

paulius · Answer

Eduardo_Vieira If your edge firewall has DNS doctoring then you wouldn't have the same issue because lets say you have a NAT that is 20.20.30.10 that nats to private IP 10.10.30.10 with DNS doctoring. If an internal client received any DNS response from anywhere that the response has to pass back through your firewall and the destination of that record is 20.20.30.10 the firewall would change the response to now use 10.10.30.10 which would then send you to the internal destination rather than the public destination.

additiondakku01 · Answer

DNS doctoring which changes the destination in the DNS response from the mapped IP to the real IP so that when people outside of your organization make the query they are still provided the public IP and everyone internally receive the real IP which is usually a private IP.

eduardo_vieira · Answer

I'll check this information, but I think the scenario was poorly explained on my part, sorry, I'll try again.

I have a bigip dns configured with two views, one internal and the other external, in the view configuration it has precedence, where when performing a query in a listening, say 10.10.10.10 it will search in the internal view and if not find it, do it on the outside. And right there I find the problem, I need to make the IP 10.10.10.10 query only an internal view. This tense scenario 2 listening would be basically the same, where 20.20.20.20 would query only the external view.

I hope the situation is clearer.

Forum Discussion

Deliver different ips having the same dns zone name but in different views

7 Replies

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Copper SFP Differences

Different policies same destination and pool

Http monitor on different port

Disable vip that is listening on different ports

gtm sync group different software version