I would appreciate if you can point me to right direction as I'm out of ideas in this regard:
F5 LTM has VS (1.0.0.1:53) with pool of DNS servers (2.2.2.0/24), when client sends query to 1.0.0.1:53, I would like keep the originator's ip address for additional processing on DNS nodes. This does not work as nodes are answering with source IP 2.2.2.xx.
Is there any way to achieve this with F5 LTM?
On nodes, I have lots of ACL, QPS limits per ACL, DNS spoof in the case of VPN connection used which prevents me of using Source Translation - automap.
P. S. My F5 does not have licenses for DNS/GTM but for LTM/ASM.
If DNS was provisioned on the box then eDNS0 would be an option. But in order to use eDNS0 you have to have a DNS profile that requires GTM provisioned: https://clouddocs.f5.com/api/irules/DNS__edns0.html.
There is really only one way to do this from a network perspective. If you put an interface/IP on the F5 in the 2.2.2.0/24 network. Then you would have to make the default gateway of the DNS servers be the IP address created in 2.2.2.0/24. For further HA you would need 3 IP addresses in 2.2.2.0/24, one for each F5 LTM and then a floating address. The default gateway would be the floating address. This will force all the traffic going to the DNS boxes to come back through the LTM to keep the TCP Handshakes functional.
To further complicate I have done scenarios where the DNS box has multiple routes on it. The default route goes to the BIG-IP LTM but then other routes for internal clients to a different router. But to accomplish exactly what you have asked I would use above method and make the LTM the default gateway of the DNS boxes.
If DNS was provisioned on the box then eDNS0 would be an option. But in order to use eDNS0 you have to have a DNS profile that requires GTM provisioned: https://clouddocs.f5.com/api/irules/DNS__edns0.html.
