except that I noticed that the GTM uses other public IP which I have not configured in the Root hits part knowing that I have specified two external public IPs that the GTM must consult to resolve. is there a way to tell the GTM does the resolution only from these two IP XXXXX YYYYY
Private Root Hint server IPs are configured when the network is completely isolated from public networks. For example, Military networks,classified networks etc.
For the networks connected to Public internet, there is no need for defining private root hint servers as public root hint servers do the job pretty well.
Based on your problem description, I think, the DNS resolver you are building is not for air-gap or classified networks which are disjointed from public internet.
If that is true, you need not configure root hint servers and leave it blank so it uses public root servers as it should.
Moreover, when you query for a public domain name, and network is connected to public internet in any way, you can only get a Authoritative answer from a public source(IP) .
thank you for your help and support. is there a way to configure my DNS resolver to use just one public ip for example 8.8.8.8 to respond to internal DNS queries.
today even if I configure my forwarded zone with 8.8.8.8 I still see that my GTM uses public root IP
To configure the GTM (Global Traffic Manager) to perform name resolution using specific external public IPs, you can follow these steps:
Log in to the GTM configuration utility.
Go to the "DNS" section and select "DNS Resolver".
Under "Name Server Configuration," you should see a list of configured DNS servers.
Edit the existing DNS server or create a new one if needed.
In the "Root Hints" section, you'll find a list of IP addresses for root DNS servers. Remove any IP addresses that you don't want the GTM to use for resolution.
Add your desired external public IPs (XXXXX and YYYYY) to the "Root Hints" section. Make sure to follow the correct format (IP address/32).
Save the configuration changes.
By modifying the "Root Hints" section and removing unwanted IP addresses while adding your desired external public IPs, you can ensure that the GTM only consults the specified IPs for name resolution.
Please note that the exact steps and terminology may vary depending on the version of the F5 BIG-IP software you are using. It's always a good practice to consult the official documentation or seek assistance from F5 Networks or their support community for specific instructions related to your GTM version.
