Nimbostratus
Employee, for something of this complexity, you may be well-served to engage F5 Professional Services. I will also say that the DNS Services module can handle this sort of case more natively.
Having said all of that, I assume the above rule works, but it is only returning a single A record. Is that the case? I also understand from your description that, if all three uplink checks (the LB::status node calls, that is) succeed, you want to return all three A records (essentially, all three class match -value $fqdn calls). What do you want to happen if two of the links are up? Return two A records? I will assume that is what you want.
I've not tested the following code, but assuming the code above works, this should get you close to the right answer:
when DNS_REQUEST {
set return_a_records [list]
if { [class match $fqdn equals whitelist] } {
# does FQDN exist in our whitelist string:value datagroup for that site.
if { [LB::status node 183.91.1.1] eq "up" } {
# client made a DNS request for a Whitelist site.
lappend return_a_records [class match -value $fqdn equals whitelist]
}
if { [LB::status node 222.255.1.1] eq "up" } {
lappend return_a_records [class match -value $fqdn equals vnpt_whitelist]
}
if {[LB::status node 118.69.1.1] eq "up" } {
lappend return_a_records [class match -value $fqdn equals fpt_whitelist]
}
}
}
when DNS_RESPONSE {
if { $Whitelist_Match } {
switch [DNS::question type] {
"A" {
foreach ip $return_a_records {
DNS::answer insert "$fqdn. $static::whitelist_ttl [DNS::question class] [DNS::question type] $ip"
}
}
}
}
}