Forum Discussion
I have a similar situation (2 pure GTMs). In my case, the irule works very well. I have set up all of the internal records as WideIPs, then you can apply the irule directly to the WideIP It can also be done using an additional "view" (under Zonerunner view list), but I think that the irule on WIP is simpler and more flexible.
In my case, I have an irule that drops everything that does not have an RFC1918 source address. this rule is applied to the internal WIPs.
when DNS_REQUEST { if { ([IP::addr [IP::client_addr]/8 equals 10.0.0.0])} { } elseif { ([IP::addr [IP::client_addr]/12 equals 172.16.0.0])} { } elseif { ([IP::addr [IP::client_addr]/16 equals 192.168.0.0])} { } else {log "[IP::client_addr] attempting to query internal dns zone!!!!!" discard } }