Forum Discussion

Jim_Araujo_1061's avatar
Jim_Araujo_1061
Icon for Nimbostratus rankNimbostratus
Aug 08, 2014

GTM iRule to provide CNAME based on source IP of query.

Hi folks, I am trying to create an iRule to perform a split-view DNS function, but still maintain the WideIP multiple pools functionality. For example I have 3 different views, internal, external, and affiliates. I know internal view clients source from 10.0.0.0/8, external is the catch all (meaning anything that doesn't match internal or affiliates condition), affiliates are coming from a specific subnet 10.254.254.0/24. Let's use a single domain name for this example. test.example.com. For internal, external, and affiliates I want the resolution to be different. But I want to maintain the multiple pools for redundance and fail-over for each view. So internal will have 2 pools (pool_internal1 pool_internal2), external will have 2 pools (pool_external1 and pool_external2), and finally affliates will have 2 pools ( pool_affilates1 and pool_afflilates2). I've decided the easiest way to maintain the multiple functionality accross all 3 views was to create a main WIP of "test.example.com" and a subdomain for each other view. So we have external (default catch all) of test.example.com with it's appropriate pools, an test.internal.example.com with it's pools, and finally test.affliate.example.com with it's pools. Here is my iRule:

when DNS_REQUEST {
    if { [IP::addr [IP::remote_addr] equals 10.254.254.0/24] } {
          cname test.affilate.example.com

   } elseif { [IP::addr [IP::remote_addr] equals 10.0.0.0/8] } {
      cname test.internal.example.com

   }
  everything else will be handled by the default pools in the main WIP
}

I am testing right now with a VE GTM that has 3 listeners (10.254.254.3, 10.0.0.3, and 1.1.1.3) to mimic the different incoming queries. On a Linux box I am using DIG to query against each listerners.

What is happening is i run

dig @10.254.254.3 test.example.com

and I get back the CNAME of test.affilate.example.com, but no IP address is returned. DIG also gives a warning that "WARNING: recursion requested but not availble."

I am wondering if there is something I need to enable on the GTM to perform recusion on itself? Since it has WIPs for test.example.com and text.affilate.example.com

8 Replies

  • So you get back the proper CNAME response of test.affilate.example.com when you query for test.example.com. When you then do a dig for test.affilate.example.com, does your GTM properly resolve that?

     

    GTM shouldn't be allowing recursion unless you specifically configure it to do so. If it's an authoritative DNS server and not a caching/resolving server, then you won't need recursion.

     

    • Jim_Araujo_1061's avatar
      Jim_Araujo_1061
      Icon for Nimbostratus rankNimbostratus
      Yes when I query test.affilate.example.com I receive back a correct IP from the WIP I made for test.affilate.example.com.
    • Cory_50405's avatar
      Cory_50405
      Icon for Noctilucent rankNoctilucent
      Sounds like your solution is working as intended as far as I can tell.
    • Jim_Araujo_1061's avatar
      Jim_Araujo_1061
      Icon for Nimbostratus rankNimbostratus
      Shouldn't it return an IP when I query test.example.com? query --> CNAME --> A record?