External DNS to GTM

If you have a wide IP configured with a pool containing two members (VIP on active site LTM, VIP on DR site LTM), and you disable the pool member corresponding to your active site LTM, GTM should then hand out the answer for the DR site LTM. If this isn't happening, then it sounds like DNS traversal may not be happening as you expect or some caching is occurring.

If you query the GTM's public listener directly rather than traversing normal DNS, do you see the expected results?

Thank You for your response.

The failover action is working correctly in GTM when I am trying from Internal DNS.But when I am trying to access the URLfrom Public Inernet,it is not giving correct results.

We have used a Private IP as the GTM listener.The traffic flow is External DNS-->NAT in Firewall( Public to Private)--->GTM( self IP/Listener IP- private IP space)---> Wide IP---> Wide IP pool --->Active/DR VIP of LTM.......

I have created an NS record for DNS delegation in External DNS and two "A" record (Pubic IP)for active/DR site, CNAME record for the actual URL. Still, am not able to access the URL in externally.

Awaiting your valuable feedback on this.

just a couple of this to try...

can you do lookups externally to the external IP address that nats to the internal IP of the GTM listner? (connectivity test)

Are you doing subdomain delegation? or host delegation?

can you do an SOA on the sub domain externally?

can you resolve the NS for the sub domain?

can you resolve the SOA for the sub domain?

set type=NS

enter domain

set type=SOA

enter domain

general rule of thumb is for delegated DNS you set a cname for the subdomain that points to NS record, client looks up hostname>returns with cname>cname lookup returns NS record>client makes a query to NS.

thanks,

B

Thanks for the understanding on this and the information.

I can access the Active / DR site externally using IP address (https://192.250.23.8 & https://67.202.219.126) , not with FQDN.

Am still waiting for the Zone delegation in the External DNS.

For example :

geha.bluefin.com IN CNAME geha.gtmf5.bluefin.com ( resolved)

gtmf5.bluefin.com IN NS jaxgtm1-p.bluefin.com ( not resolved yet) gtmf5.bluefin.com IN NS cnjgtm1-p.bluefin.com ( not resolved yet)

The zone delegation happening to some other Name servers when resolving , not the above one. (SOA/NS resolving as below)

gtmf5.bluefin.com Non-authoritative answer: gtmf5.amberoad.com nameserver = ns1626.ztomy.com gtmf5.amberoad.com nameserver = ns2626.ztomy.com

gtmf5.bluefin.com

Non-authoritative answer: gtmf5.bluefin.com primary name server = ns1626.ztomy.com responsible mail addr = abuse.opticaljungle.com serial = 2011062801 refresh = 3600 (1 hour) retry = 900 (15 mins) expire = 604800 (7 days) default TTL = 86400 (1 day)

jaxgtm1-p.bluefin.com IN A 192.250.23.8 ( resolved) cnjgtm1-p.bluefin.com IN A 67.202.219.126​(resolved)

192.250.23.8/67.202.219.126 NATed to GTM listener Private IP

Kindly advise if am in right direction towards the resolution.

Thanks / Regards,

Anto Jose

So it sounds like your GTM is configured correctly. So the parent domain isn't delegating the subdomain authoritative to your GTM via NS record. Once this is done, then things should work as expected.

Thanks for your prompt response. Much appreciated !

I will let you know the progress once NS record addition complted. Thanks