GTM/DNS - separate listeners for internal vs. external DNS requests recommended?

Question

Have had our GTMs setup for internal gslb for a bit now - going to expose the GTMs for public DNS access as well. An external firewall will NAT the incoming traffic to the GTM's listener (which is a private IP).&nbsp;
In such a scenario, is it recommended to have a separate listener for the public traffic?  Or what are the considerations that would decide on reusing the internal listener vs. establishing a separate one?&nbsp;
thx&nbsp;

vijay_e · Answer

There is really no need to have 2 separate WIPs for internal and external DNS requests. &nbsp;
There is one thing that you may want to consider - DNS tends to get DoS'd quite frequently with brute force/flood of requests. Can the firewall in front of the GTM handle flood of traffic ? If the firewall also filters non-DNS traffic for other applications, you can remove the firewall and use a standalone GTM with public IP address in order to prevent other services from going down because of a DNS DoS attack. &nbsp;

stanislas_piro2 · Answer

Hi,&nbsp;
Creating 2 different listeners won’t change gtm behavior.&nbsp;
The only benefit to create a second listener is to apply an irule on it to rewrite request value.
Then, gtm will handle différents wideip for internal and external listeners&nbsp;

Forum Discussion

GTM/DNS - separate listeners for internal vs. external DNS requests recommended?

2 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

F5 Distributed Cloud - Listener Logic

How to listen to the DevCentral Podcasts

Log separation by event

UDP DNS listener doesn't resolve DNS query but TCP DNS listener can

https and separate port VS