GTM/DNS - How to delegate just the main domain to GTM

Here is the issue I have with DNS/GTM. We have our own DNS servers that run the main domain i.e. Specific subdomains are delegated to the GTM's such as This works great.

However now we want to put the main site on the GTM's, while keeping all the other subdomains like on our main DNS servers.

Does anyone know how you can delegate just the main domain to the GTM's? So any queries coming to our DNS servcers for will get forwarded to the GTM's, while others like will get answered by our DNS servers. The DNS folks at my company are stating this cannot be done due to the SOA present on

Any help would be greatly appreciated. Thank you.


15 Answer(s):

Hi Marek,
Did you look into Zonerunner on the GTM?

You can find information about ZoneRunner here

I hope this helps
I think this is just for syncing the zones. We do not want the GTM to be the authorative server for the entire zone. Just for I think the Zonerunner just helps in syncing the zone files.

When our DNS servers receives a request for we want it to forward it to the GTM's. If our DNS servers receive a request for we want the DNS to resolve locally.
Yes I now understand. Unfortunately, I think you just hit the DNS laws of physics. Unfortunately the record w/o the "www' is the root record and I don't think you can have the GTM host the root record and the other DNS server be authoritative for the same domain.

My 2 cents


While there might be a way to do what you want why not just use CNAME's for the stuff on your F5 and leave your DNS server authortative for everything else?
I asked the same thing, Our DNS folks stated you cannot use the CNAME on a root record that has an SOA. Do you know if this is true?
Yes that is very true. Any reason why you can't make the authoritative on the GTM?


You can configure the GTM with wideip for, then configure a pool on the listener vip to loadbalance to the downstream DNS servers for all subdomains. This is very similiar to how BIND runs on the box, except using external DNS server...

You could also setup the GTM in front of your authoritative name servers (architecturally, bridged or routed) and intercept the queries, and any other queries for that matter, and pass all other traffic the gtm is not interested in back to them. It works well, though I'd recommend staying away from the bridging side of that solution.
I am exceptionally late to the party but I am looking for help on something else and came across your post.

We do this a lot.  For policy reasons we could not have our GTMs participate in DNS for our highest level domains.  However we have delegated a sub domain to the GTMs just fine and CNAME specific entries. is served by our external DNS servers is served by our GTMs and sub domain is delegated in to a self IP on our GTMs

On the GTMs we setup the basics for the subdomain, SOA, NS etc and then add pools, wideips and so on.

Then we configure a wideip for and make a CNAME for

Voila, the GTMs are not directly involved in serving

I’d like to piggy back on Alan’s post.

What I do is just delegate the wide ip from the primary zone to the GTM. Thus for the www wide ip, the primary zone has NS records pointing to the GMTs:


This eliminates the need for cname records.

Hi Guys,

Does enabling allow-transfer on DNS servers and creating a master zone file means GTM will be the primary DNS right away?

I am New To GTM,So my question is simple

for example , i have, which was published over internet, but i want to resolve the DNS requeste on my local GTM, but if user from home request, it will go to (INNI DNS servers). how come my GTM Box can select best server and provide the IP to user?

my guess, i have record on INNI DNS server, stating, get DNS request from my GTM BOX?

GSLB for top level domains can not be done through delegation (cname is not an option) You have to be in line. YOu need to create a delegated subdomain from your ISP to the GTM , meaning the CNAME will point to a NS which is the GTM that is the NS for that domain e.g.

Alternatively without delegation you need to be the Authoritative of the entire domain. you can host the Zone file on the GTM , make it the Auth server and add the DTM Wide-IP as the records you wish to provide to GSLB

Thanks Yaacov, I Understood, CNAME will Point out my GTM as DNS Server or NS for user try to access from public internet, CNAME point out the FQDN name, I have Multiple GTM across global, with same FQDN, what will happen in real scenario,

All your GTMs should sync in order to provide the same domain. Each GTM might respond differently to the A / AAAA query that was delegated to him from a CNAME. Each GTM will have a wide-ip that holds the A record and behind it a pool of addresses based on your policy to resolve to.

Please see also :

Your answer: