Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral




GTM/DNS - How to delegate just the main domain to GTM

Here is the issue I have with DNS/GTM. We have our own DNS servers that run the main domain i.e. test.com. Specific subdomains are delegated to the GTM's such as marek.test.com. This works great.

However now we want to put the main site on the GTM's, test.com while keeping all the other subdomains like corp.test.com on our main DNS servers.

Does anyone know how you can delegate just the main domain to the GTM's? So any queries coming to our DNS servcers for test.com will get forwarded to the GTM's, while others like corp.test.com will get answered by our DNS servers. The DNS folks at my company are stating this cannot be done due to the SOA present on test.com.

Any help would be greatly appreciated. Thank you.


15 Answer(s):

Hi Marek,
Did you look into Zonerunner on the GTM?

You can find information about ZoneRunner here


I hope this helps
I think this is just for syncing the zones. We do not want the GTM to be the authorative server for the entire test.com zone. Just for test.com. I think the Zonerunner just helps in syncing the zone files.

When our DNS servers receives a request for test.com we want it to forward it to the GTM's. If our DNS servers receive a request for corp.test.com we want the DNS to resolve locally.
Yes I now understand. Unfortunately, I think you just hit the DNS laws of physics. Unfortunately the record w/o the "www' is the root record and I don't think you can have the GTM host the root record and the other DNS server be authoritative for the same domain.

My 2 cents


While there might be a way to do what you want why not just use CNAME's for the stuff on your F5 and leave your DNS server authortative for everything else?
I asked the same thing, Our DNS folks stated you cannot use the CNAME on a root record that has an SOA. Do you know if this is true?
Yes that is very true. Any reason why you can't make test.com the authoritative on the GTM?


You can configure the GTM with wideip for test.com, then configure a pool on the listener vip to loadbalance to the downstream DNS servers for all subdomains. This is very similiar to how BIND runs on the box, except using external DNS server...

You could also setup the GTM in front of your authoritative name servers (architecturally, bridged or routed) and intercept the test.com queries, and any other queries for that matter, and pass all other traffic the gtm is not interested in back to them. It works well, though I'd recommend staying away from the bridging side of that solution.
I am exceptionally late to the party but I am looking for help on something else and came across your post.

We do this a lot.  For policy reasons we could not have our GTMs participate in DNS for our highest level domains.  However we have delegated a sub domain to the GTMs just fine and CNAME specific entries.

example.com is served by our external DNS servers
lb.example.com is served by our GTMs and sub domain is delegated in example.com to a self IP on our GTMs

On the GTMs we setup the basics for the lb.example.com subdomain, SOA, NS etc and then add pools, wideips and so on.

Then we configure a wideip for www.lb.example.com and make www.example.com a CNAME for www.lb.example.com.

Voila, the GTMs are not directly involved in serving example.com.

I’d like to piggy back on Alan’s post.

What I do is just delegate the wide ip from the primary zone to the GTM. Thus for the www wide ip, the primary zone has NS records pointing to the GMTs:

www ns1.mygtm.com.
www ns2.mygtm.com.

This eliminates the need for cname records.

Hi Guys,

Does enabling allow-transfer on DNS servers and creating a master zone file means GTM will be the primary DNS right away?

I am New To GTM,So my question is simple

for example , i have dove.com, which was published over internet, but i want to resolve the DNS requeste on my local GTM, but if user from home request dove.com, it will go to (INNI DNS servers). how come my GTM Box can select best server and provide the IP to user?

my guess, i have record on INNI DNS server, stating, get DNS request from my GTM BOX?

GSLB for top level domains can not be done through delegation (cname is not an option) You have to be in line. YOu need to create a delegated subdomain from your ISP to the GTM , meaning the CNAME will point to a NS which is the GTM that is the NS for that domain e.g.

Alternatively without delegation you need to be the Authoritative of the entire domain. you can host the Zone file on the GTM , make it the Auth server and add the DTM Wide-IP as the records you wish to provide to GSLB

Thanks Yaacov, I Understood, CNAME will Point out my GTM as DNS Server or NS for user try to access from public internet, CNAME point out the FQDN name, I have Multiple GTM across global, with same FQDN, what will happen in real scenario,

All your GTMs should sync in order to provide the same domain. Each GTM might respond differently to the A / AAAA query that was delegated to him from a CNAME. Each GTM will have a wide-ip that holds the A record and behind it a pool of addresses based on your policy to resolve to.

Please see also : https://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-implementations-11-6-0/4.html?sr=43504147


Your answer: