Name resolution based on source IP

Question

Newbie question, but please let me know if this is possible. 
&nbsp;  
&nbsp; I have a domain www.mydomain.com that resolves publicly to one address  (akamai cached) 
&nbsp; The same domain www.mydomain.com resolves to a different address on our internal network (direct connection the the F5 Virtual Server address) 
&nbsp; There are certain conditions when I want to route the traffic from our internal network to the Akamai hosted address (http redirects don't work) 
&nbsp; Is there a way to force a dns lookup using a specified external nameserver when certain conditions are met on a HTTP_Request? 
&nbsp;  
&nbsp; Thanks 
&nbsp;  
&nbsp; G

the_bhattman · Answer

Hi Garth, 
&nbsp;    I believe so.   
&nbsp; Take a look at this wiki for NAME resolution commands 
&nbsp;  
&nbsp; http://devcentral.f5.com/wiki/default.aspx/iRules.NAME 
&nbsp;  
&nbsp; I hope this helps 
&nbsp;  
&nbsp; Bhattman

hooleylist · Answer

You could take the name lookup functionality from the first Codeshare example below and modify it to do a lookup every X seconds as in the second example: 
&nbsp;  
&nbsp; http://devcentral.f5.com/wiki/default.aspx/iRules/DestinationSnatUsingDNS.html 
&nbsp; http://devcentral.f5.com/wiki/default.aspx/iRules/LogEveryXSeconds.html 
&nbsp;  
&nbsp; You might also want to consider upgrading to 10.1 to use the new RESOLV::lookup command: 
&nbsp;  
&nbsp;  
&nbsp; http://devcentral.f5.com/wiki/default.aspx/iRules/resolv__lookup 
&nbsp;  
&nbsp; Like the NAME::lookup  command, RESOLV::lookup performs a DNS query, returning the A record for the indicated hostname, or the PTR record for the indicated IP address. The functional difference between the two is that RESOLV::lookup suspends and returns the result inline, whereas NAME::lookup continues and eventually causes NAME_RESOLVED to fire and then you need to call NAME::response to retrieve it. 
&nbsp; &nbsp; 
&nbsp;  
&nbsp; Aaron

kev_245_28249 · Answer

Can one use this code share in the following mannor?
&nbsp;In regards to using the LTM as a reverse proxy could the iRule be used to determine the destination that gets applied to the pool in a VIP? 
&nbsp;An example, an internal server does file transfer to an ip that is a VIP on the external LTM. The LTM then is triggered by the iRule mentioned  above, does a lookup to resolve the actual destination ip address and sends the traffic outbound.&nbsp;
&nbsp;Is it fair to say, a static name like update.sun.com would be applied to the iRule mentioned in the code share, when the response is received the destination is then set.&nbsp;
&nbsp;If this is the case would you have to configure all possible replies as members of a pool? Or would the response from the dns lookup result in being set as the destination?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

hooleylist · Answer

You can use the node command to assign an arbitrary IP and port for a load balancing destination.  The IP:port does not need to be a pool member. 
&nbsp;  
&nbsp; I'll see about writing an example with RESOLV::lookup sometime soon with caching of the response(s) in a subtable.  Else, you can use the Codeshare examples posted above as a start. 
&nbsp;  
&nbsp; Aaron

colin_walker_12 · Answer

So what Aaron's trying to say is, "No, you don't have to configure all of the possible IPs as a member of a pool". ;) 
&nbsp;  
&nbsp; Colin

Forum Discussion

Name resolution based on source IP

5 Replies

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

F5 GTM resolution issue

DNS over HTTPS Resolution

How to make DNS resolutions in an HTTP request event work FOR you, not against you

Dynamic FQDN Node DNS Resolution based on URI with Route Domains and Caching iRule

Source IP Based Pool Routing