GTM and Wide IPs

Question

Hi Guys,&nbsp;
New to GTM and DNS in general and already this site has helped hugely so thanks all that contribute. However struggling a little with the GTM setup, DNS delegation and wide IPs.&nbsp;
Want to be in a position where the GTM responds to requests for Wide IPs (multiple different customers). Currently we do not want to look after DNS for the entire domain or even sub domains necessarily just a portion of it. Customer A may have 2-3 FQDN from a domain that they want to delegate to us.  I Would like to understand the options available to the customer to delegate those specific FQDNs so that the GTM can respond and present the relevant IPs appropriately. Furthermore in doing so I would like to understand the Zonerunner records that would need to be created (or in fact are created automatically) to serve such rrequests. Any advice or links would be much appreciated&nbsp;

bhanu_9561 · Answer

Here is what you can do.&nbsp;
Say that your DNS servers are authoritative for example.com domain and it answers for all queries for example.com domain. Say you need the GTM to hand out DNS requests for forward.example.com.&nbsp;
Create a new domain wip.example.com and make the GTM authoritative for this new domain (Create a new Zone record in Zonerunner for wip.example.com domain - This will create a new SOA record and a NS record on the GTM).&nbsp;
Create new CNAME entry for forward.example.com which points to forward.wip.example.com on the regular DNS.&nbsp;
forward.example.com CNAME forward.wip.example.com&nbsp;
Create a new WideIP on the GTM for forward.wip.example.com&nbsp;
At this point any DNS query for forward.example.com that a client asks for will eventually end up at the GTM.&nbsp;
What happens:&nbsp;

Client asks regular DNS for forward.example.com&nbsp;

DNS server has a CNAME pointing to forward.wip.example.com&nbsp;

DNS server knows that GTM is authoritative for the wip.example.com domain&nbsp;

DNS sends a request to the GTM for forward.wip.example.com&nbsp;

GTM responds back with the IP for forward.wip.example.com to the DNS server&nbsp;

DNS server responds back to the client with the IP address&nbsp;

Note: In this scenario the GTM is going to see the DNS server as the source of the DNS query and not the actual client machine.&nbsp;

david0512_20548 · Answer

Hi Bhanu,&nbsp;
Thanks for this. Very clear and concise. So the GTM would have to have an SOA and NS record for each domain it was responding for? I notice that when creating a wide ip the SOA and NS record gets setup automatically. But, If i am in a position where we have 100 FQDNS required for a specific customer (lets say forward.example.com, forward1.example.com, forward1.example1.com, forward.example1.com) i would like to use wildcards to ease administration. For the above perhaps i have tried to create a wide ip such as .example.com that would cover off each FQDN (or used wilcards in aliases). Is this possible?  When i test with DIG (DIG @ forward.example1.com) i get a correct response as expected but if an actual DNS server makes the request it fails. It seems that using wildcards doesnt seem to create the SOA/NS records automatically and i assume that because we dont have an SOA/NS record for the domain in question the query from the DNS server fails as the GTM is not authoritative for the domain?&nbsp;

david0512_20548 · Answer

wildcard should read *.example*.com

bhanu_9561 · Answer

David,&nbsp;
Correct, when you create a wild card WIDE IP it will not create the SOA/NS records on the GTM. Once you create the SOA/NS records, the wild card WIDE IPs should work as expected.&nbsp;
If you configure the wild card WIDE IP as forward*.wip.example.com, the GTM will respond to forward2.wip.example.com, forward7.wip.example.com, etc...&nbsp;
http://support.f5.com/kb/en-us/products/lc_9_x/manuals/product/lc_config_10_2/lc_wideips.html&nbsp;
Thanks.&nbsp;

david0512_20548 · Answer

Thanks again......one confusing aspect is that docs suggest wide ips are separate from zonerunner files. But with the above in mind i dont see how the two are not related. For wide ips to work you need zonerunner entries even if you are not using full functionality of bind

Forum Discussion

GTM and Wide IPs

6 Replies

Recent Discussions

Issue on license renewal

Maximum throughput of f5 ltm

iRule cookie persistence and pool redirect

redirect not working

Access azure app service using f5 LTM

Related Content

Understanding GTM Wide IP Operations

pyControl Create Wide-IP on GTM

Migrate part of GTM to another GTM

steps to configuring mx record by using wide IP

configuration of mx record with using wide IP