if i used the fall back mechanism as return to DNS, in this case would it return both the private and the public IPs?
Ans : Yes fallback mode Return_to_dns can return any possible ip because bind is not intelligent enough to determine the source based resolution.
Yes that is also possible , for that using the irule is solution
Is there a way to ensure that only public is returned to internet users and only private is returned to WAN users?
the best approach i would suggest is to use Fallback IP rather than return to dns (configure external pool with fallback ip as external , and internal pool with fallback ip as internal )
But if very specific to Return to dns
There are two possible logics in which irule will work as a solution
-
if the response is blank insert the DNS response ip based on the source (in this configure fallback mode to none in both the pools )
-
if the RR ip and source combination is incorrect then change to the correct one.
In both the above cases you have to create 2 data groups (internal_subnet , external subnet) to use in the irule.