NimbostratusHi All,
I have a WIP set up in my GTM and created a Topology record to state that any request coming from WAN, a private IP needs to be returned and whenever a request comes from the internet then a public IP needs to be returned.
Now when i try doing an nslookup for the url i get both the private and the public IPs. Not sure what i'm doing wrong here. Can anyone help?
Thanks.
Regards, Ramesh
Nacreous
NimbostratusNimbostratusif i used the fall back mechanism as return to DNS, in this case would it return both the private and the public IPs?
Ans : Yes fallback mode Return_to_dns can return any possible ip because bind is not intelligent enough to determine the source based resolution.
Yes that is also possible , for that using the irule is solution
Is there a way to ensure that only public is returned to internet users and only private is returned to WAN users?
the best approach i would suggest is to use Fallback IP rather than return to dns (configure external pool with fallback ip as external , and internal pool with fallback ip as internal )
But if very specific to Return to dns There are two possible logics in which irule will work as a solution
if the response is blank insert the DNS response ip based on the source (in this configure fallback mode to none in both the pools )
if the RR ip and source combination is incorrect then change to the correct one.
In both the above cases you have to create 2 data groups (internal_subnet , external subnet) to use in the irule.
Nimbostratusif i used the fall back mechanism as return to DNS, in this case would it return both the private and the public IPs?
Ans : Yes fallback mode Return_to_dns can return any possible ip because bind is not intelligent enough to determine the source based resolution.
Yes that is also possible , for that using the irule is solution
Is there a way to ensure that only public is returned to internet users and only private is returned to WAN users?
the best approach i would suggest is to use Fallback IP rather than return to dns (configure external pool with fallback ip as external , and internal pool with fallback ip as internal )
But if very specific to Return to dns There are two possible logics in which irule will work as a solution
if the response is blank insert the DNS response ip based on the source (in this configure fallback mode to none in both the pools )
if the RR ip and source combination is incorrect then change to the correct one.
In both the above cases you have to create 2 data groups (internal_subnet , external subnet) to use in the irule.
NoctilucentHi, I agree of the above 1st point of Anoop & it will work. Please use method below & use iRule. Hope issue will resolved.
Preferred: Topology; Alternet:Return to DNS; fallback : None.
when DNS_REQUEST {
if { ([IP::addr [IP::client_addr]/8 equals 10.0.0.0])}{
} elseif {
([IP::addr [IP::client_addr]/12 equals 172.16.0.0])}{
} elseif {
([IP::addr [IP::client_addr]/16 equals 192.168.0.0])}{
} else {
discard
}
}
Refer Link
NimbostratusSamir,
Your approach will discard all the requests coming from Public dns , and external users will not able to resolve the ip at all, so we should prefer DNS_RESPONSE event and modify the rr record based on the subnet.
The logic should be like below. when DNS_RESPONSE { if the dst ip contains the internal ip and the rr record is external then change rr to internal ip.
if the dst ip contains the external ip and the rr record is internal then change rr to external ip.
else keep the rr record unchanged. }
NimbostratusAnoop/Samir - Thank you so much guys!! That makes sense. I will go ahead and try both the Fallback IP method and the iRULE and see of these work.
I'll keep us posted.