GTM split zone DNS responses - iRule
I've just implemented GTM.. we have a split dns zone.. internal IPs for our intranet, and external IPs for our external folks. I consider that pretty standard. Oddly, F5 doesn't appear to have any simple method of continuing my split-zone practice when it comes to wide-IPs in the GTM world..
The best I've been able to come up with is an LTM iRule that I place on the LTM virtual server that listens to udp/53 for GTM name serving.. Below is the iRule (I apologize, I didn't see a "code" tag in this editor)..
Essentially, this looks at DNS responses from GTM.. if the client IP is within the private IP range (RFC1918, which is simply a data group), then it does a lookup in another data group (GTM_internal_translation) that will allow the iRule to swap out the external wide IP with the internal version. This does require that I have a one-to-one mapping predefined in the GTM_internal_translation data group.
My question to the iRule gawds is two fold.. 1) Is this insane? i.e. Is there an easier way? 2) How can this method be optimized?
I was initially thinking I'd do a GTM iRule, but I couldn't find the functions that were compatible in GTM iRules to pull this off.. but it certainly seems like a better place to do the iRule.. did I just miss the functions to look at the DNS response within GTM iRules?
Thank you kindly!
when DNS_RESPONSE {
if { [class match [IP::client_addr] equals RFC1918] } {
set response [split [DNS::answer] ]
set request [ lindex $response 4 ]
log local0. "Alert: $request requested"
if { [class match $request equals GTM_internal_translation ] } {
set answer [class match -value -- $request equals GTM_internal_translation ]
log local0. "Alert: $answer answered"
set ttl [DNS::ttl [DNS::answer]]
DNS::answer clear
DNS::answer insert "[DNS::question name]. $ttl [DNS::question class] [DNS::question type] $answer"
}
}
}