Simple iRule For DNS Intercept on Big IP DNS
Within our network we are using Big IP DNS for all of our DHCP clients, so all DNS requests come to the BIG IP DNS first for resolution. If there as no Wide IP setup for the DNS request, then the request is just forwarded to our Windows DNS servers for resolution. This all works fine; however due to various mergers we now have a situation whereby we have a FQDN is handled on the Windows DNS servers by use of conditional forwarders for that FQDN domain. Unfortunately, the DNS servers which are in another country are resolving the IP Address of this specific IP address (which is a NAT address) which we cannot route to from our country. The specific server which provides the services for this FQDN is actually based in our country and we can route to the 'real' IP address (but not the NAT), but for operational reasons, we need to use the conditional forwarders and the DNS resolution from the overseas DNS servers. So, all I want to do is put a very simple iRule on the F5 Big IP DNS which sits behind the FQDN, which I will present as a Wide IP, so that if any of the DHCP clients, which use the F5 Big IP DNS for DNS resolution does a lookup for that specific FQDN, then the iRule will return the 'real' IP address of the server and the DNS request will have been intercepted before it reaches the Windows DNS servers. I'm sure that this is something REALLY simple to achieve, but not being an iRule expert, I just cannot seem to get the syntax correct to make this happen. I'm sure this is probably a 3 line iRule, but I'm failing to find a simple example anywhere! All it needs to do is:
Create a Wide IP of "ABC.DOMAIN.PRIVATE"
and apply the simple iRule of:
if DNS lookup = "ABC.DOMAIN.PRIVATE" then return DNS response "123.123.123.123" else process requests as normal
Surely this is possible?
Can anyone help with an example iRule?
Any help appreciated.
Dom.