Solved: CSS DNS respone for public IP address

davidbuit · ‎01-24-2008

Is it possible to have the CSS respond with an A record IP address that isn't configured as a VIP?

I.E. If an end user is looking up a DNS name for www.mysite.com which is Globally load balanced with my CSS and I want to return the public address as apposed to the internal private address of the VIP, can I do this?

E.G

dns-record a www.mysite.com 201.1.1.1

# this is the public IP address that is translated by an external firewall to 10.1.1.1 for internal comms

content mysite.com

vip address 10.1.1.1

protocol tcp

port 80

url "/*" eql cacheable

add service mysebserver

Gilles Dufour · ‎01-25-2008

yes, this is possible.

Just be aware that if you have internal hosts trying to get a dns answer from the CSS they will also get the public ip.

There is no way to distinguished between internal and external host.

Normally, you should only answer with the private ip and the firewall uses dns fixup to translate the ip inside the dns response.

With a GSS, it is possible to use a src ip access-list so the dns response can be different depending on the ip of the requester.

Gilles.

View solution in original post

Gilles Dufour · ‎01-25-2008