Big-IP DNS - Zone Transfers
I have a customer with 192 zones on an older Big-IP GTM device. I've implemented a newer version of Big-IP DNS (vCMP). The customer is using the Big-IP DNS as the master for all the zone files, therefore local BIND on the F5 appliances are being used. Not DNS Express.
The question I have is, is there a way to transfer over the zones in bulk? According to the documentation, it seems like this can only be done one at a time. In other words, is it possible to transfer more than one zone at a time? If so, is there a maximum limit? If not, that is OK, I just want to know what is theoretically possible and so far, I can't find any documentation that references this capability.
--------------------
**The below steps are not supported by F5 Support, due to local files are being modified. :) . If for any reason the below steps do not work, the UCS backups can be used to recover the vCMP Guests and old GTM.
*The below I am typing from memory. :-)
--------------------
**Assumed
--vCMP Guests are configured with all WIPs and DataCenter configurations.
--iquery is allowed and is working between vCMP guests.
-DataCenter shows both BIG-IP DNS servers online.
---iquery can be tested via the command iqdump
>iqdump x.x.x.x . (x.x.x.x = IP of the alternative vCMP guest BIGIP-DNS servers) . If iqdump returns an error, then you have certificate / trust issues.
-Understand the log files, to view error that may populate, based on the below steps.
--------------------
-Create a default UCS backup on the two new vCMP guests and save it to your workstation, to have a local copy.
-Create a UCS backup on the old GTM via the GUI and save it to your workstation, to have a local copy.
--------------------
-Backup the zone files on the old GTM
>cd /var/tmp
>tar -cvf zonebackup.tar.gz /var/named/config/
--------------------
-Transfer the zonebackup file to the "Master" vCMP BigIP-DNS(GTM) ( /var/tmp directory) via SCP
--You can use WinSCP or scp via putty on the old GTM
*Old GTM -- from the /var/tmp directory
>scp zonebackup.tar.gz root@x.x.x.x:/var/tmp (x.x.x.x is the IP of the Master BIGIP-DNS; replace 'root' with whichever user that you normally use to administrate)
--------------------
-On BOTH vCMP Guests, stop the bind and ZoneRunner service(s)
>bigstart stop named
>bigstart stop zrd
-From the vCMP Master, extract the zonebackup.tar.gz file into the bind service directory
>cd /var/tmp
>tar -xvf zonebackup.tar.gz /var/named/config/
*replace all files if questioned with yes "Y"
-Verify if the zone files transferred
>cd /var/named/config/namedb
>ls *
*Are the zone files listed? If so, proceed.
-Restart the Named and ZoneRunner services
>bigstart start named
>bigstart start zrd
--Verify in the GUI if you can see the Zones via ZoneRunner.
--------------------
At this point, the Secondary vCMP BIGIP-DNS guest's ZoneRunner and Bind service are stopped.
-The sync has to be fixed and to do so, we will "start from scratch by deleting the bind files and re-sync to the Master.
*Log into the Secondary BIGIP-DNS vCMP guest
>rm -rf /var/named/config/ *Removes the original files.
>mkdir /var/named/config . *Re-creates the 'config' directory
--------------------
-The next step will recopy the Bind config and zone file to the Secondary vCMP BIGIP-DNS Guest.
>gtm_add <existing_GTM_IP_address> --answer the prompts. The gtm_add script will copy the remote BIG-IP GTM configuration to the local BIG-IP GTM system.
Link: https://support.f5.com/csp/article/K8195
-Restart the Bind and ZoneRunner service (secondary vCMP Guest BIGIP-DNS)
--At this point, you should see both BIGIP-DNS servers online via the GUI
-Test create a DNS record to verify if the sync is working correctly via ZoneRunner.