For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Son_of_Tom_1379's avatar
Son_of_Tom_1379
Icon for Nimbostratus rankNimbostratus
Jun 29, 2015

Changing ZoneRunner NOTIFY Source Address

Hi There,   I'm attempting to setup an external name server as a secondary slave, and cannot see how to change the source address when the zone sends it's NOTIFY to the secondary server from a Sel...
application delivery
BIG-IP DNS
LTM
DM706_346160's avatar
DM706_346160
Icon for Altostratus rankAltostratus
Feb 07, 2019

Hey guys/gals, I know this post is very old... but

 

I'm having a very similar problem. My ISP provider will not process NOTIFY on one address and perform a zone transfer to another IP.

 

My specific problem is caused by the egress path used for the NOTIFY is different than the ingress path for the DNS servers. I think this is because NOTIFY messages use Common partition egress and for external DNS listeners I've placed them in an /EXT/ partition. F5 is behind an ASA with NAT to those /EXT/ listeners.

 

I've been told by a few F5 experts to leave the BIND implementation alone, e.g. don't manually modify its files. Further, antonioc states it doesn't work to add notify-source to the named.conf.

 

Which means my only option is to change the NAT rule and create new listeners on the self-ips that are also used for egress NOTIFYs.

 

Any other ideas?