Forum Discussion
DNS Express source IP for zone transfer
I have DNS Express set up to transfer zones from an authoritative DNS server on the other end of an F5 IPSEC tunnel like this:
10.1.1.0/24 (LAN) <--> F5 B IPSEC ENDPOINT <--> WAN <--> F5 A IPSEC ENDPOINT <--> Authoritative DNS on 10.1.2.0/24 (LAN)
F5 A can easily initiate a zone transfer from the authoritative DNS server, as it's on the same local subnet.
However, F5 B cannot do so because it is initiating the transfer using the public self IP address of the F5 unit B. It (presumably by consulting the routing table) is using the default route to initiate the transfer, but I'd like it to use the self IP in the 10.1.1.0 network since IPSEC is set up to tunnel the two 10.1.1.0 and 10.1.2.0 networks. I should note, the tunnel DOES work for traffic not originating or terminating on the F5's. For example, ping between server 1 and 2 as shown below works:
Server 1 (10.1.1.50) <-> F5 B (10.1.1.1) <-> WAN <-> F5 A (10.1.2.1) <-> Server 2 (10.1.2.50)
So is there a way to have DNS express use the self IP address in LAN instead of the public address?
Hope this makes sense. Thanks.
- dmgeurtsNimbostratus
Did you find a solution to your issue? Landed here as I'd like to have DNS Express resolve to a different ZoneRunner (bind) view and by default it will use 127.0.0.1 to get to the local bind, as of course can be expected.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com