Forum Discussion

Bryan_A's avatar
Icon for Altostratus rankAltostratus
Sep 18, 2017

DNS Express source IP for zone transfer

I have DNS Express set up to transfer zones from an authoritative DNS server on the other end of an F5 IPSEC tunnel like this: (LAN) <--> F5 B IPSEC ENDPOINT <--> WAN <--> F5 A IPSEC ENDPOINT <--> Authoritative DNS on (LAN)


F5 A can easily initiate a zone transfer from the authoritative DNS server, as it's on the same local subnet.


However, F5 B cannot do so because it is initiating the transfer using the public self IP address of the F5 unit B. It (presumably by consulting the routing table) is using the default route to initiate the transfer, but I'd like it to use the self IP in the network since IPSEC is set up to tunnel the two and networks. I should note, the tunnel DOES work for traffic not originating or terminating on the F5's. For example, ping between server 1 and 2 as shown below works:


Server 1 ( <-> F5 B ( <-> WAN <-> F5 A ( <-> Server 2 (


So is there a way to have DNS express use the self IP address in LAN instead of the public address?


Hope this makes sense. Thanks.


1 Reply

  • Did you find a solution to your issue? Landed here as I'd like to have DNS Express resolve to a different ZoneRunner (bind) view and by default it will use to get to the local bind, as of course can be expected.