Forum Discussion

MetaGawd_156909's avatar
MetaGawd_156909
Icon for Nimbostratus rankNimbostratus
Jun 26, 2014

GTM query regarding Internal and external zone views.

(EDITED 7-1)   Relatively new (a returnee of sorts ) to F5 products.   We have an implementation of GTM (a redundant pair of instances with one at two different physical locations) that we are ...
BIG-IP DNS
design
dns
views
views configuration
John_Heyer_1508's avatar
John_Heyer_1508
Icon for Cirrostratus rankCirrostratus

I was able to get this working finally, but there are a few tricks to doing so. Namely, the GTM always takes the first view match if the source IP is allowed, so "internal" needs to be listed ahead of "external" in DNS -> Zones -> ZoneRunner -> View List.

The other gotcha is each view has its own loopback IP address. This IP will be 127.10.0.X, so be sure to include that IP by itself for each view, otherwise the GTM will not be able to query itself. Here's what the named.conf file would look like when all said and done:

acl "zrd-acl-000-001" {
    127.10.0.1;
};
acl "zrd-acl-000-002" {
    127.10.0.2;
};
acl "rfc_1918" {
    10.0.0.0/8;
    172.16.0.0/12;
    192.168.0.0/16;
};
view "internal" {
    match-clients {
        "zrd-acl-000-001";
        "rfc_1918";
    };
    allow-transfer {
        "zrd-acl-000-001";
    };
};
view "external" {
    match-clients {
        "zrd-acl-000-002";
        "any";
    };
    allow-transfer {
        "zrd-acl-000-002";
    };        
};
darren_19980's avatar
darren_19980
Icon for Nimbostratus rankNimbostratus
Jul 14, 2015
John, it is possible to use the same loopback IP for both internal and external view? and where did you define those loopback IPs?