Forum Discussion

MetaGawd_156909's avatar
MetaGawd_156909
Icon for Nimbostratus rankNimbostratus
Jun 26, 2014

GTM query regarding Internal and external zone views.

(EDITED 7-1)   Relatively new (a returnee of sorts ) to F5 products.   We have an implementation of GTM (a redundant pair of instances with one at two different physical locations) that we are ...
BIG-IP DNS
design
dns
views
views configuration
Marvin's avatar
Marvin
Icon for Cirrocumulus rankCirrocumulus
Feb 28, 2016

Nice one John works great, changing the internal listener (ACLs) and the view list did the trick indeed! If I do a netstat -an | grep 127.10 I see that the Big IP is listening internally for DNS requests on 127.10.0.0 and 127.10.0.1 and also 127.0.0.1.

Darren if I change both ACL to the same IP 127.0.0.0 than I am not able to access the zones anymore, so it seems it is needed to have two listeners. I believe these are only for ACL functionality internally within BIND, because the real listener in the named conf is 127.0.0.1

listen-on port 53 {
    127.0.0.1;
    "zrd-acl-000-001";
    "zrd-acl-000-000";
};

listen-on-v6 port 53 {
    ::1;
};

acl "zrd-acl-000-000" {
127.10.0.0;
};

acl "zrd-acl-000-001" {
127.10.0.1;
};


[root@F5:Active:In Sync] namedb  netstat -an | grep :53
tcp        0      0 **127.10.0.1:53**               0.0.0.0:*                   LISTEN
tcp        0      0 **127.10.0.0:53**               0.0.0.0:*                   LISTEN
tcp        0      0 **127.0.0.1:53**                0.0.0.0:*                   LISTEN
tcp        0      0 ::1:53                          :::*                        LISTEN
udp        0      0 **127.10.0.1:53**               0.0.0.0:*
udp        0      0 **127.10.0.0:53**               0.0.0.0:*
udp        0      0 **127.0.0.1:53**                0.0.0.0:*
udp        0      0 ::1:53                          :::*
udp        0      0 ::1:5353                        :::*