For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rickylev_247499's avatar
rickylev_247499
Icon for Nimbostratus rankNimbostratus
Jan 25, 2017

how to add multiple DNS zones for DNS Express

Hey All, I have over 150 zones that I need to transfer to a BigIP for DNS Express. i'd like to know if there is a more efficient way of adding the zones instead of adding them one by one from the GUI...
application delivery
BIG-IP DNS
devops
TMOS
Kevin_K_51432's avatar
Kevin_K_51432
Historic F5 Account
Jan 25, 2017

Greetings, For this type of work, I usually create a single object in the UI. and use either iControl REST or the Traffic Management Shell to list the object. From there, I can reverse engineer that object and continue using one of the interfaces to recreate it.

It is painful (for me) getting the first object to work. But, once it's working, you simply plug in the values for the next object. Also, you've learned some valuable TMSH or iControl skills.

For DNS Express, I notice iControl REST has these methods:


{"kind":"tm:ltm:dns:dnscollectionstate"
"selfLink":"https://localhost/mgmt/tm/ltm/dns?ver=12.1.1"
{"reference":{"link":"https://localhost/mgmt/tm/ltm/dns/cache?ver=12.1.1"}}
{"reference":{"link":"https://localhost/mgmt/tm/ltm/dns/dnssec?ver=12.1.1"}}
{"reference":{"link":"https://localhost/mgmt/tm/ltm/dns/nameserver?ver=12.1.1"}}
{"reference":{"link":"https://localhost/mgmt/tm/ltm/dns/tsig-key?ver=12.1.1"}}
{"reference":{"link":"https://localhost/mgmt/tm/ltm/dns/zone?ver=12.1.1"}}]}

List the objects:


 curl -sk -u admin:admin https://172.24.171.20/mgmt/tm/ltm/dns/nameserver

{"kind":"tm:ltm:dns:nameserver:nameservercollectionstate"
"selfLink":"https://localhost/mgmt/tm/ltm/dns/nameserver?ver=12.1.1"
"items":[{"kind":"tm:ltm:dns:nameserver:nameserverstate"
"name":"example"
"partition":"Common"
"fullPath":"/Common/example"
"generation":3
"selfLink":"https://localhost/mgmt/tm/ltm/dns/nameserver/~Common~example?ver=12.1.1"
"address":"10.12.23.27"
"port":53
"routeDomain":"/Common/0"

Add an object:


curl -k -u admin:admin https://172.24.171.20//mgmt/tm/ltm/dns/nameserver -H "Content-Type: application/json" -X POST -d '{"name":"example2","address":"10.12.23.28"}'

List again to see:


"selfLink":"https://localhost/mgmt/tm/ltm/dns/nameserver?ver=12.1.1"

"items":[{"kind":"tm:ltm:dns:nameserver:nameserverstate"
"name":"example"
"partition":"Common"
"fullPath":"/Common/example"
"generation":3
"selfLink":"https://localhost/mgmt/tm/ltm/dns/nameserver/~Common~example?ver=12.1.1"
"address":"10.12.23.27"
"port":53
"routeDomain":"/Common/0"


{"kind":"tm:ltm:dns:nameserver:nameserverstate"
"name":"example2"
"partition":"Common"
"fullPath":"/Common/example2"
"generation":5
"selfLink":"https://localhost/mgmt/tm/ltm/dns/nameserver/~Common~example2?ver=12.1.1"
"address":"10.12.23.28"
"port":53
"routeDomain":"/Common/0"

The traffic management shell (TMSH) has these methods:


 create ltm dns ?
Modules:
  cache       DNS cache configuration to generate non-authoritative DNS responses.
  dnssec      DNS Security Extensions (dynamic signing on BIG-IP)
Components:
  nameserver  DNS nameserver configuration.
  tsig-key    TSIG Key configuration.
  zone        Zone configuration.

Repeat the same process:


 list ltm dns nameserver example
ltm dns nameserver example {
    address 10.12.23.27
    route-domain 0
}

You can run tmsh commands locally using SSH and if you set up SSH key auth, there will be no prompt


ssh root@172.24.171.20 'tmsh show sys version'

Sys::Version
Main Package
  Product     BIG-IP
  Version     12.1.1
  Build       0.0.183
  Edition     Final
  Date        Wed Jul 20 18:36:08 PDT 2016

Hope this is somewhat helpful, Kevin