For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ian_Johnson_382's avatar
Ian_Johnson_382
Icon for Nimbostratus rankNimbostratus
Jun 16, 2010

Migration to GTM, problems with Wide IP and DNS forwarders

Hi All,     Hi All, I am currently on a project to migrate a configuration from Alteon to F5 GTM/LTM. Due to the nature of the business I cannot move the entire configuration in one hit, so I ne...
config
design
JRahm's avatar
JRahm
Icon for Admin rankAdmin
Jun 17, 2010
This is the configuration I used when setting up something similar. x.x.x.x, x.x.x.y, x.x.x.z need to be swapped out with your nameserver IPs. Also, the 10/8 is internal space from standard rfc1918, but your IP space might be different, so you'll need to alter that as well.

 restrict rndc access to local machines use the key in the default place: /config/rndc.key controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; }; }; logging { channel logfile { syslog daemon; severity error; print-category yes; print-severity yes; print-time yes; }; category default { logfile; }; category config { logfile; }; category notify { logfile; }; }; options { listen-on port 53 { 127.0.0.1; "zrd-acl-000-000"; }; forward only; forwarders { x.x.x.x; x.x.x.y; x.x.x.z; }; allow-query { localhost; internal; }; listen-on-v6 port 53 { ::1; }; directory "/config/namedb"; allow-transfer { localhost; }; recursion yes; }; acl "zrd-acl-000-000" { 127.10.0.0; }; acl internal { 10/8; };