nsupdate to modify zone in specific views.

Question

we have zone name example.comand we have 2 view (external and internal)so in /var/namedb/ we have zone file db.external.example.com and db.internal.example.com.How can we use nsupdate to modify zone in specific views?because we can't seem to specify view in nsupdate script.and we can't specify "zone internal.example.com" in nsupdate script too

ceinarf · Answer

Hello kridsana​ ,
nsupdate is a *nix command that doesn't support views.
When you run nsupdate remotely from a remote IP x.x.x.x, the DNS simply find a match for your remote IP and shows you the right view/file so you can modify (if you have permissions) only your view file.
You are using views to offer different resolutions, but not the same remote IP (or same&nbsp;TSIG Key) :)
To avoid this behavior you can configure different listeners with iRules that permit DNS requests only from the right IPs + your remote IP.
If I didn't quite understand what your scenario is, could you please detail it better?
Fabio

kridsana · Answer

Please correct me if I'm wrong.If I need to modify record with nsupdate (there is many record I need to update at once. zonerunner didn't do the job). on both external (public IP) and internal (private IP) views.1. I think I need to run nsupdate from public IP remote host to change record in external views&nbsp;2. run nsupdate from internal IP to change record in internal viewsAm I correct?

ceinarf · Answer

If you have configured "strict/classical views" yes.
If you could change a little your configuration using 2 different listeners (one for public zone and one for internal zone) you can handle the access using iRules to permit only requests from the right IPs:

private_IPs + (remote server IP) for your internal listener
!(private_IPs) + (remote server IP) for your external listener

&nbsp;
In this way you don't need 2 different servers/IPs.
Fabio

formselly · Answer

To use nsupdate to modify zones in specific views, you need to understand that nsupdate is a tool that updates DNS records, but it doesn't directly target specific views. Instead, you'll use nsupdate with the appropriate zone file to modify the desired view's data. The key is to ensure the nsupdate command is directed at the correct zone file (e.g., db.internal.example.com or db.external.example.com) corresponding to the view you want to modify.

Forum Discussion

nsupdate to modify zone in specific views.

4 Replies

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

SSH forward proxy

Replacing i2800 pair with new F5-BIG-AFM-r2800

F5 CIS -> NGINX Plus Ingress Controller Integration

Can I use F5 Big-IP WAF as HoneyPot

Entra ID F5 APM MDM Intune integration compliance check

Related Content

APM-Specific Features for Securing Your Website

iRule to modify a content-security-policy header

Installing and Locking a Specific Version of F5 NGINX Plus

modified domain cookies

Disabling Specific Weak Cipher Suites

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS