Forum Discussion
Kleython_Kell_5
Nimbostratus
NimbostratusReplacing an external DNS with F5 GTM
hello,
I need to make a new implementation of GTM and I'm with some doubts.
Our client has some domains and some external DNS servers. and Want to disable these external dns, and that the F5 GTM is the only responsible for resolving these domains.
The procedure for this would be:
1) export the zone files of the DNS servers
2) import these files zones to GTM, with zonerunner
3) create a listener, for example with a selfip ip (external)
4)
Are these the steps? I have not done an implementation concerning this.
If someone can confirm these steps,
thanks a lot
att
6 Replies
Nick_T_68319yeah that pretty much covers it. I use it for external dns
Kleython_Kell_5thanks, then i will do this steps.
but, Just a detail,
our customer reported that some zones need to be signed (ipsec).
Any problem with that?
or we can simply export these zones from the dns server and import to F5 gtm with ZoneRunner?
thanks a lot- Kleython_Kell_5Nick,
there are some domain where it is mandatory to use DNSSEC.
in this case, do you now, whats the steps for this domains (zones ) ?
thanks - Nick_T_68319Yup, you can just import the zones with ZoneRunner.
Do you have DNSSEC licensed on your GTM?
http://www.f5.com/pdf/deployment-guides/gtm-dnssec-dg.pdf
If so, DNSSEC is really easy. - Kleython_Kell_5Nick, i will check, if in their GTM has de adon to DNSSEC.
but, about this doc that you passed, i thin this is aplicated when gtm will work together others dns servers.
But in our case, there is not another dns servers,. Just GTM. it will replace the dns that work today.
there is this manual: http://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm_config_10_2/gtm_dnssec.html?sr=23667742
i thin that it is that i can do,,,,, what do you think?
but with it, is not just to export and import the zones, that use dnsec, there is some steps to Creating DNSSEC zone-signing and key-signing keys.
Am i right?
thanks a lot for more informations - Kleython_Kell_5Hello
anyone have any idea how to domains with DNSSEC? remembering that the GTM will be the only DNS.
in our case, there is not another dns servers,. Just GTM. it will replace the dns that work today.
there is this manual: http://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm_config_10_2/gtm_dnssec.html?sr=23667742
i thin that it is that i can do,,,,, what do you think?
but with it, is not just to export and import the zones, that use dnsec, there is some steps to Creating DNSSEC zone-signing and key-signing keys.
Am i right?
thanks a lot for more informations
