Zone-transfer to a Wide-IP and iRules
Hi, how's it going?
I've deployed two DNS on different DC's (a classical 2 DC's internally interconnected, so BIG-IP A can reach what's behind BIG-IP B and viceversa). All wide-IP's resolve to a public IP address.
This is OK, but there are internal client who query for those names, but need to receive an internal address. This is also no problem, can be solved using an iRule for internal addresses.
Now, the problem is here: an interesting number of these internal clients reside on a geographically remote location, but need to be resolved to this internal address. Again, this wouldn't be a problem for the F5 configuration, but we don't want to have a super high traffic through the MPLS (or whatever it is that interconnect the remote locations). Each geographic zone has a local AD-DNS, and I've been thinking that, maybe, they could do an AXFR to the BIG-IP, so to reduce the traffic and confine it to each place. So: Is it posible to perform an AXFR for the wide-IP's? (Not for the names configured in bind, not for the names behind the F5). If it indeed is, how could I configure the F5's so they reply with an internal zone? Would we be better off using the AD-DNS cache instead?
Thanks in advance!