For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Curious1's avatar
Curious1
Icon for Cirrus rankCirrus
Jun 01, 2018

Zonerunner : creating an internal DNS view and need to limit source networks

Hi All,   I have two DNS zones: one existing for external use and I need to create another named the same for internal use only.   When creating a new internal view via ZoneRunner, how do I ...
application delivery
BIG-IP DNS
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
Jun 01, 2018

Hi Curious,

In fact, you have 2 views internal and external. As you said when you create a view, you have the avaibility to set:

match-clients {
    "zrd-acl-000-000";
    any;
};

it will determine how have the right to request this zone.

The important point is the view order, in your case you have to set-

  • First internal view (set view order to First)
  • Then external view (set external view to Last or after)

https://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-concepts-11-3-0/4.html

View order acting as a firewall rules first match if condition match...

Hope it's clear. let me now if you need addtional info

regards