For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Giammarco's avatar
Giammarco
Icon for Nimbostratus rankNimbostratus
Mar 07, 2018

Zonerunner Issue

Hi guys, i'm trying to solve two big issue using my F5 as master DNS. First: i want to forward a full PTR network (in my case a /16) to another BIND but it doesn't seems to work. PTR are resolve...
application delivery
BIG-IP DNS
Giammarco's avatar
Giammarco
Icon for Nimbostratus rankNimbostratus
Mar 08, 2018

Hi,

yes, this is the named configuration on the F5

restrict rndc access to local machines
use the key in the default place: /config/rndc.key
controls {
    inet 127.0.0.1 port 953 allow {
        127.0.0.1;
    };
};
logging {
    channel logfile {
        syslog daemon;
        severity error;
        print-category yes;
        print-severity yes;
        print-time yes;
    };
    category default {
        logfile;
    };
    category config {
        logfile;
    };
    category notify {
        logfile;
    };
};
options {
    listen-on port 53 {
        127.0.0.1;
        "zrd-acl-000-001";
        "zrd-acl-000-002";
        "zrd-acl-000-000";
    };
    listen-on-v6 port 53 {
        ::1;
    };
    recursion yes;
    directory "/config/namedb";
    allow-transfer {
        localhost;
    };
    allow-recursion {
        lan_hosts;
    };
    check-names master warn;
    check-integrity yes;
    max-journal-size 1M;
    forwarders {
        8.8.8.8;
        8.8.4.4;
    };
};
acl "zrd-acl-000-000" {
    127.10.0.0;
};
acl "zrd-acl-000-002" {
    127.10.0.2;
};
acl "lan_hosts" {
    10.10.10.0/24;
};
acl "zrd-acl-000-001" {
    127.10.0.1;
};
acl "extkey" {
    key "external";
};
acl "noextkey" {
    !key "external";
};
key "external" {
    algorithm hmac-md5;
    secret "";
};

the dig command that I'm doing is a simple:

dig @IP(AD or F5) SRV test.local