Hi,
yes, this is the named configuration on the F5
restrict rndc access to local machines
use the key in the default place: /config/rndc.key
controls {
inet 127.0.0.1 port 953 allow {
127.0.0.1;
};
};
logging {
channel logfile {
syslog daemon;
severity error;
print-category yes;
print-severity yes;
print-time yes;
};
category default {
logfile;
};
category config {
logfile;
};
category notify {
logfile;
};
};
options {
listen-on port 53 {
127.0.0.1;
"zrd-acl-000-001";
"zrd-acl-000-002";
"zrd-acl-000-000";
};
listen-on-v6 port 53 {
::1;
};
recursion yes;
directory "/config/namedb";
allow-transfer {
localhost;
};
allow-recursion {
lan_hosts;
};
check-names master warn;
check-integrity yes;
max-journal-size 1M;
forwarders {
8.8.8.8;
8.8.4.4;
};
};
acl "zrd-acl-000-000" {
127.10.0.0;
};
acl "zrd-acl-000-002" {
127.10.0.2;
};
acl "lan_hosts" {
10.10.10.0/24;
};
acl "zrd-acl-000-001" {
127.10.0.1;
};
acl "extkey" {
key "external";
};
acl "noextkey" {
!key "external";
};
key "external" {
algorithm hmac-md5;
secret "";
};
the dig command that I'm doing is a simple:
dig @IP(AD or F5) SRV test.local