For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Replacing a DNS Server with F5 BIG-IP DNS

First things first, you have decided to deploy F5 BIG-IP DNS to replace a BIND server after receiving notifications from your information assurance officer or your friendly LinkedIn community that ad...
Published Feb 23, 2018
Version 1.0
application delivery
BIG-IP
BIG-IP DNS
dns
gtm
Steve_Lyons's avatar
Ret. Employee
My name is Steve Lyons and I reside in Tampa, FL with my 3 children, wife and Frenchie. We live the typical Florida life of swimming, fishing, boating, and BBQ. I started my F5 journey as a customer in 2009 where I was first introduced to it as a "load balancer." I have since deployed and maintained all modules realizing the BIG-IP is so much more. I joined F5 in 2015 where I have made it a personal mission to educate as many people as I can so they too can take advantage of the tremendous potential of the BIG-IP.
View Profile
Steve_Lyons's avatar
Ret. Employee
My name is Steve Lyons and I reside in Tampa, FL with my 3 children, wife and Frenchie. We live the typical Florida life of swimming, fishing, boating, and BBQ. I started my F5 journey as a customer in 2009 where I was first introduced to it as a "load balancer." I have since deployed and maintained all modules realizing the BIG-IP is so much more. I joined F5 in 2015 where I have made it a personal mission to educate as many people as I can so they too can take advantage of the tremendous potential of the BIG-IP.
View Profile
Steve_Lyons's avatar
Steve_Lyons
Ret. Employee
Mar 06, 2018

@Piotr, thanks for the question. To clarify what my use case is, I am using an old off box bind server to perform a zone transfer with ZoneRunner on the BIG-IP. ZoneRunner is the BIG-IP's on box bind. From a security perspective I don't want to expose bind to external users who will be hitting my authoritative DNS server which is why I am provisioning DNSExpress to perform this function. As for the name server, I am simply configuring that to accept zone transfers from the on box bind to DNSExpress. The last screenshot shows a log that stats successful zone transfer from 127.0.0.1 which is the transfer from ZoneRunner to DNSExpress. Hope this helps.