Replacing a DNS Server with F5 BIG-IP DNS

These are not dumb questions at all. If I have left anyone not 100% confident on the how and why I need to provide more details.

Assuming we have some authoritative bind server in internal VLAN. This is set to allow zone transfer from BIG-IP Self IP (10.10.10.2).

Steve: Not transfer from the BIG-IP, transfer to the BIG-IP Self IP. The BIG-IP is the client in this case as we reference receiving zone transfers from an external Bind server. This is the initial step to update the zone on the local BIG-IP Bind instance. The transfer between on box (BIG-IP) Bind and DNSExpress occurs later and is the reason for the also-notify message in the named.conf. That also notify is referring to DNSExpress.

Then zone transfer is triggered, by what BIG-IP object - Nameserver (BIG-IP1)?

Steve: The zone transfer is triggered when you create the zone in ZoneRunner. Once the zone is created, an unsolicited zone transfer request is sent from the on box (BIG-IP) Bind instance. Moving forward, in your case where you still have a hidden master, any updates will generate a NOTIFY message which is sent to the BIG-IP and the BIG-IP will request a zone transfer with those updates.

If so how BIG-IP1 know to which internal bind server connect? From NS records created in Zone (DNS > Zones > ZoneRunner > Zone List)?

Steve: Yes sir. If you notice near the top of the article it asks in the newly created zone to create NS and SOA records. This is how the BIG-IP BIND instance knows what the authoritative DNS server for that zone and where to request the zone transfers from.

Or maybe BIG-IP1 is working as authoritative hidden master (not some external bind srv on internal VLAN) that is source for zone transfer to DNSExpress?

Steve: I hope the comments above helped clarify the last question.

Keep the questions coming if it is still not clear. I can assure you I don't mind a bit and just want to help other engineers and admins feel more comfortable with the BIG-IP and its capabilities.