Replacing a DNS Server with F5 BIG-IP DNS

First things first, you have decided to deploy F5 BIG-IP DNS to replace a BIND server after receiving notifications from your information assurance officer or your friendly LinkedIn community that ad...
Published Feb 23, 2018
Version 1.0
application delivery
BIG-IP
BIG-IP DNS
dns
gtm
dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Mar 07, 2018

Hi,

 

Wow!! Thanks for in depth explanation. I think I understand most but still have some issues :-(

 

Sure I know that zone transfer will be sourced from off-box bind, what I menat was that on off-box bind zone transfers from BIG-IP self ip has to be allowed (on off-box bind) - sorry for not being precise.

 

You say:

 

The zone transfer is triggered when you create the zone in ZoneRunner.

 

So after saving zone DNSExpress on BIG-IP initiates zone transfer using self IP as source and configured NS IP as destination? If above is true then why to create nameserver BIG-IP1? Or BIG-IP1 is in fact responsible for doing zone transfer from off-box bind.

 

So flow is:

 

  • BIG-IP1 is sending zone transfer request to off-box bind
  • BIG-IP1 is sending notify to DNSExpress
  • DNSExpress initiates zone transfer from BIG-IP1
  • Off-box is sending notify to BIG-IP1 (I think configuring notify on off-box bind was not mentioned in article?)
  • BIG-IP1 sends zone transfer request to off-box bind
  • BIG-IP1 sends notify to DNSExpres
  • DNSExpress sends zone transfer request to BIG-IP1

Is above correct or I mixed thing up completely?

 

I am especially confused why BIG-IP1 (on-box bind) is necessary here? Is that because DNSExpress is not able to send zone transfer request to off-box directly and needs on-box bind for that? Or some other reason?

 

Piotr