Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Replacing a DNS Server with F5 BIG-IP DNS

First things first, you have decided to deploy F5 BIG-IP DNS to replace a BIND server after receiving notifications from your information assurance officer or your friendly LinkedIn community that ad...
Published Feb 23, 2018
Version 1.0
application delivery
big-ip
BIG-IP DNS
DNS
gtm
Steve_Lyons's avatar
Ret. Employee
My name is Steve Lyons and I reside in Tampa, FL with my 3 children, wife and Frenchie. We live the typical Florida life of swimming, fishing, boating, and BBQ. I started my F5 journey as a customer in 2009 where I was first introduced to it as a "load balancer." I have since deployed and maintained all modules realizing the BIG-IP is so much more. I joined F5 in 2015 where I have made it a personal mission to educate as many people as I can so they too can take advantage of the tremendous potential of the BIG-IP.
View Profile
Steve_Lyons's avatar
Steve_Lyons
Ret. Employee
Mar 07, 2018

Piotr, we are on the same page now. So this article is specific to actually replacing a BIND box and no longer using an off box bind server as the authoritative DNS server in a master/slave relationship. With that, in order to provide administrators a UI to create/modify/delete records, zones, etc. you must use ZoneRunner. If you are simply trying to configure DNSExpress to accept zone transfers and respond to DNS queries versus the hidden master, you are correct that ZoneRunner is not needed. Check out the solution article below. This actually provides guidance to the question above about having multiple Authoritative DNS Servers. It covers creating a pool of DNS Servers. Hope this clarifies everything.

 

https://support.f5.com/csp/article/K13940auth1

 

Replacing DNS Server 1. Zone created in ZoneRunner (On-box bind instance), zone transfer requested by ZoneRunner to Off-box bind. 2. Off-box bind sends zone to ZoneRunner 3. Also-Notify initiates zone transfer to DNSExpress 4. Changes in ZoneRunner initiate a notify message to DNSExpress for additions, changes, deletions, etc.

 

Using Hidden Master 1. Zone created in DNSExpress, zone transfer requested by DNSExpress to Off-box bind. 2. Off-box bind sends zone info to DNSExpress 3. Changes on off-box bind generate notify message to send zone changes directly to DNSExpress