Replacing a DNS Server with F5 BIG-IP DNS

First things first, you have decided to deploy F5 BIG-IP DNS to replace a BIND server after receiving notifications from your information assurance officer or your friendly LinkedIn community that ad...
Published Feb 23, 2018
Version 1.0
application delivery
BIG-IP
BIG-IP DNS
dns
gtm
dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Mar 29, 2019

Hi Steve,

 

It's me again :-) I guess I figured out most of the art of moving External DNS (EDNS) to BIG-IP (either to DNS Express or on BIG-IP BIND). There is few little things lest and I will really appreciate if you help mi to figure those out:

 

  • Why there is no way (at least from GUI) to convert Slave ZoneRunner Zone to Master? It would really help in smooth transition form testing to production. Idea here is to first create Slave type and enable receiving NOTIFY from EDNS and initiate IXFRs - so Slave Zone is all the time up-to-date. Then this slave zone sends NOTIFY to DNS Express Zone. Result is DNS Express Zone is as well up-to-date during test. Then after test are over and Zone management should be transfered to BIG-IP, ZoneRunner Zone is changed to Master - but this seems to be not possible via GUI.
  • As far as I understand standards Master ZoneRunner Zone can't accept NOTIFY or initiate IXRFs - because it's Master. So after initial AXFR any change on EDNS are not transfered to Master ZoneRunner Zone - Am I right?
  • Last and most painful thing is making this work with Route Domains (RD). Seems that this is not working at all. I know that there is option to set Route Domain when defining Namesever but all my test (13.1.1.3 and 4) suggest that this setting is ignored. AXFR and IXFR is always send via Self IP defined on VLAN in Common RD0 - did you ever tried setup with Route Domains? I was not able to find any KB or Bug Tracker with info that this feature is not working :-(. I tried:
    • Route Domain RD1 in Common with VLAN to EDNS assigned to it; All DNS objects created in Common; RD1 selected in Nameserver
    • Route Domain RD100 created in partition TEST and set as default RD; VLAN to EDNS assigned to RD100; All DNS objects created in TEST partition

Last question is about manually (via CLI) converting BIND Slave zone to Master. Is that possible or maybe rather is that safe? My idea was to:

 

  • Stop named daemon, edit named.conf (db files for Slave and Master seems to be exactly the same so no mods necessary)
  • Edit named.conf with appropriate changes to Slave Zone definition
  • Save edited named.conf and start named daemon

Is there a chance it will work? I know that .jnl files are created for Zones - seems that those are containing changes to Zone file done via GUI. Periodically those changes are synced with zone db file. So I am not sure if I should remove .jnl or left it.

 

Thanks in advance, Piotr