I have DNS Express set up to transfer zones from an authoritative DNS server on the other end of an F5 IPSEC tunnel like this:
10.1.1.0/24 (LAN) <--> F5 B IPSEC ENDPOINT <--> WAN <--> F5 A IPSEC ENDPOINT <--> Authoritative DNS on 10.1.2.0/24 (LAN)
F5 A can easily initiate a zone transfer from the authoritative DNS server, as it's on the same local subnet.
However, F5 B cannot do so because it is initiating the transfer using the public self IP address of the F5 unit B. It (presumably by consulting the routing table) is using the default route to initiate the transfer, but I'd like it to use the self IP in the 10.1.1.0 network since IPSEC is set up to tunnel the two 10.1.1.0 and 10.1.2.0 networks. I should note, the tunnel DOES work for traffic not originating or terminating on the F5's. For example, ping between server 1 and 2 as shown below works:
Server 1 (10.1.1.50) <-> F5 B (10.1.1.1) <-> WAN <-> F5 A (10.1.2.1) <-> Server 2 (10.1.2.50)
So is there a way to have DNS express use the self IP address in LAN instead of the public address?
Did you find a solution to your issue? Landed here as I'd like to have DNS Express resolve to a different ZoneRunner (bind) view and by default it will use 127.0.0.1 to get to the local bind, as of course can be expected.