bind
7 TopicsBig-IP DNS - Zone Transfers
I have a customer with 192 zones on an older Big-IP GTM device. I've implemented a newer version of Big-IP DNS (vCMP). The customer is using the Big-IP DNS as the master for all the zone files, therefore local BIND on the F5 appliances are being used. Not DNS Express. The question I have is, is there a way to transfer over the zones in bulk? According to the documentation, it seems like this can only be done one at a time. In other words, is it possible to transfer more than one zone at a time? If so, is there a maximum limit? If not, that is OK, I just want to know what is theoretically possible and so far, I can't find any documentation that references this capability.Solved1.6KViews1like4CommentsMultiple DNS Views?
Hi, in our environment we have bind (tcp/udp port 53) behind an L4 virtual server on big-ip ltm virtual edition. "Views" define where the DNS traffic should be going - is there an easy and effective way to maintain source information while routing to the backend servers in our pool? Are we able to have multiple DNS views to accommodate for the different client request sources? OR Is there a better way to handle this, such as with irules, snat pools, etc? Thanks!306Views0likes1CommentDNS listeners, DNS Express & BIND
I'm a little confused over what is/ isn't deemed best practice. Is there's anything wrong with the following points? Listener configured; queries are both wip's and non-wip records. Bind is enabled to be able to create non-wip records - is this correct? Recursion has been enabled in the named config and restricted to an acl of rfc1918 addresses. DNS express is configured to import the local zone from bind for performance purposes. Unhandled Query Actions set to drop in the profile. My understanding being requests would not be passed to bind with this set thus making it more secure? With this enabled the wip times out 3 times before resolving on the 4th try. Coincidentally I have 4 VS in the gslb pool. I did try disabling bind completely and found my wip's again timed out several times before eventually resolving? Any pointers/ help, much appreciated.606Views0likes7CommentsGTM - disabling bind
It is becoming a contentious issue of f5 support personnel not supporting BIND, though configured and installed by f5 consultants? What is the best way to permanently disable BIND so that no-one can use BIND feature and only stick with GTM DNS has to offer? Thanks,552Views0likes6CommentsBIND vulnerability CVE-2015-5722
Hi Due to BIND vulnerability CVE-2015-5722 I'm using GTM version 10.2.4 and it has note (1) and (3) If I don't enable dnssec validation ...but config a pool to uses the Return to DNS load balancing method or Alternate and Fallback load balancing methods are set to None. Did My box vulnerable?372Views0likes1CommentGTM not using bind for forwarding?
i configured a listener (TMOS 11.5.1) with a DNS profile which has "Unhandled Query Actions" set to Allow i configured Use BIND Server on BIG-IP on the DNS profile i configured a bind forwarder i configured recursion to yes in the named.conf but when i do a dig @listener for a non local hostname (i.e. www.google.com) then i get a refused response and no IP(s). wide ip loop ups and zonerunner records look ups both work fine. so the request is passed to bind, but once there it isn't forwarded to the configured DNS forwarder it seems. anyone got a clue what else i can check else? the typical thing is when i do a dig @127.0.0.1 on the GTM itself then i get normal responses.296Views0likes1Comment