DNS Zone Transfer Verification
Hi, I've been searching around on how to verify/check if our Zone Transfer is working successfully or not but I can't seem to find any article to show just that. I only managed to find article on how to configure the DNS Express and Zone Transfer https://devcentral.f5.com/articles/dns-express-and-zone-transfers. We already have an existing configuration for Zone transfer but we recently encounter issue with one of the "zone" that we recently added where the other end are getting an error "Zone Not Loaded by DNS Server" "The zone transfer was not executed.Refused". Below are parts of the named configuration in F5. Transfer is already allowed. options { listen-on port 53 { 127.0.0.1; "zrd-acl-000-000"; "zrd-acl-000-001"; "zrd-acl-000-002"; "zrd-acl-000-003"; "zrd-acl-000-004"; "zrd-acl-000-005"; "zrd-acl-000-006"; }; listen-on-v6 port 53 { ::1; }; recursion no; directory "/config/namedb"; allow-transfer { localhost; }; Below is the zone file for the zone in question. zone "" { type master; file "db.external.."; allow-update { localhost; }; From the DNS profile, the zone transfer is also enabled as well as DNS express though I cant seem to find the exact DNS Express module/option. Our current version is 11.6.2 HF1. I have tried to do dnsxdump but based on the output there doesnt to be anything being transferred to DNS express. [admin@name:Active:In Sync] ~ dnsxdump DNS-Express DB Dump -= Arena Allocator =- -= Region Stats =- memory: 7 objects (7 small/0 large), 336 bytes allocated (5 wasted) in 1 chunks, 0 cleanups, 0 in recyclebin 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 -= DB Dump =- -= DB Stats =- RR Count: 0 Name Count: 0 RR Count by Type: And LTM/GTM logs, they doesn't show anything regarding DNS Zone transfer. So I'm not sure what we have been missing.989Views0likes2CommentsZone-transfer to a Wide-IP and iRules
Hi, how's it going? I've deployed two DNS on different DC's (a classical 2 DC's internally interconnected, so BIG-IP A can reach what's behind BIG-IP B and viceversa). All wide-IP's resolve to a public IP address. This is OK, but there are internal client who query for those names, but need to receive an internal address. This is also no problem, can be solved using an iRule for internal addresses. Now, the problem is here: an interesting number of these internal clients reside on a geographically remote location, but need to be resolved to this internal address. Again, this wouldn't be a problem for the F5 configuration, but we don't want to have a super high traffic through the MPLS (or whatever it is that interconnect the remote locations). Each geographic zone has a local AD-DNS, and I've been thinking that, maybe, they could do an AXFR to the BIG-IP, so to reduce the traffic and confine it to each place. So: Is it posible to perform an AXFR for the wide-IP's? (Not for the names configured in bind, not for the names behind the F5). If it indeed is, how could I configure the F5's so they reply with an internal zone? Would we be better off using the AD-DNS cache instead? Thanks in advance!255Views0likes1Commentf5 DNS zone transfer recurring times
How often does a DNS manager transfers zones to DNS machines How can I change this setting? The purpose of this is to reduce the amount of these messages when Manager is unable to transfer zones: Failed to transfer zone examplezone.com from x.x.x.x, will attempt IXFR (Refresh).236Views0likes0CommentsZone Transfer Request
Hi, I've one query regarding zone transfer request. How do a GTM or BIGIP DNS answer zone transfer request, have done this through DNS Express feature of F5, and its' working but its' working as required. I have two DNS one is F5 BIGIPDNS and other one Bind. The IXFR is not working from BIGIPDNS to Bind, where BIGIP DNS is primary and Bind is secondary DNS. Please let me know if anybody know the solution. Thanks174Views0likes0Comments