Configuring DNS Express with F5 local Bind service as the primary authoritative DNS server. This section explains how to set up this scenario.
Table of Contents
DNS Express with local Bind service
We have seen how to set up F5 DNS Express as a secondary DNS server with Windows Server as the primary one in the previous sections. In this section, we will configure F5 DNS Express again, but using F5 local Bind service as the primary authoritative DNS server.
We also learned how to set up F5 as a local bind name server.
Configure F5 local Bind Service using ZoneRunner
In the first step, I set up a local F5 Bind DNS service by creating a new zone “rayka-co.bind” using the Zonerunner utility.
The name “ns1.rayka-co.bind” is configured as “SOA” and the “NS” record with IP address “192.168.1.181” is configured as “A” record.
The IP address “192.168.1.181” is the management IP address of BIG-IP.
Then we add the local Bind name server to the list of name servers with the IP address “127.0.0.1”.
We then configure the list of IP addresses that are allowed to copy the zone information using the “allow-transfer” option.
The option must be added in the Bind configuration file in “/var/named/config/named.conf” or via the GUI in the path “DNS > Zones > ZoneRunner > named Configuration”.
By default, zone transfer is enabled for the local host and this is enough for us since the local F5 device receives the zone information.
We also enable zone change notification message to be send to the local host by adding „also-notify“ in named configuration file.
Please note that if you change the bind configuration file via the CLI, you will need to manually restart the named and zrd (zonerunner) services. If the changes are configured via the GUI, this happens automatically in the background.
nano /var/named/config/named.conf # Add the following lines or make sure they already exist allow-transfer { localhost; }; also-notify { ::1 port 5353; }; # restart named and zonerunner service if the changes are done through CLI bigstart restart named bigstart start zrd
Configuring DNS Express
In the next step, we will configure DNS Express with the local Bind server, that we just configured, as the primary name server.
We allow receiving the notification from the local server with the IP address “127.0.0.1”.
We also disable “TSIG key” verification.
Verify zone transfer and zone change notification
To ensure that the zone transfer for the zone “rayka-co.bind” is performed correctly, we check the latest log in “/var/log/ltm“.
We expect a message like “AXFR Transfer of zone … with SOA Serial … from 127.0.0.1 succeeded”.
[root@bigip1:Active:Standalone] config # tail -f /var/log/ltm ... Nov 18 00:24:48 bigip1.rayka-co.local notice logger[22035]: /bin/sh /usr/lib/csyncd/reloadnamed.sh /var/named/config/namedb/db.external.rayka-co.bind. change ==> /bin/bigstart start zrd Nov 18 00:27:05 bigip1.rayka-co.local notice zxfrd[6124]: 0153102c:5: AXFR Transfer of zone rayka-co.bind with SOA Serial 2023111801 from 127.0.0.1 succeeded.
We can also check the DNS Express database for the “rayka-co.bind” zone using the “dnsxdump rayka-co.bind” command.
To ensure that zone change notifications also work properly, we add a new entry in the local zone to see if it replicates to DNS Express.
If we look in “/var/log/ltm”, a NOTIFY message is expected to be sent from Zonerunner to DNS Express.
ZoneRunner needs to transmit a NOTIFY message (also-notify) to DNS express (::1 stands for the local host 127.0.0.1)
We can also check the DNS Express database again to ensure that the new DNS record is replicated.
DNS Express Zone availability will also be displayed in the GUI with green color if everything is working properly.
The other method to check the functionality of DNS Express is to create a listener and query the DNS Express zone via the nslookup command, which we have already discussed in the previous sections.