DNS Resolving Queries with F5 Local Bind

Tasks

• Create a zone.

• Verify zone creation with Zone Runner.

• Configure for a zone transfer.

• Use nslookup to resolve a query

Explanation:

Local BIND server configuration is managed by BIG-IP F5 DNS system ZoneRunner utility. From remote DNS servers you can create new zones or transfer current zones using F5 DNS ZoneRunner utility. Resource records contained within a zone can be added or modified. After the DNS zone exists in local BIND, you can configure the BIG-IP DNS system to answer DNS name resolution requests or zone transfers to other name servers.

This section will give you configuration details on how to transfer zones in F5 DNS.

Configuration:

Primary Zone Configuration

• Create a primary DNS zone as below

Once you are done click on Finished.

A Record Configuration

● Create an A record according to the mentioned diagram

Once you are done click on Finished.

Create Other A Records

Create 5 more A records using the information in the following table.

NS Record Configuration

● Create an NS record as below

Click on Finished

MX Record Configuration

● Create a MX record as below

Click on Finished

CNAME Record Configuration

● Create a CNAME record as below

In order to verify the records, you have created go to DNS 8 Zones: Zone Runner: Resource Record List

Then click on Search

The above gui output will list you all the records you have created

Examine the zone database file:

● Cd /var/named/config/namedb

● Less db.external.uninets.com.

Above mentioned commands will help verify the records on CLI

Verification:

Go to the management PC and take the command prompt and do the nslookup

First check the server IP address and then do the NSLOOKUP

Port Lockdown Settings

Listeners process DNS queries directed to port 53, but will not process zone transfers.  Port 53, both UDP and TCP, must be open on 10.10.X.1 for a zone transfer to succeed.

● Modify the self IP address 10.X.1 on your BIG-IP DNS system to also allow access for zone transfers via UDP port 53 and TCP 53.

Then leave rest default and click on Finished

Secondary Zone Configuration

● Create a Secondary DNS zone as below

Allow Zone Transfer from uninets1.com

● Allow zone transfers from uninets1.com as below

Go to the uninets.com zone and allow zone-transfer to any as below

Rest leave as is and click on Update.

Now verify whether you can see the secondary zone created on not

Go to the CLI and give more /var/named/config/named.confupon doing so you may find the uninets1.com in the configuration