Forum Discussion
Marvin
Feb 28, 2016Cirrocumulus
Nice one John works great, changing the internal listener (ACLs) and the view list did the trick indeed! If I do a netstat -an | grep 127.10 I see that the Big IP is listening internally for DNS requests on 127.10.0.0 and 127.10.0.1 and also 127.0.0.1.
Darren if I change both ACL to the same IP 127.0.0.0 than I am not able to access the zones anymore, so it seems it is needed to have two listeners. I believe these are only for ACL functionality internally within BIND, because the real listener in the named conf is 127.0.0.1
listen-on port 53 {
127.0.0.1;
"zrd-acl-000-001";
"zrd-acl-000-000";
};
listen-on-v6 port 53 {
::1;
};
acl "zrd-acl-000-000" {
127.10.0.0;
};
acl "zrd-acl-000-001" {
127.10.0.1;
};
[root@F5:Active:In Sync] namedb netstat -an | grep :53
tcp 0 0 **127.10.0.1:53** 0.0.0.0:* LISTEN
tcp 0 0 **127.10.0.0:53** 0.0.0.0:* LISTEN
tcp 0 0 **127.0.0.1:53** 0.0.0.0:* LISTEN
tcp 0 0 ::1:53 :::* LISTEN
udp 0 0 **127.10.0.1:53** 0.0.0.0:*
udp 0 0 **127.10.0.0:53** 0.0.0.0:*
udp 0 0 **127.0.0.1:53** 0.0.0.0:*
udp 0 0 ::1:53 :::*
udp 0 0 ::1:5353 :::*