[dns-operations] F5 Big-IP contact

Mark Andrews marka at isc.org
Fri May 24 23:53:59 UTC 2019 

While I’m not from F5.

1) Make sure the backing zone names matches those delegated to the server.
2) Include default records for all records served by the F5 front end when
   signing the zone.

Doing this ensures that the negative responses are correct.

Too many times I’ve seen www.example.com delegated to a F5 box and the backing
server has the zone has the name example.com instead of www.example.com.  This
results in the wrong SOA record being returned in negative responses.

If you leave out the default records when the query type is not one handled by
the front end you get NXDOMAIN responses instead of NOERROR responses.

If you are signing the zone a whole lot of extra things go wrong if the zone
doesn’t have the correct name.

> On 25 May 2019, at 9:10 am, Eduardo Duarte via dns-operations <dns-operations at dns-oarc.net> wrote:
> 
> 
> From: Eduardo Duarte <eduardo.duarte at dns.pt>
> Subject: F5 Big-IP contact
> Date: 25 May 2019 at 9:10:24 am AEST
> To: dns-operations at lists.dns-oarc.net
> 
> 
> Hi there,
> 
> I would like to know if there is any contact from F5 on the list or if anyone knows anyone at the company. I have a DNSSEC related question that I would like to ask to some one that works there.
> 
> If so, please contact me off the list.
> 
> Thank you!
> -- 
> 
>  
> Aviso de Confidencialidade/Disclaimer:
> Este e-mail foi escrito de acordo com o novo acordo ortográfico.
> Esta mensagem é exclusivamente destinada ao seu destinatário, podendo conter informação CONFIDENCIAL, cuja divulgação está expressamente vedada nos termos da lei. Caso tenha recepcionado indevidamente esta mensagem, solicitamos-lhe que nos comunique esse mesmo facto por esta via devendo apagar o seu conteúdo de imediato. 
> This message is intended exclusively for its addressee. It may contain CONFIDENTIAL information protected by law. If this message has been received by error, please notify us via e-mail and delete it immediately.
> [ Antes de imprimir esta mensagem pense no ambiente. Before printing this message, think about environment ]
> 
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the dns-operations mailing list