Forum Discussion

f5ing's avatar
f5ing
Icon for Nimbostratus rankNimbostratus
Jun 01, 2022

Zonerunner multiple views for same ACL

Hello,

If we have multiple views defined as below, the first two views work fine because of different ACL's. If the request(abc1.com) comes from a source in ACL1, it's only looking in view1 and giving SERVFAIL error(expected behavior) . Is there a way it can look in multiple views for the same source? May be including one view in another or Any iRules or Conditions that we can put?

View1(order 1): ACL1  Zones: abc.com 1.1.1.1

View2(order 2):ACL2 Zones: abc.com 1.1.1.2

View3(order 3): ACL1 and 2  Zones abc1.com 1.1.1.3

  • Hi, 

    As far as I know, the Views are mainly meant to be used as a form for DNS firewalling/multiplexing; requests from certain IP's/subnets will be dealt with using one database, requests from other IP's/subnets will be dealt with using another database. As such, it's not really suitable to create multiple views for different domain names, it's more the other way around (multiple databases for different sources). More details: https://kb.isc.org/docs/aa-00851

    In your case, I'd probably go for one of the following options; 

    1. Add the abc1.com zone to both view1 and view2 (useful if you only have a few overlapping entries)

    2. Use Topology load balancing (https://support.f5.com/csp/article/K13412) which gives you a lot of granularity and control over which IP's to pick up and how to respond to them. (Useful for larger overlaps / more complex scenarios) If you are dealing with a lot of requests per second, you will probably also see a performance improvement as the intelligent resolution will be a lot faster than the Bind functions in the box. 

    There is of course still the option for iRules in all kinds of shapes, but I'd leave the option for last. 

    Hope this helps.