F5 Zone Runner Automation Using Python.
Nousheef Cholaykkil
Python Technical Lead and Individual Contributor. Strong background in backend development and deploying scalable applications.
About ZoneRunner
In F5, You can use the ZoneRunner utility to create and manage DNS zone files and configure the BIND instance on BIG-IP? DNS (formerly GTM). With the ZoneRunner utility, you can:
- Import and transfer DNS zone files.
- Manage zone resource records.
- Manage views.
- Manage a local name-server and the associated configuration file, named.conf.
- Transfer zone files to a name-server.
- Import only primary zone files from a name-server.
Below link help you to understand more better on Zone Runner
Normally we can use python F5 SDK or direct tmsh command execution or F5 API for any kind of automation with F5.
But for F5 Zone Runner we can’t use any type of methods mentioned above
Initial Approach
Manually editing zone files and named.conf file by using python script
We can connect F5 devices by using SSH or Paramiko package and manually editing the config files of F5 for creating new zones and creating different records(A, CNAME, PTR etc) in F5 zone files.
Using Below F5 article link you can create new zone by editing named.conf file directly(Manually connecting the device and execute the steps which are mentioned in the article)
https://support.f5.com/csp/article/K6963
By using the below link we can create different records in the zones by editing the zone files directly.
https://support.f5.com/csp/article/K7032
Risks
1. You can manually edit the DNS configuration file on a BIG-IP DNS system; however, F5 recommends that you use the ZoneRunner utility. Incorrectly editing the DNS configuration files on a BIG-IP DNS system can cause issues, such as the ZoneRunner utility or BIND failing to start properly.
2. You should have subject matter knowledge on zone file formats to manually edit zone files. Zone files updated with an incorrect zone file format may cause the ZoneRunner utility and/or the named process to fail to function properly.
3. You should have subject matter knowledge on zone file formats to manually edit zone files. Zone files updated with an incorrect zone file format may cause the ZoneRunner utility and/or the named process to fail to function properly.
As you know, This is a highly risk approach. If any simple errors (Syntax errors) in zone files may affect to ZRD service NAMED services.
New Approach (nsupdate)
nsupdate is used to submit Dynamic DNS Update requests as defined in RFC2136 to a name server. This allows resource records to be added or removed from a zone without manually editing the zone file. A single update request can contain requests to add or remove more than one resource record.
Please read the above link to understand more better on nsupdate
Examples
The examples below show how nsupdate could be used to insert and delete resource records from the example.com zone. Notice that the input in each example contains a trailing blank line so that a group of commands are sent as one dynamic update request to the master name server for example.com.
# nsupdate > update delete oldhost.example.com A > update add newhost.example.com 86400 A 172.16.1.1 > send
Any A records for oldhost.example.com are deleted. and an A record for newhost.example.com it IP address 172.16.1.1 is added. The newly-added record has a 1 day TTL (86400 seconds)
# nsupdate > prereq nxdomain nickname.example.com > update add nickname.example.com 86400 CNAME somehost.example.com > send Advantages · More safer · Easy to implement · No chance for affecting ZRD and Named services.
F5 version v11, v12, v13 support this feature and implementation, since nsupdate is a Linux utility.
Future Approach (F5 DNS Express)
Need to explore more on this for how to achieve the above use cases(1. Create a new zone 2. Create different type of records in a specific zone)
Analyst at AppViewX
5 年Thanks for your blog!! Keep going!!!