Page tree

Contents

A primary zone stores the master copy of the zone data. Primary zones are organized within DNS views. For more information on DNS Zones, see Configuring DNS Zones

To create a primary zone, complete the following:

  1. From the Cloud Services Portal, click Manage -> DNS -> Zones.
  2. Create a DNS view or click an existing DNS view. For more information about creating a DNS view, see Configuring DNS Views.
  3. On the Zones page, click Create and select Primary Zone from the drop-down list.
  4. On the Create Primary Zone page, specify the following:
    • Name: Enter the domain name for the zone. If you want to create an IPv4 reverse mapping zone, you need to specify in-addr.arpa as the top-level reverse-mapping zone while specifying a name for the zone.

      Warning

      The subdomains starting with ns.b1ddi and b1ddi are reserved and cannot be used as a prefix for the names of zones and resource records.

    • Description: Enter additional details about the zone.
    • Disable for DNS Protocol: Select this check box to temporarily disable this zone. For information, see Enabling and Disabling Zones.
    • Tags: Click Add to associate keys with values. Specify the following details:
      • KEY: Enter a meaningful name for the key, such as a location or a department.  
      • VALUE: Enter a value for the key such as San Jose (for location), or Accounts (for department).  

  5. Select Authoritative DNS Servers from the list. 
  6. Configure the Zone Settings Defaults. The Zone Settings Defaults are inherited from Global DNS Properties. For more information, see Configuring Global DNS Properties. Alternatively, toggle Inherit to Off and configure the values for each of the following:
    • Serial Number: Specify a serial number.
    • Refresh: Specify the value and choose Hours,  Minutes, or Seconds from the drop-down list.

    • Retry: Specify the value and choose Hours, Minutes, or Seconds from the drop-down list.
    • Expire: Specify the value and choose Days, Hours, Minutes, or Seconds from the drop-down list.
    • Default TTL: Specify the value and choose Hours, Minutes, or Seconds from the drop-down list.
    • Negative-caching TTL: Specify the value and choose Minutes or Seconds from the drop-down list.
    • EMAIL ADDRESS (FOR SOA RNAME field): Specify an email address for the SOA RNAME field.
    • Use default forwarders to resolve queries for delegated zones. Select the check box to use the default forwarders for delegated zones.

  7. Configure the Queries. The queries are inherited from Global DNS Properties. For more information, see Configuring Global DNS Properties. Alternatively, toggle Inherit to Off and configure the values in the ALLOW QUERIES FROM section. Click Add to add or Remove to remove the entries. Choose one of the following from the TYPE drop-down list:   
    • Any Address/Network: Choose this option to allow or deny queries from any IP addresses or networks. The application replies to queries from all clients. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.
    • IPv4 Address: Choose this option to add an IPv4 address. Click the VALUE field and enter the IP address of the client from which the query originates. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.
    • IPv4 Network: Choose this option to add a network to the list. Click the VALUE field and enter an IPv4 network address and type a netmask. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    • Named ACL: Choose this option to add a named ACL that you want to use. Click the VALUE field and the list of named ACLs are displayed. If you have only one named ACL, the application automatically displays the named ACL. When you select this, the application replies to DNS queries from clients matching the ACL. You can click Clear to remove the selected named ACL.

    • TSIGSelect an existing TSIG Key. For more information, see Configuring TSIG KeysThe PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.
  8. Configure the Zone transfers. The queries are inherited from Global DNS Properties. For more information, see Configuring Global DNS Properties. Alternatively, toggle Inherit to Off and configure the values in the ACCEPT ZONE TRANSFER REQUESTS FROM section. Click Add to add or Remove to remove the entries. Choose one of the following from the TYPE drop-down list:
    • Any Address/NetworkChoose this option to allow or deny queries from any IP addresses or networks. The PERMISSION column displays Allow by default. In that case, the application replies to queries from all clients. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.
    • IPv4 Address: Choose this option to add an IPv4 address. Click the VALUE field and enter the IP address of the remote server. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    • IPv4 Network: Choose this option to add an IPv4 network address to the list. Click the VALUE field and enter an IPv4 network address and type a netmask. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    • Named ACL: Choose this option to add a named ACL. Click the VALUE field and the list of named ACLs are displayed. If you have only one named ACL, it is displayed automatically. When you choose this, the application allows servers that have the Allow permission to send and receive DNS zone transfer data. You can click Clear to remove the chosen named ACL.

    • TSIG: Select an existing TSIG Key. For more information, see Configuring TSIG Keys. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.
  9. Configure dynamic updates. The dynamic updates are inherited from Global DNS Properties. For more information, see Configuring Global DNS Properties. Alternatively, toggle Inherit to Off and configure the values in the ALLOW DYNAMIC UPDATES section. Click Add to add or Remove to remove the entries. Choose one of the following from the TYPE drop-down list:
    • Any Address/Network: Choose this option to allow or deny the application to send zone transfers to any IP address or networkThe PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.
    • IPv4 Address: Choose this option to add an IPv4 address. Click the VALUE field and enter the IP address of the remote server. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    • IPv4 Network: Choose this option to add an IPv4 network address to the list. Click the VALUE field and enter an IPv4 network address and type a netmask. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    • Named ACL: Choose this option to add a named ACL. Click the VALUE field and the list of named ACLs are displayed. If you have only one named ACL, it is displayed automatically. When you select this, the application allows servers permission to send and receive DNS zone transfer data. You can click Clear to remove the chosen named ACL.

    • TSIG: Select an existing TSIG Key. For more information, see Configuring TSIG Keys. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.
  10. Click Save & Close to save.

    Note

    An authoritative reverse-mapping zone is an area of network space for which one or more name servers—primary and secondary—have the responsibility to respond to address-to-name queries. Infoblox supports reverse-mapping zones for IPv4 addresses. You can add in-addr.arpa as the top-level reverse-mapping zone. Note that you cannot add these zones using their IP addresses or netmasks, however, you can add them by name in-addr.arpa respectively.

    RFC 2317, Classless IN-ADDR.ARPA delegation is an IETF (Internet Engineering Task Force) document that describes a method of delegating parts of the DNS IPv4 reverse-mapping tree that corresponds to subnets smaller than a /24 (from a /25 to a /31). The DNS IPv4 reverse-mapping tree has nodes broken at octet boundaries of IP addresses, which correspond to the old classful network masks. So, IPv4 reverse-mapping zones usually fall on /8, /16, or /24 boundaries.

    To create a primary authoritative reverse mapping zone, add in-addr.arpa as the top-level reverse mapping zone and specify the domain in the Name field.

    After a primary zone is created, you can add resource records to it. For more information, see Configuring Resource Records.

  • No labels

This page has no comments.