Domain Delegation

Objective
Prerequisites
Configuration
Configuration Sequence
Create Delegated Domain
Update Records in Your Domain
Concepts
API References

Note: Domain Delegation is scheduled to be deprecated soon and will be replaced with a new option in DNS Management available now. For more information, see Manage DNS Zone and look for the new option, Allow HTTP Load Balancer Managed Records.

Objective

This guide provides instructions on how to delegate your DNS domain to F5® Distributed Cloud Services using F5® Distributed Cloud Console (Console). Delegating your domain enables Distributed Cloud Services to manage the domain and be the authoritative domain name server for your domain. Distributed Cloud Services check the DNS domain configured in the virtual host and verifies that the tenant owns that domain.

Using the instructions provided in this guide, you can perform the following:

Create a delegated domain in Console
Update TXT and NS records in your domain records

Distributed Cloud Services perform periodic domain verification.

Prerequisites

The following prerequisites apply:

A Distributed Cloud Services Account. If you do not have an account, see Create an Account.
A DNS domain for your web application. Obtain a domain from the Internet domain registrar.

Configuration

The following image shows the workflow of delegating a domain to Distributed Cloud Services:

Configuration Sequence

Delegating your domain to Distributed Cloud Services requires you to perform the following sequence of actions.

Steps	Description
Create Delegated Domain	Log into Console and create a delegated domain object.
Update Records in Your Domain	Log into your domain and update the records for Distributed Cloud Services to manage your domain.

The following video presents the domain delegation workflow:

Create Delegated Domain

Delegating your domain for Distributed Cloud Services to manage requires you to create a delegated domain object in Console.

Note: A valid and functioning domain is a prerequisite for creating a delegated domain object in Console.

Step 1: Navigate to delegated domains.

Log into Console.
Click DNS Management.

Click Add delegated domain.

Step 2: Create the delegated domain object with your domain name.

In the Domain Name field, enter the name for your domain per the DNS 1035 standard. Ensure that this is a valid and functional domain.
In the Domain Method menu, select Managed by Distributed Cloud.
Optionally, select Enable from the DNSSEC Mode menu to enable DNS security.
Click Save and Exit to complete creating the delegated domain object.

Note: A random TXT string is generated for the created object and the verification status is set to DNS_DOMAIN_VERIFICATION_PENDING.

Click Copy value to copy the string for use in updating TXT records in your domain.

Figure: TXT Generated with Pending Domain Verification

Update Records in Your Domain

Creating a delegated domain generates a text string for that object in Console. Update your domain records by adding a TXT record with the created string and by adding an NS record for resolving to Distributed Cloud Services as the authoritative server.

Step 1: Log into your domain and add TXT record.

Login to your domain.
Navigate to domain records.
Add a TXT record per the following guidelines:
- Set the name with the name you configured for the delegated domain object in the previous chapter.
- Set type as TXT and value as the TXT value of the delegated domain object created in the previous chapter.

Once the TXT record is added, Distributed Cloud Services periodically tries to verify the TXT record. Once a matching TXT record for the delegated domain is found, the status is set to DNS_DOMAIN_VERIFICATION_SUCCESS. Verification is a one-time process. After the verification process is completed, the delegated domain remains in this state until the object is deleted. You can also trigger the verification from Console by navigating to your delegated domain and selecting Verify. In the popup window that appears, click Start verification.

Figure: Delegated Domain Verify — Figure: Start Verification

Note: The domain record propagation from your host domain may take a few minutes.

If you have enabled DNSSEC as part of the domain created, then the DNSSEC DS Record column displays the DS record.

Click on the Dnssec DS Record column entry and then click Copy DS Record to copy the DS record information.
Add the same in your DNS domain parent zone.

Step 2: Add NS record.

Distributed Cloud Services use NS1 as the managed DNS platform when delegating a domain. A zone is added for the configured and verified domain and is retained until the delegated domain persists.

Note: You must configure the parent domains with the NS records pointing to this address to resolve the delegated domain records.

Perform the following to add an NS record:

Login to your domain.
Navigate to domain records.
Remove the TXT record added in Step 1.
Add an NS record per the following guidelines:
- Set the name with the name you configured for the delegated domain object in the previous chapter.
- Set type as NS and value as one of the server names of the delegated domain object created in the previous chapter.

Note: The server names are displayed in the Name Servers field for your delegated domain object in Console.

Note: After delegating your domain to Distributed Cloud Services, the domain name created in the HTTP load balancer gets the Resource Records (RR) created for the delegated domain. For information on creating an HTTP load balancer, see Create HTTP Load Balancer.