Manage DNS Zone
On This Page:
Objective
This guide provides instructions on how to set up primary and secondary Domain Name System (DNS) zones and associated DNS service for your applications using F5® Distributed Cloud Services. A DNS zone is a distinct division or subdivision of domain namespace that is managed by an entity such as an organization. A DNS zone allows you to exercise granular control on the components such as name servers which hold the DNS records for the domain namespace represented by the zone.
Using this service, you can set up zones for your primary and secondary DNS servers and configure encrypted connection between them for record synchronization.
Prerequisites
The following prerequisites apply:
-
A Distributed Cloud Services Account. If you do not have an account, see Create an Account.
-
A DNS domain for your web application. Obtain a domain from the Internet domain registrar.
-
Name servers for managing your DNS records.
-
To ensure that zone transfers are successful, add the following IP addresses to your firewall or ACL
allow
list:52.14.213.208
3.140.118.214
Configuration
Creating and managing zones involve creating a primary DNS zone and a secondary zone, configuring settings such as records, encryption mechanism, etc.
Create Primary Zone
Log into Console and perform the following:
Step 1: Navigate to zone management and start adding a zone.
- Click
DNS Management
service on the Console home page.
-
Select
DNS Management
option in the primary navigation menu located on the left side of the page. -
Click
Add Zone
.
-
Enter domain or subdomain name in the
Domain Name
field in the metadata section. -
Optionally, set labels and add a description for your zone.
Step 2: Start configuring primary zone.
Select Primary DNS Configuration
for the Zone Type
field in the DNS Zone Configuration
section. Click View Configuration
under the Primary DNS Configuration
field. Do the following in the zone configuration form:
- In the
SOA Record Parameters
section, theUse Default Parameters
is populated by default. To customize this, selectSOA Record Parameters
option, clickView Configuration
, and set the SOA parameters such as refresh interval, retry interval, TTL, etc.
Step 3: Configure resource record sets for the default group.
-
Go to
Resource Record Sets
section and clickAdd Item
. The resource record sets configuration form opens. -
Enter a value for the
Time to live
field. -
Select a record type for the
Record Set
field, enter a name for your record name in theRecord Name
field, and set the fields as per your record type selection. Refer to the following table for the record type and field mapping:
Record Type | Fields | Notes |
---|---|---|
A | List of IPv4 Addresses | Enter IPv4 addresses. |
AAAA | List of IPv6 Addresses | Enter IPv6 addresses. |
ALIAS | Domain | Enter alias domain name. |
CAA | Tags and Value | Enter a tag and its value. |
CNAME | Domain | Enter domain name. |
MX | Domain and Priority | Enter domain and priority in the MX Record Value section. |
NS | List of Name servers | Enter the FQDN for the name servers. |
PTR | List of Name servers | Enter the FQDN for the name servers. |
SRV | Priority, Weight, Port, Target | Click Add Item in the SRV Value section and set the parameters. |
TXT | List of Text | Add the TXT record. |
DNS Load Balancer | DNS Load Balancer Records | Add the DNS Load Balancer record. |
Note: Use the
Add item
button available in each record type configuration to add more than one record for that record. See DNS Load Balancer for instructions on how to configure DNS load balancer for your zone.
- Click
Add Item
to add the resource record set to the list of resource record sets. Use theAdd Item
button to add more than one resource record step.
Step 4: Configure specific resource record sets group.
This step configures specific groups for resource record sets. A resource record sets group allows grouping of DNS records to make it easier to manage them. For example, you can group DNS records that belong to the same application.
-
Enable
Show Advanced Fields
in theResource Record Sets
section. -
Click
Add Item
in the appearedAdditional Resource Record Sets
section. This opens new resource record sets form. -
Enter a
Name
in the metadata section. -
Click
Add Item
in theResource Record Sets
section. This opens the resource record sets configuration form. -
Configure the records in the same way as mentioned in previous step.
-
Click
Add Item
to add the resource record set to the group. Use theAdd Item
button to add more than one resource record set. -
Click
Add Item
in theResource Record Sets
form to add the group to theAdditional Resource Record Sets
section. Use theAdd Item
button to add more than one group.
Step 5: Optionally, enable DNSSEC.
Go to DNSSEC Mode
section and select Enable
for the DNSSEC Mode
field.
Note: DNSSEC is disabled by default.
Step 6: Complete creating the primary zone.
- Click
Apply
in the primary zone configuration form.
- Click
Save and Exit
in the main zone configuration form to complete creating the primary zone.
Note: In case you enabled the DNSSEC, the system generates a DS record and displays it in the
DNSSEC DS Record
column. Click on the displayed value, clickCopy DS Record
on the displayed window, add the DS record to your parent zone. After primary zone is created, you can use thedig ds <domain name>
command to verify that the DS record digest is displayed in the output. This indicates that DNSSEC is functional.
Create Secondary Zone
Log into Console and perform the following:
Step 1: Navigate to zone management and start adding a zone.
- Click
DNS Management
service on the Console home page.
-
Select
DNS Management
option in the primary navigation menu located on the left side of the page. -
Click
Add Zone
. -
Enter domain or subdomain name in the
Domain Name
field in the metadata section. Ensure that you enter the same domain name used in primary zone configuration. -
Optionally, set labels and add a description.
Step 2: Start configuring secondary zone.
Select Secondary DNS Configuration
for the Zone Type
field in the DNS Zone Configuration
section. Click Configure
under the Secondary DNS Configuration
field. Do the following in the zone configuration form:
-
Enter IP addresses for the list of primary zone servers in the
List of zone primary servers
field. Use theAdd item
button to add more than one primary server. -
Enter the Transaction Signature (TSIG) key name in the
TSIG key name as used in TSIG protocol extension
field. -
Click on the
TSIG Key algorithm
field and select an algorithm from the drop-down. Ensure that the key value for the key specified is compatible with the algorithm being selected.
Note: Configuring TSIG key and algorithm is optional.
-
Encrypt your secret. Paste your secret in the
Secret Info
section, ensure that theType
isText
, and clickBlindfold
. -
Wait for the encryption to complete and click
Apply
.
Step 3: Complete configuring secondary zone.
Click Save and Exit
in the main zone configuration form to create secondary zone.