Manage DNS Zone

Objective

This guide provides instructions on how to set up primary and secondary Domain Name System (DNS) zones and associated DNS service for your applications using F5® Distributed Cloud Services. A DNS zone is a distinct division or subdivision of domain namespace that is managed by an entity such as an organization. A DNS zone allows you to exercise granular control on the components such as name servers which hold the DNS records for the domain namespace represented by the zone.

Using this service, you can set up zones for your primary and secondary DNS servers and configure encrypted connection between them for record synchronization.


Prerequisites

The following prerequisites apply:

  • A Distributed Cloud Services Account. If you do not have an account, see Create an Account.

  • A DNS domain for your web application. Obtain a domain from the Internet domain registrar.

  • Name servers for managing your DNS records.

  • To ensure that zone transfers are successful, add the following IP addresses to your firewall or ACL allow list:

    • 52.14.213.208
    • 3.140.118.214

Configuration

Creating and managing zones involve creating a primary DNS zone and a secondary zone, configuring settings such as records, encryption mechanism, etc.

Create Primary Zone

Log into Console and perform the following:

Step 1: Navigate to zone management and start adding a zone.
  • Click DNS Management service on the Console home page.

NavigateToDNS
Figure: Navigate to DNS Management

  • Select DNS Management option in the primary navigation menu located on the left side of the page.

  • Click Add Zone.

AddZone
Figure: Add Zone

  • Enter domain or subdomain name in the Domain Name field in the metadata section.

  • Optionally, set labels and add a description for your zone.

Step 2: Start configuring primary zone.

Select Primary DNS Configuration for the Zone Type field in the DNS Zone Configuration section. Click View Configuration under the Primary DNS Configuration field. Do the following in the zone configuration form:

  • In the SOA Record Parameters section, the Use Default Parameters is populated by default. To customize this, select SOA Record Parameters option, click View Configuration, and set the SOA parameters such as refresh interval, retry interval, TTL, etc.

SOACustom
Figure: SOA Custom Configuration

Step 3: Configure resource record sets for the default group.
  • Go to Resource Record Sets section and click Add Item. The resource record sets configuration form opens.

  • Enter a value for the Time to live field.

  • Select a record type for the Record Set field, enter a name for your record name in the Record Name field, and set the fields as per your record type selection. Refer to the following table for the record type and field mapping:

Record Type Fields Notes
A List of IPv4 Addresses Enter IPv4 addresses.
AAAA List of IPv6 Addresses Enter IPv6 addresses.
ALIAS Domain Enter alias domain name.
CAA Tags and Value Enter a tag and its value.
CNAME Domain Enter domain name.
MX Domain and Priority Enter domain and priority in the MX Record Value section.
NS List of Name servers Enter the FQDN for the name servers.
PTR List of Name servers Enter the FQDN for the name servers.
SRV Priority, Weight, Port, Target Click Add Item in the SRV Value section and set the parameters.
TXT List of Text Add the TXT record.

Note: Use the Add item button available in each record type configuration to add more than one record for that record.

ResourceRecordSet
Figure: Resource Record Set

  • Click Add Item to add the resource record set to the list of resource record sets. Use the Add Item button to add more than one resource record step.
Step 4: Configure specific resource record sets group.

This step configures specific groups for resource record sets. A resource record sets group allows grouping of DNS records to make it easier to manage them. For example, you can group DNS records that belong to the same application.

  • Enable Show Advanced Fields in the Resource Record Sets section.

  • Click Add Item in the appeared Additional Resource Record Sets section. This opens new resource record sets form.

  • Enter a Name in the metadata section.

  • Click Add Item in the Resource Record Sets section. This opens the resource record sets configuration form.

  • Configure the records in the same way as mentioned in previous step.

  • Click Add Item to add the resource record set to the group. Use the Add Item button to add more than one resource record set.

  • Click Add Item in the Resource Record Sets form to add the group to the Additional Resource Record Sets section. Use the Add Item button to add more than one group.

Step 5: Optionally, enable DNSSEC.

Go to DNSSEC Mode section and select Enable for the DNSSEC Mode field.

Note: DNSSEC is disabled by default.

Step 6: Complete creating the primary zone.
  • Click Apply in the primary zone configuration form.

PrimaryZoneConfig
Figure: Primary Zone Configuration

  • Click Save and Exit in the main zone configuration form to complete creating the primary zone.

Note: In case you enabled the DNSSEC, the system generates a DS record and displays it in the DNSSEC DS Record column. Click on the displayed value, click Copy DS Record on the displayed window, add the DS record to your parent zone. After primary zone is created, you can use the dig ds <domain name> command to verify that the DS record digest is displayed in the output. This indicates that DNSSEC is functional.


Create Secondary Zone

Log into Console and perform the following:

Step 1: Navigate to zone management and start adding a zone.
  • Click DNS Management service on the Console home page.

NavigateToDNS
Figure: Navigate to DNS Management

  • Select DNS Management option in the primary navigation menu located on the left side of the page.

  • Click Add Zone.

  • Enter domain or subdomain name in the Domain Name field in the metadata section. Ensure that you enter the same domain name used in primary zone configuration.

  • Optionally, set labels and add a description.

Step 2: Start configuring secondary zone.

Select Secondary DNS Configuration for the Zone Type field in the DNS Zone Configuration section. Click Configure under the Secondary DNS Configuration field. Do the following in the zone configuration form:

  • Enter IP addresses for the list of primary zone servers in the List of zone primary servers field. Use the Add item button to add more than one primary server.

  • Enter the Transaction Signature (TSIG) key name in the TSIG key name as used in TSIG protocol extension field.

  • Click on the TSIG Key algorithm field and select an algorithm from the drop-down. Ensure that the key value for the key specified is compatible with the algorithm being selected.

Note: Configuring TSIG key and algorithm is optional.

  • Encrypt your secret. Paste your secret in the Secret Info section, ensure that the Type is Text, and click Blindfold.

  • Wait for the encryption to complete and click Apply.

SecondaryZoneConfig
Figure: Secondary Zone Configuration

Step 3: Complete configuring secondary zone.

Click Save and Exit in the main zone configuration form to create secondary zone.


Concepts


API References