Page tree


A primary zone stores the master copy of the zone data. A secondary zone is a read-only copy of the primary zone that is stored on a different server. The secondary zone cannot process updates and can only retrieve updates from the primary zone. The secondary zone can answer DNS name resolution queries from client nodes, which helps reduce the workload on the primary zone. When you want to forward queries for data in a particular zone, define the zone as a forward zone and specify one or more DNS servers, an on-premise host, or an IP address that can resolve queries for the zone.

An authoritative zone is a zone for which the local server references its own data when responding to queries. The local server is authoritative for the data in this zone and responds to queries for this data without referencing another server. Primary and secondary zones are authoritative zones. A forward zone is not an authoritative zone. 


A primary zone on BloxOne DDI (cloud) is an authoritative zone. 

The following are two types of authoritative zones:

  • Forward-mapping: An authoritative forward-mapping zone is an area of domain name space for which one or more name servers have the responsibility to respond authoritatively to name-to-address queries.
  • Reverse-mapping: A reverse-mapping zone is an area of network space for which one or more name servers have the responsibility to respond to address-to-name queries.

You can configure and manage authoritative forward-mapping and IPv4 reverse-mapping zones on the Infoblox BloxOne DDI cloud service portal. When you create an authoritative forward-mapping zone or reverse-mapping zone, you assign zone authority to a DNS server and define it as the primary server for the zone. A primary server is designated as the primary source for the zone and maintains a master copy of the zone data.

You can also create one or more secondary DNS servers for a zone. A secondary server for a zone receives read-only zone data from the primary server. If a zone is part of an internal DNS structure for a private network, the inclusion of a secondary DNS server is optional, though highly recommended. If a zone is a part of an external DNS structure for a public network such as the Internet, then a secondary server in a different subnet from the primary server is required. This requirement provides an additional safeguard against localized network failures causing both primary and secondary DNS servers for a zone to become inaccessible.

You can specify the primary and secondary server for a zone or you can specify a DNS server group. A DNS server group is a collection of one primary server and one or more secondary servers. For information on DNS server groups, see Configuring DNS Server Groups.

You can add arpa as the top-level forward-mapping zone. You can also add (for ipv4 addresses) as the top-level reverse-mapping zone. You can create a top-level reverse-mapping zone under an arpa or a root parent forward-mapping zone or without a parent zone. If you want arpa and zones on BloxOne DDI, you must manually create them. These zones are not auto-created.

The following is an example of an IPv4 reverse-mapping zone hierarchy:

(root zone) > arpa > >

This chapter provides general information about DNS zones that you can configure and manage on BloxOne DDI. The topics in this section include the following:

  • No labels

This page has no comments.