Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. From the Cloud Services Portal, click Manage -> DNS -> Zones.
  2. Create a DNS view or click an existing DNS view. For more information about creating a DNS view, see Configuring DNS Views.
  3. On the Zones page, click Create and choose Forward Zone from the drop-down list.
  4. On the Create Forward Zone page, specify the following:
    • Name: Enter the domain name for the zone. Omit the trailing period (“ . ”) that signifies the root zone. You can either choose a domain name from the drop-down list or select None.
    • Description: Enter a descriptive comment about the zone.
    • Disable for DNS Protocol: Click this check box to temporarily disable this zone. For information, see Enabling and Disabling Zones.
    • Use Forwarders Only: Select the check box if you want the application to query forwarders only (not root servers) to resolve domain names in the zone.
    • DNS SERVERS: Define DNS servers for the zone. You can choose to forward queries to an external IP address, an on-premise host, or a DNS server group:
      • Forward to Address: Choose an external IP address to which you want to forward the details.
      • Forward to On-Premises Host: Choose an on-premise host address from the drop-down list. The queries against the zone are forwarded to this host. For more information about on-prem hosts, see Creating On-Prem Hosts.
      • On-Premise Host: Choose an on-premise host address from the drop-down list. The host that you choose serves the zone and forwards queries. For more information about on-prem hosts, see Creating On-Prem Hosts.
      • DNS Server Group: Choose a DNS server group from the drop-down list to forward the queries to a set of DNS servers.
    • Tags: Click Add to associate keys with the forward-mapping zone and specify the following details:

      • KEY: Enter a meaningful name for the key, such as a location or a department.  

      • VALUE: Enter a value for the key.    

      To remove a tag, select the respective check box and click Remove to delete the associated tag. For information about tags, see Using Managing Tags.

  5. Click Save & Close to save.

...

  1. From the Cloud Services Portal, click Manage -> DNS -> Zones.
  2. On the Zones page, click Create and choose Forward Zone from the drop-down list.
  3. On the Create Forward Zone page, specify the following:
    • Name: Enter a domain name for the zone. Omit the trailing period (“ . ”) that signifies the root zone. You can either choose a domain name from the drop-down list or select None.
    • Description: Enter a descriptive comment about the zone.
    • Disable for DNS Protocol: Select this check box to temporarily disable this zone. For information, see Enabling and Disabling Zones.
    • Use Forwarders Only: Select the check box if you want the application to query forwarders only (not root servers) to resolve domain names in the zone. 
    • Associate DNS servers with the zone. You can choose to forward queries to an external IP address, an on-premise host, or a DNS server group. Click Add to associate a DNS server or click Removeto delete it from the list.
      • Forward to Address: Choose an external IP address to which you want to forward the queries.
      • Forward to On-Premise Host: Choose an on-premise host address from the drop-down list. The queries against the zone are forwarded to this host.
      • On-Premise Host: Choose an on-premise host address from the drop-down list. The host that you choose serves the zone and forward queries.  
      • DNS Server Group: Choose a DNS server group from the drop-down list to forward the queries to a set of DNS servers.
    • Tags: Click Add to associate keys with the forward IPv4 reverse-mapping zone and specify the following details:
      • KEY: Enter a meaningful name for the key, such as a location or a department. 

      • VALUE: Enter a value for the key.     

        To remove a tag, select the respective check box and click Remove to delete the associated tag. For information about tags, see Using Managing Tags.
  4. Click Save & Close to save.

...

  1. From the Cloud Services Portal, click Manage -> DNS ->  Zones.
  2. Create a DNS view or click an existing DNS view. For more information about creating a DNS view, see Configuring DNS Views.
  3. Click the zone where you want to add a subzone.
  4. Click Create -> Zone and choose Primary Zone from the drop-down list.
  5. On the Create Primary Zone page, select the zone to which you want to add a subzone.
  6. Configure the following to create a subzone:
    • Name: Enter the name of the subzone and select the name of the zone for which you want to create the subzone.
    • Description: Optionally, enter additional information about the subzone.
    • Disable for DNS Protocol: Select this option to temporarily disable the subzone. For information, see Enabling and Disabling Zones.
    • DNS SERVERS: You can associate DNS servers with the subzone. see Assigning Zone Authority to DNS Servers. For information on specifying authoritative DNS server groups, see Configuring DNS Server Groups. To edit an existing primary or a secondary server or a DNS server group, select the respective row and click the Edit button. You can select a row and click the Remove button to delete a row.
    • Tags: Click Add to associate keys with the reverse-mapping zone and specify the following details:
      • KEY: Enter a meaningful name for the key, such as a location or a department.  

      • VALUE: Enter a value for the key.   
        To remove a tag, select the respective check box and click Remove to delete the associated tag. For information about tags, see Using Managing Tags.

  7. Select Authoritative DNS Servers from the list. 
  8. Configure the Zone Settings Defaults. The Zone Settings Defaults are inherited from Global DNS Properties. For more information, see Configuring Global DNS Properties. Alternatively, toggle Inherit to Off and configure the values for each of the following:
    • Refresh: Specify the value and choose Hours,  Minutes, or Seconds from the drop-down list.

    • Retry: Specify the value and choose Hours, Minutes, or Seconds from the drop-down list.
    • Expire: Specify the value and choose Days, Hours, Minutes, or Seconds from the drop-down list.
    • Default TTL: Specify the value and choose Hours, Minutes, or Seconds from the drop-down list.
    • Negative-caching TTL: Specify the value and choose Minutes or Seconds from the drop-down list.
    • EMAIL ADDRESS (FOR SOA RNAME FIELD): Specify an email address for the SOA RNAME FIELD.
    • Use default forwarders to resolve queries for delegated zones, select the check box to use the default forwarders for delegated zones.

  9. Configure the Queries. The queries are inherited from Global DNS Properties. For more information, see Configuring Global DNS Properties. Alternatively, toggle Inherit to Off and configure the values in the ALLOW QUERIES FROM section. Click Add to add or click Remove to remove the entries. Choose one of the following from the TYPE drop-down list:   
    • IPv4 Address: Choose this option to add an IPv4 address. Click the VALUE field and enter the IP address of the client from which the query originates. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.
    • IPv4 Network: Choose this option to add a network to the list. Click the VALUE field and enter an IPv4 network address and type a netmask. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    • Named ACL: Choose this option to add a named ACL that you want to use. Click the VALUE field and the list of named ACLs are displayed. If you have only one named ACL, the application automatically displays the named ACL. When you select this, the application replies to DNS queries from clients matching the ACL. You can click Clear to remove the selected named ACL.

    • Any Address/Network: Choose this option to allow or deny queries from any IP addresses or networks. The application replies to queries from all clients. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

  10. Configure the Zone transfers. The queries are inherited from Global DNS Properties. For more information, see Configuring Global DNS Properties. Alternatively, toggle Inherit to Off and configure the values in the ACCEPT ZONE TRANSFER REQUESTS FROM section. Click Add to add or Remove to remove the entries. Choose one of the following from the TYPE drop-down list:   
    • IPv4 Address: Choose this option to add an IPv4 address. Click the VALUE field and enter the IP address of the remote server. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    • IPv4 Network: Choose this option to add an IPv4 network address to the list. Click the VALUE field and enter an IPv4 network address and type a netmask. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    • Named ACL: Choose this option to add a named ACL. Click the VALUE field and the list of named ACLs are displayed. If you have only one named ACL, it is displayed automatically. When you select this, the application allows servers permission to send and receive DNS zone transfer data. You can click Clear to remove the selected named ACL.

    • Any Address/Network: Choose this option to allow or deny the application to send zone transfers to any IP address or networkThe PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

  11. Configure dynamic updates. The dynamic updates are inherited from Global DNS Properties. For more information, see Configuring Global DNS Properties. Alternatively, toggle Inherit to Off and configure the values in the ALLOW DYNAMIC UPDATES section. Click Add to add or click Remove to remove the entries. Choose one of the following from the TYPE drop-down list:
    • IPv4 Address: Choose this option to add an IPv4 address. Click the VALUE field and enter the IP address of the remote server. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    • IPv4 Network: Choose this option to add an IPv4 network address to the list. Click the VALUE field and enter an IPv4 network address and type a netmask. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    • Named ACL: Choose this option to add a named ACL. Click the VALUE field and the list of named ACLs are displayed. If you have only one named ACL, it is displayed automatically. When you select this, the application allows servers permission to send and receive DNS zone transfer data. You can click Clear to remove the selected named ACL.

    • Any Address/Network: Choose this option to allow or deny the application to send zone transfers to any IP address or networkThe PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

  12. Click Save & Close to save.

...

Comment

Creating Authoritative Zones

You can configure and manage authoritative forward-mapping and IPv4 reverse-mapping zones on the Infoblox BloxOne DDI cloud service portal. You can add arpa as the top-level forward-mapping zone. You can also add in-addr.arpa (for ipv4 addresses) as the top-level reverse-mapping zone.

You can create top-level reverse-mapping zone under an arpa or a root parent forward-mapping zone or without a parent zone. If you want arpa and in-addr.arpa zones on BloxOne DDI, you must manually create them. These zones are not auto-created.

Sample IPv4 reverse-mapping zone hierarchy:

(root zone) > arpa > in-addr.arpa > 10.in-addr.arpa

Following are the tasks to configure an authoritative zone:

  1. Create the zone. The following sections explain how to create authoritative forward-mapping zones, reverse-mapping zones, and a custom root zone.
  2. Assign a DNS server group, primary, or a secondary server to the zone.

  3. Optionally, associate keys with the zone.

Creating Authoritative Forward-Mapping Zones

An authoritative forward-mapping zone is an area of domain name space for which BloxOne DDI has the responsibility to respond authoritatively to name-to-address queries.

To create an authoritative forward-mapping zone:

  1. From the Cloud Services Portal, click Manage -> DNS ->Zones.
  2. Create a DNS view or click an existing DNS view. For more information about creating a DNS view, see Creating DNS Views.
  3. On the Zones page, click Create and select Authoritative Zonefrom the drop-down list.
  4. On the Create Authoritative Zone page, specify the following:
    • Name: Enter the domain name for the zone. Omit the trailing period (“ . ”) that signifies the root zone.
    • Description: Enter additional details about the zone.
    • Disable: Click this check box to temporarily disable this zone. For information, see Enabling and Disabling Zones.
  5. Define DNS server groups for the zone. Select either DNS Server Group, External Primary, or Internal Secondary from the list. For information on specifying primary and secondary servers, see Assigning Zone Authority to DNS Servers. For information on specifying authoritative DNS server groups, see Configuring DNS Server Groups.

  6. Tags: Click Add to associate keys with the authoritative forward-mapping zone and specify the following details:

    • KEY: Enter a meaningful name for the key, such as a location or a department.  

    • VALUE: Enter a value for the key.

      To remove a tag, select the respective check box and click Remove to delete the associated tag. For information about tags, see Using Tags. 

    Select the respective check box and click Remove to delete the associated key.

  7. Click Save & Close to save.

Creating Authoritative Reverse-Mapping Zones

An authoritative reverse-mapping zone is an area of network space for which one or more name servers—primary and secondary—have the responsibility to respond to address-to-name queries. Infoblox supports reverse-mapping zones for IPv4 addresses. You can add in-addr.arpa as the top-level reverse-mapping zone. Note that you cannot add these zones using their IP addresses or netmasks, however, you can add them by name "in-addr.arpa" respectively.

RFC 2317, Classless IN-ADDR.ARPA delegation is an IETF (Internet Engineering Task Force) document that describes a method of delegating parts of the DNS IPv4 reverse-mapping tree that correspond to subnets smaller than a /24 (from a /25 to a /31). The DNS IPv4 reverse-mapping tree has nodes broken at octet boundaries of IP addresses, which correspond to the old classful network masks. So, IPv4 reverse-mapping zones usually fall on /8, /16, or /24 boundaries.

To create an authoritative reverse-mapping zone:

  1. From the Cloud Services Portal, click Manage -> DNS -> Zones.
  2. Create a DNS view or click an existing DNS view. For more information about creating a DNS view, see Creating DNS Views.
  3. On the Zones page, click Create and select Authoritative Zone from the drop-down list.
  4. On the Create Authoritative Zone page, specify the following:
    • Name: Enter a domain name for the reverse-mapping zone.
    • Description: Optionally, enter additional information about the zone.
    • Disable: Select this option to temporarily disable this zone. For information, see Enabling and Disabling Zones.
  5. DNS SERVERS: Click Add to define DNS servers for the zone. For information on specifying primary and secondary servers, see Assigning Zone Authority to DNS Servers. For information on specifying authoritative DNS server groups, see Configuring DNS Server Groups. To edit an existing primary or a secondary server or a DNS server group, select the respective row and click the Edit button. You can select a row and click the Remove button to delete a row.
  6. Tags: Click Add to associate keys with the reverse-mapping zone and specify the following details:
    • KEY: Enter a meaningful name for the key, such as a location or a department.  
    • VALUE: Enter a value for the key.   
      To remove a tag, select the respective check box and click Remove to delete the associated tag. For information about tags, see Using Tags. 
  7. Click Save & Close to save.

Creating Root Zones

BloxOne DDI allows you to create an internal root zone for your organization. When the application receives a query for DNS data that is not in its cache or authoritative data, it can query an internal root server after querying any specified forwarders. If you do not specify an internal root server and BloxOne DDI can access the Internet, it queries the Internet root servers. For information about the root name server, seeAbout Root Name Servers in Global DNS Configuration.

To create a root zone, create an authoritative forward-mapping zone as described in Creating Authoritative Forward-Mapping Zonesand specify the following:

Once created, the root zone automatically becomes the parent of all the zones under the root zone.

  • Enter a period (.) in the Name field.

  • Optionally, enter a description.

  • Associate a primary and a secondary server, or a DNS server group with the root zone.

  • Add keys.

Creating Authoritative Subzones

After creating a zone, you can add more zones at the same level, or add subordinate zones (subzones). The subzones can be authoritative. For simplicity, the zones created in this example are authoritative (as are all zones by default).

The distinction between domains and zones is that domains provide a logical structure to the DNS name space while zones provide an administrative structure. The difference between domains and subdomains and zones and subzones is that the terms subdomains and subzones reference their relationship to a parent domain or zone. With the exception of the root domain and root zone, all domains are subdomains and all zones are subzones.

You can organize a domain based on logical divisions such as type (.com, .gov, .edu; or sales, eng, sup) or location (.uk, .jp, .us; or hq, east, west). The figure below shows one way to organize the external (public) namespace and the internal (private) namespace for a corporation with the domain name corpxyz.com. The external namespace follows standard DNS conventions. Internally, you create an individual subdomain and corresponding subzone for each department.



Note

Note

Throughout this documentation, the trailing period (“.”) indicating the root zone is not shown, although its presence is assumed.

The procedure for adding a subzone is the same as that used to add an authoritative zone. The only difference is that you specify the subzone name in the Name field. For information about adding authoritative zones, see Creating Authoritative Zones.

To create a subzone:

  1. From the Cloud Services Portal, click Manage -> DNS ->  Zones.
  2. Create a DNS view or click an existing DNS view. For more information about creating a DNS view, see Creating DNS Views.
  3. On the Zones page, click Create and select Forward Zone from the drop-down list.
  4. On the Create Forward Zone page, select the zone to which you want to add a subzone.
  5. Click Create and select either Authoritative Zone or Forward Zone from the drop-down list.
  6. Enter one of the following to create a subzone:
    • Name: Enter the name of the subzone and select the name of the zone for which you want to create the subzone.
    • Description: Optionally, enter additional information about the subzone.
    • Disable: Select this option to temporarily disable the subzone. For information, see Enabling and Disabling Zones.
    • DNS SERVERS: You can associate DNS servers with the subzone. see Assigning Zone Authority to DNS Servers. For information on specifying authoritative DNS server groups, see Configuring DNS Server Groups. To edit an existing primary or a secondary server or a DNS server group, select the respective row and click the Edit button. You can select a row and click the Remove button to delete a row.
    • Tags: Click Add to associate keys with the reverse-mapping zone and specify the following details:
      • KEY: Enter a meaningful name for the key, such as a location or a department.  

      • VALUE: Enter a value for the key.   
        To remove a tag, select the respective check box and click Remove to delete the associated tag. For information about tags, see Using Tags. 

  7. Click Save & Close to save.

To modify or delete a subzone, click the respective zone name with which the subzone is associated. When you click the zone name, the list of subzones associated with it are listed. Click  and select Edit from the list to modify the details or Delete to delete the subzone. You can also select the check box and click the Edit button to modify or click the Delete button to delete the subzone.

Creating Forward IPv4 Reverse-Mapping Zones

To create a forward IPv4 reverse-mapping zone:

  1. From the Cloud Services Portal, click Manage -> DNS -> Zones.
  2. On the Zones page, click Create and select Forward Zone from the drop-down list.
  3. On the Create Forward Zone page, specify the following:
    • Name: Enter a domain name for the zone. Omit the trailing period (“ . ”) that signifies the root zone. You can either select a domain name from the drop-down list or select None.
    • Description: Enter a descriptive comment about the zone.
    • Disable: Click this check box to temporarily disable this zone. For information, see Enabling and Disabling Zones.
    • Use Forwarders Only: Select the check box if you want the application to query forwarders only (not root servers) to resolve domain names in the zone. 
    • Associate DNS servers with the zone. You can choose to forward queries to an external IP address, an on-premise host, or a DNS server group. Click Add to associate a DNS server or click Removeto delete it from the list.
      • Forward to Address: Select an external IP address to which you want to forward the queries.
      • Forward to On-Premise Host: Select an on-premise host address from the drop-down list. The queries against the zone are forwarded to this host.
      • On-Premise Host: Select an on-premise host address from the drop-down list. The host that you select serves the zone and forward queries.  
      • DNS Server Group: Select a DNS server group from the drop-down list to forward the queries to a set of DNS servers.
    • Tags: Click Add to associate keys with the forward IPv4 reverse-mapping zone and specify the following details:
      • KEY: Enter a meaningful name for the key, such as a location or a department. 

      • VALUE: Enter a value for the key.     

        To remove a tag, select the respective check box and click Remove to delete the associated tag. For information about tags, see Using Tags. 
  4. Click Save & Close to save.

Specifying a Primary Server

When you create a zone, you can associate it with a an external primary server, an internal on-premise host, or a DNS server group. BloxOne DDI supports only a single external primary server. You can specify the primary server for a zone when you create or edit an existing zone. For information on how to add a new zone, see Creating Authoritative Zones.

The following procedure describes how to access the editor of a zone. To specify a primary server for an existing zone:

  1. From the Cloud Services Portal, click Manage -> DNS -> Zones.

  2. Click  -> Edit or select the check box for the respective record and click the Edit button to modify a zone. On the Edit <zonename> page, specify the following:

    • External Primary: Choose this option if you want to specify a primary server that is external to BloxOne DDI. For more information, see Specifying External Primary Servers in Configuring DNS Server Groups.
  3. Click Save & Close to save.

...