Creating and deploying a secondary DNS zone with DNS Cloud Service is both fast and easy. You can watch the video below to see how it is done, or you can follow the six steps below to setup the a service for your zone.
To ensure that zone transfers succeed, add the following IP addresses to your application’s allow list:
Deployment regions download: F5_DNS.Deployment.Regions_V1.0.json
Click the Secondary DNS tab in the Cloud Services navigation menu.
On the Secondary DNS tab, click the Create button.
On Create Secondary DNS Zone, specify your zone details:
- Zone Name
The zone name can be any name you want, but it must be a unique zone name that isn’t already registered with the service for any other account.
- DNS Primary Server IP
This is the DNS master server that is the primary source of zone information for your zone. The secondary zone will perform a zone transfer to get the zone information.
- Alternative IP (optional)
If your zone has more than one primary DNS server, you may enter another IP address in the Alternative IP field. To enter additional primary DNS servers, press the + sign to the right of the field to create addition IP address fields. To remove primary servers, press the – sign next to the IP address you want to remove. To change to only a single primary server, remove all added fields by pressing their corresponding – sign and deleting the IP address in the remaining Alternative IP address field.
- Division (optional)
The Division field allows you to specify a group that can make changes to this zone. Once a zone is created, you'll need to delete and re-create it to change the Division linked to it.
- Description (optional)
The Description field allows you to enter more information about the zone you are creating. This could be a longer, more descriptive name, or it could be your internal nomenclature for the zone or server where it resides.
- Add Transaction Signature Key (TSIG) (optional)
TSIG enables DNS Cloud Services to authenticate updates it receives from the primary DNS server. If your zone is configured with TSIG on your primary server, you must select the Add Transaction Signature Key (TSIG) and then provide the key information here in order for DNS Cloud Services to perform the required zone transfers.
After you complete the settings for the secondary zone, click Get Zone File to retrieve the zone file from your primary DNS server. Zone File displays the zone file.
If you are satisfied with the contents of the zone file, click Deploy. If you decide that there is a problem with the configuration or the zone file, click Back to make changes. After you click Deploy, your zone will be in Pending status until it is completely deployed, and the system displays the Anycast information associated with this zone. Use this information with your registrar or in your NS records.
When you’re finished, click Done.
The Secondary DNS dashboard shows the zone that you created in its list of zones. For more information about the DNS Cloud Service dashboard, see Use the Secondary DNS Cloud Service dashboard.
When you create a new DNS zone, you may get this error message:
Failed to get zone file: dns: bad xfr rcode: 5
This error means that we cannot pull the zone file from your primary DNS server. The possible causes of this issue include:
- The IP address for the primary DNS server is incorrect
- The primary DNS server needs a TSIG for zone transfers, and the TSIG is either missing or incorrect.
- An access control list (ACL) for the network or on the primary DNS server prevents DNS Cloud Service from communicating with the primary DNS server.
- Zone transfers are disabled on the primary DNS server.
- A firewall is preventing communications