ADC

Configure a DNS zone

A DNS zone entity on the NetScaler appliance facilitates the ownership of a domain on the appliance. A zone on the appliance also enables you to implement DNS Security Extensions (DNSSEC) for the zone, or to offload the zone’s DNSSEC operations from the DNS servers to the appliance. DNSSEC sign operations are performed on all the resource records in a DNS zone. Therefore, if you want to sign a zone, or if you want to offload DNSSEC operations for a zone, you must first create the zone on the NetScaler appliance.

Create a DNS zone on the appliance in the following scenarios:

  • The NetScaler appliance owns all the records in a zone, that is, the appliance is operating as the authoritative DNS server for the zone. The zone must be created with the proxyMode parameter set to NO.
  • The NetScaler appliance owns only a subset of the records in a zone. All the other resource records in the zone are hosted on a set of back-end name servers. The appliance is configured as a DNS proxy server for these back-end servers. A typical configuration where the NetScaler appliance owns only a subset of the resource records in the zone is a global server load balancing (GSLB) configuration. The NetScaler appliance owns only the GSLB domain names, while the back-end name servers own all the other records. The zone must be created with the proxyMode parameter set to YES.
  • You want to offload DNSSEC operations for a zone from your authoritative DNS servers to the appliance. The zone must be created with the proxyMode parameter set to YES. You might have to configure more settings for the zone.

The current topic describes how to create a zone for the first two scenarios. For more information about how to configure a zone for offloading DNSSEC operations to the appliance, see Offload DNSSEC operations to the NetScaler appliance.

Note

If the ADC appliance is operating as the authoritative DNS server for a zone, you must create the Start of Authority (SOA) and name server (NS) records for the zone before you create the zone. If the NetScaler is operating as the DNS proxy server for a zone, SOA and NS records must not be created on the NetScaler appliance. For more information about creating SOA and NS records, see Configure DNS resource records.

When you create a zone, all existing domain names and resource records that end with the name of the zone are automatically treated as a part of the zone. Also, any new resource records created with a suffix that matches the name of the zone are implicitly included in the zone.

Create a DNS zone on the NetScaler appliance by using the CLI

At the command prompt, type the following command to add a DNS zone to the NetScaler appliance and verify the configuration:

-  add dns zone <zoneName> -proxyMode ( YES | NO )
-  show dns zone [<zoneName> | -type <type>]
<!--NeedCopy-->

Example:

> add dns zone example.com -proxyMode Yes
 Done
> show dns zone example.com
         Zone Name : example.com
         Proxy Mode : YES
Done
<!--NeedCopy-->

Modify or remove a DNS zone by using the CLI

  • To modify a DNS zone, type the set dns zone command, the name of the DNS zone, and the parameters to be changed, with their new values.
  • To remove a DNS zone, type the rm dns zone command and the name of the DNS zone.

Configure a DNS zone by using the GUI

Navigate to Traffic Management > DNS > Zones and create a DNS zone.

Configure a DNS zone