Product Documentation

Configuring a DNS Zone

Feb 13, 2017

A DNS zone entity on the Citrix® NetScaler® appliance facilitates the ownership of a domain on the appliance. A zone on the appliance also enables you to implement DNS Security Extensions (DNSSEC) for the zone, or to offload the zone’s DNSSEC operations from the DNS servers to the appliance. DNSSEC sign operations are performed on all the resource records in a DNS zone. Therefore, if you want to sign a zone, or if you want to offload DNSSEC operations for a zone, you must first create the zone on the NetScaler appliance.

You must create a DNS zone on the appliance in the following scenarios:
  • The NetScaler appliance owns all the records in a zone, that is, the appliance is operating as the authoritative DNS server for the zone. The zone must be created with the proxyMode parameter set to NO.
  • The NetScaler appliance owns only a subset of the records in a zone, and all the other resource records in the zone are hosted on a set of back-end name servers for which the appliance is configured as a DNS proxy server. A typical configuration where the NetScaler appliance owns only a subset of the resource records in the zone is a global server load balancing (GSLB) configuration. Only the GSLB domain names are owned by the NetScaler appliance, while all the other records are owned by the back-end name servers. The zone must be created with the proxyMode parameter set to YES.
  • You want to offload DNSSEC operations for a zone from your authoritative DNS servers to the appliance. The zone must be created with the proxyMode parameter set to YES. You might need to configure additional settings for the zone.

The current topic describes how to create a zone for the first two scenarios. For more information about how to configure a zone for offloading DNSSEC operations to the appliance, see Offloading DNSSEC Operations to the NetScaler Appliance.

Note: If the NetScaler is operating as the authoritative DNS server for a zone, you must create Start of Authority (SOA) and name server (NS) records for the zone before you create the zone. If the NetScaler is operating as the DNS proxy server for a zone, SOA and NS records must not be created on the NetScaler appliance. For more information about creating SOA and NS records, see Configuring DNS Resource Records.

When you create a zone, all existing domain names and resource records that end with the name of the zone are automatically treated as a part of the zone. Additionally, any new resource records created with a suffix that matches the name of the zone are implicitly included in the zone.

To create a DNS zone on the NetScaler appliance by using the command line interface

At the command prompt, type the following command to add a DNS zone to the NetScaler appliance and verify the configuration:

  • add dns zone <zoneName> -proxyMode ( YES | NO )
  • show dns zone [<zoneName> | -type <type>]

Example

 
> add dns zone example.com -proxyMode Yes 
 Done 
> show dns zone example.com 
         Zone Name : example.com 
         Proxy Mode : YES 
Done 
> 

To modify or remove a DNS zone by using the command line interface

  • To modify a DNS zone, type the set dns zone command, the name of the DNS zone, and the parameters to be changed, with their new values.
  • To remove a DNS zone, type the rm dns zone command and the name of the dns zone.

To configure a DNS zone by using the configuration utility

Navigate to Traffic Management > DNS > Zones and create a DNS zone.