You can import the name of a named ACL in the fields that support named ACLs, such as allow_transfer, allow_query, and allow_update.
| Note |
|---|
Note
|
Field Name | Data Type | Required | Associated | Associated PAPI Method | Usage and Guidelines |
|---|---|---|---|---|---|
Header-AuthZone | String | Yes | |||
fqdn | FQDN | Yes | Name | name | Example: test.com |
zone_format | String | Yes | Valid values are FORWARD, IPV4,and IPV6 | ||
view | String | No | If no view is specified, the Default view is used. | ||
prefix | String | No | Prefix is used for reverse-mapping RFC2317 zones only. If you include a prefix in a forward-mapping zone, the appliance ignores the prefix. No error message is generated. | ||
_new_prefix | String | No | Add this field to overwrite the prefix field when you select the overwrite or merge option.Use the hostname of the grid member in this field. Example: infoblox.localdomain | ||
is_multimaster | Boolean | No | Multi-master | is_multimaster | Indicates whether the zone has multiple primary servers. |
grid_primaries | Grid member list and stealth state | No | Grid Primary/Stealth | primary stealth | Data must be in the following format: "hostname/stealth" |
external_primaries | Server list | No | External Primary | primary | Data must be in the following format: "name/ip/stealth/use_2x_tsig/ use_tsig/tsig_name/tsig_key/ tsig_key_algorithm". |
grid_secondaries | Member server list | No | Grid | secondaries | Data must be in the following format: "hostname/stealth/lead/grid_ replicate". Only hostname is required. If you do not specify values for stealth, lead, and grid_replicate, the default value FALSE is used. Example: "member1.localdomain/FALSE/TRUE/FALSE" |
external_secondaries | Server list | No | External Secondary | secondaries | Data must be in the following format: "name/ip/stealth/use_2x_tsig/use_tsig/tsig_name/tsig_key/tsig_key_algorithm". Only name and ip are required fields. If no value is specified for stealth, use_2x_tsig, and use_tsig, the default value FALSE is used. If either use_2x_tsig or use_tsig is TRUE, tsig_name and tsig_key are equired. If no value is specified for tsig_key_algorithm, the default value is HMAC-MD5. If both use_2x_tsig and use_tsig are TRUE, only use_tsig = TRUE and the tsig key name and key are imported. Example: "sec1.com/1.1.1.1/FALSE/FALSE/FALSE/foo/sdfssdf86ew" |
ns_group | String | No | Name server group | ns_group | Authoritative name server group name. Example: name-ns-group1 |
comment | String | No | Comment | comment | |
disabled | Boolean | No | Disable | disable | Example: FALSE |
create_underscore_zones | Boolean | No | Automatically create underscore zones | create_underscore_zones | Example: FALSE |
allow_active_dir | List of IP addresses | No | Allow unsigned updates from these domain controllers | enable_ad_server | The Valid value is a list of IP addresses. |
soa_refresh | Unsigned integer | No | Refresh | soa_refresh | When you modify this field to override an inherited value, you must include values for all SOA timer fields. The appliance updates all the SOA timers when you update any of them. |
soa_retry | Unsigned integer | No | Retry | soa_retry | Ensure that you include this field when you override the soa_refresh field. |
soa_expire | Unsigned integer | No | Expire | soa_expire | Ensure that you include this field when you override the soa_refresh field. |
soa_default_ttl | Unsigned integer | No | Default TTL | soa_default_ttl | Ensure that you include this field when you override the soa_refresh field. |
soa_negative_ttl | Unsigned integer | No | Negative-caching TTL | soa_negative_ttl | Ensure that you include this field when you override the soa_refresh field. |
soa_mnames | FQDN list | No | List of SOA MNAME fields | soa_mname | Data must include the FQDN and hostname |
soa_email | Email address | No | Email address for SOA MNAME field | soa_email | Example: root@ |
soa_serial_number | Unsigned integer | No | Serial Number | soa_serial_number | |
disable_forwarding | Boolean | No | Don’t use forwarders... | disable_forwarding | Example: TRUE |
allow_update_forwarding | Boolean | No | Allow updates from | forward_to | Example: FALSE |
update_forwarding | ACL | No | Allow updates from... | forward_to | Data must be in the following formats: ip address/permissionnetwork/network cidr/permissionANY/permissionTSIG-XXX/permission Permission can be ALLOW or DENY |
allow_transfer | ACL | No | Allow zone transfers to | allow_transfer | Example: "12.0.0.12/Deny,1234::/64/Allow" |
allow_update | ACL | No | Allow updates from | allow_update | Example: “13.0.0.0/8/Allow” |
allow_query | ACL | No | Allow queries from | allow_query | Example: “127.0.0.1/Allow” |
notify_delay | Unsigned integer | No | notify_delay | This field specifies the seconds of delay the notify messages are sent to the secondaries. The valid value is between 5 and 86400 seconds.Example: 10 | |
EA-Site | String | No | Extensible attribute | extensible_attributes | EA-Site is an example of a predefined extensible attribute. You can add other predefined attributes to the data file. For information about data format and examples, see Data Specific Guidelines. |
EA-Users | List | No | Extensible attribute | extensible_attributes | EA-Users is an example of a user defined attribute. You can add other user defined attributes to the data file. For information about data format and examples, see Data Specific Guidelines. |
ADMGRP-JoeSmith | String | No | Permissions | ADMGRP-JoeSmith is an example of an admin permission of a specific admin group. For information about data format and examples, see Data Specific Guidelines. |
Examples
This section contains examples of how to create data files for DNS zones. All examples use comma as the separator. You can use other supported separators, such as semicolon, space, or tab.
...