You can add ACEs (access control entries) or use a named ACL (access control list) to determine which hosts can perform specific DNS tasks. For information about how to define a named ACL, see Defining Named ACLs. When you add ACEs or a named ACL to Grid DNS properties, the configuration overrides member and object access control for DNS zone transfers, dynamic DNS updates, DNS queries and recursive queries, blackhole lists, and AAAA filtering. For a full list of operations that support access control, see Operations that Support Access Control.
To configure DNS access control:
- From the Data Management tab, select the DNS tab, expand the Toolbar and click Grid DNS Properties.
- In the Grid DNS Properties editor, click Toggle Advanced Mode, and select one of the following tabs for specific DNS tasks:
- Updates tab: Define ACEs or a named ACL to control Grid level dynamic DNS updates, as described inĀ Enabling DNS Servers to Accept DDNS Updates.
- Queries tab: Define ACEs or a named ACL to control Grid level DNS queries, recursive queries, and AAAA filtering, as described in Controlling DNS Queries, Enabling Recursive Queries, and Controlling AAAA Records for IPv4 Clients.
- Zone Transfers tab: Define ACEs or a named ACL to control Grid level DNS zone transfers, as described in Enabling Zone Transfers. This does not apply to zone transfers for Microsoft servers. For information about Microsoft servers, see Setting Zone Properties.
- Blackhole tab: Configure ACEs or a named ACL to define IP addresses and networks that you do not want to include during the DNS resolution process, as described in Configuring a DNS Blackhole List.
- DNS64 tab: Configure ACEs or a named ACL for clients to which the appliance sends synthesized AAAA records DNS64 groups, as described in Setting DNS64 Group Properties.
- Save the configuration.
You can override the Grid settings at the member and object levels.