The functionality of DNS Zone Federation feature can be explained as follows:
Provider Ownership:
When updating zone/record, the Cloud Services Portal will check if any conflicts already exist before update. If there are conflicts, the Cloud Services Portal takes the updates back to BloxOne and fails the update operation. Users can see the latest update from the cloud provider and update again if it needed.
If the update failed for BloxOne and succeeded in cloud provider, it is expected to be in sync after the next periodic synchronization.
In the case of deleting Zone/Record, case if the Zone/Record is already deleted from cloud provider, the error will be skipped.
If the Zone is configured with inherit (not override) for the Default TTL, it is expected to display an error. For the provider ownership, the global configuration should not be inherited.
BloxOne Ownership:
Any edits made in the cloud provider are overwritten during synchronization.
If the cloud provider update fails after the update in BloxOne DDI, the user update operation is a success as the source of truth is updated. However, Cloud Services Portal will show an error message stating that the cloud provider update failed. In the next periodic synchronization, both the systems will be in sync.
In the case of deleting Zone/Record, if the Zone/Record is already deleted from cloud provider, the error will be skipped.
If the Zone object is configured with the inherit option for the Default TTL field, any record created under it will have the global configuration for the value TTL.
AWS
If you try to delete a Zone that has user-defined records, it is expected to fail and the you must delete all the records before deleting the zone from the Cloud Services Portal.
Azure
You can delete the Zone even though it has user-defined records.