/
Creating a Primary Zone under a NIOS View
Document toolboxDocument toolbox

Creating a Primary Zone under a NIOS View

Owned by Sri Raghu
Jan 17, 2025
8 min read

When a NIOS View (a DNS View created in NIOS) is imported to the Infoblox Portal, you can create a primary zone under it. The process of creating a primary zone under a NIOS View is different than creating a primary zone directly under a DNS View in (a non-NIOS View). For creating a primary zone under a non-NIOS View see Creating a Primary Zone.

To create a primary zone under a NIOS View, complete the following:

  1. From the Cloud Services Portal, click Configure > Networking > DNS Zones.

  2. Create a DNS view or click an existing DNS view. For more information about creating a DNS view, see Configuring DNS Views.

  3. On the Zones page, click Create and select Primary Zone from the drop-down list.

  4. On the Create Primary Zone page, specify the following:

    • Name: Enter the domain name for the zone. 

      • To create an IPv4 reverse-mapping zone, specify in-addr.arpa as the top-level reverse-mapping zone while specifying a name for the zone.

      • To create an IPv6 reverse-mapping zone, specify ip6.arpa as the top-level reverse-mapping zone while specifying a name for the zone.

    • Description: Enter additional details about the zone.

    • Disable for DNS Protocol: Select this check box to temporarily disable this zone. For information, see Enabling and Disabling Zones.

    • Notify External Secondary DNS Servers: Select this check box to notify external secondary DNS servers that a primary zone has been created. 

    • Tags: Click Add to associate keys with values. Specify the following details:

      • KEY: Enter a meaningful name for the key, such as a location or a department.  

      • VALUE: Enter a value for the key such as San Jose (for location), or Accounts (for department).  

  5. Select AUTHORITATIVE DNS SERVERS from the list. You can also define zones without assigning DNS servers to them. This is particularly helpful during pre-deployment provisioning and during troubleshooting activities. You can configure Grid Primaries and Grid Secondaries under Authoritative DNS Servers. Grid Primaries and Grid Secondaries are mutually exclusive. Configure the following:

    • Grid Primaries: You can select Service Instance Name listed and click >> to move it to the right pane. The type of the Service Instance will show as NIOS DDI.

    • Grid Secondaries: You can select Service Instance Name listed and click >> to move it to the right pane. The type of the Service Instance will show as NIOS DDI.

  6. Configure External Primaries. This is the server that will be the primary DNS server that resides outside your network. Alternatively, you can also create an External Secondary Server. Click Add and configure the following:

    • Name: Specify the name of the External Primary DNS Server.

    • Address: Specify the IP address.

    • TSIG Key Name: Specify the name of the TSIG key.

    • TSIG Key Algorithm: Select the TSIG key algorithm.

    • TSIG Secret: Specify the TSIG secret.

  7. Configure External Secondaries. This is the server that will be the secondary DNS server that resides outside your network. Click Add and configure the following:

    • Name: Specify the name of the External Secondary DNS Server.

    • Address: Specify the IP address.

    • TSIG Key Name: Specify the name of the TSIG key.

    • TSIG Key Algorithm: Select the TSIG key algorithm.

    • TSIG Secret: Specify the TSIG secret.

  8. Configure the Zone Settings Defaults. The Zone Settings Defaults are inherited from Global DNS Properties. For more information, see Configuring Global DNS Properties. Alternatively, toggle Inherit to Off and configure the values for each of the following:

    • Serial Number: Specify a serial number.

    • Refresh: Specify the value and choose Hours,  Minutes, or Seconds from the drop-down list.

    • Retry: Specify the value and choose Hours, Minutes, or Seconds from the drop-down list.

    • Expire: Specify the value and choose Days, Hours, Minutes, or Seconds from the drop-down list.

    • Default TTL: Specify the value and choose Hours, Minutes, or Seconds from the drop-down list.

    • Negative-caching TTL: Specify the value and choose Minutes or Seconds from the drop-down list.

    • EMAIL ADDRESS (FOR SOA RNAME field): Specify an email address for the SOA RNAME field.

    • Use default forwarders to resolve queries for delegated zones. Select the check box to use the default forwarders for delegated zones.

  9. Configure the Queries. The queries are inherited from Global DNS Properties. For more information, see Configuring Global DNS Properties. Alternatively, toggle Inherit to Off and configure the values in the ALLOW QUERIES FROM section. Click Add to add or Remove to remove the entries. Choose one of the following from the TYPE drop-down list:   

    • Any Address/Network: Choose this option to allow or deny queries from any IP addresses or networks. The application replies to queries from all clients. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    • IPv4 Address: Choose this option to add an IPv4 address. Click the VALUE field and enter the IP address of the client from which the query originates. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    • IPv4 Network: Choose this option to add a network to the list. Click the VALUE field and enter an IPv4 network address and type a netmask. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    • Named ACL: Choose this option to add a named ACL that you want to use. Click the VALUE field and the list of named ACLs are displayed. If you have only one named ACL, the application automatically displays the named ACL. When you select this, the application replies to DNS queries from clients matching the ACL. You can click Clear to remove the selected named ACL.

    • TSIG: Select an existing TSIG Key. For more information, see Configuring TSIG Keys. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

  10. Configure the Zone transfers. The queries are inherited from Global DNS Properties. For more information, see Configuring Global DNS Properties. Alternatively, toggle Inherit to Off and configure the values in the ACCEPT ZONE TRANSFER REQUESTS FROM section. Click Add to add or Remove to remove the entries. Choose one of the following from the TYPE drop-down list:

    • Any Address/Network: Choose this option to allow or deny queries from any IP addresses or networks. The PERMISSION column displays Allow by default. In that case, the application replies to queries from all clients. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    • IPv4 Address: Choose this option to add an IPv4 address. Click the VALUE field and enter the IP address of the remote server. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    • IPv4 Network: Choose this option to add an IPv4 network address to the list. Click the VALUE field and enter an IPv4 network address and type a netmask. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    • Named ACL: Choose this option to add a named ACL. Click the VALUE field and the list of named ACLs are displayed. If you have only one named ACL, it is displayed automatically. When you choose this, the application allows servers that have the Allow permission to send and receive DNS zone transfer data. You can click Clear to remove the chosen named ACL.

    • TSIG: Select an existing TSIG Key. For more information, see Configuring TSIG Keys. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

  11. Configure dynamic updates. The dynamic updates are inherited from Global DNS Properties. For more information, see Configuring Global DNS Properties

    • Allow GSS-TSIG-signed updates: Toggle Inherit to Off, and select the check box to allow GSS-TSIG-signed updates. GSS-TSIG (Generic Security Service Algorithm for Secret Key Transaction) is used to authenticate DDNS updates. For more information, see Configuring GSS-TSIG.

    • ALLOW DYNAMIC UPDATES: Toggle Inherit to Off and configure the values in the ALLOW DYNAMIC UPDATES section. Click Add to add or Remove to remove the entries. Choose one of the following from the TYPE drop-down list:

      • Any Address/Network: Choose this option to allow or deny the application to send zone transfers to any IP address or network. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

      • IPv4 Address: Choose this option to add an IPv4 address. Click the VALUE field and enter the IP address of the remote server. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

      • IPv4 Network: Choose this option to add an IPv4 network address to the list. Click the VALUE field and enter an IPv4 network address and type a netmask. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

      • Named ACL: Choose this option to add a named ACL. Click the VALUE field and the list of named ACLs are displayed. If you have only one named ACL, it is displayed automatically. When you select this, the application allows servers permission to send and receive DNS zone transfer data. You can click Clear to remove the chosen named ACL.

      • TSIG: Select an existing TSIG Key. For more information, see Configuring TSIG Keys. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

  12. An rdatatype (short for resource record type) refers to the specific type of resource record (RR) in the DNS. Each resource record in DNS has an associated type that indicates the kind of data it holds for example type A, the IPv4 address of a NIOS-X Server, or type MX , how to route mail. An rdataset refers to a set of resource records (RRs) of the same type for a specific domain name in the Domain Name System (DNS). An rdatatype (short for resource record type) refers to the specific type of resource record (RR) in the DNS. Each resource record in DNS has an associated type that indicates the kind of data it holds for example type A, the IPv4 address of a NIOS-X Server, or type MX , how to route mail. An rdataset refers to a set of resource records (RRs) of the same type for a specific domain name in the Domain Name System (DNS). Excessively large rdatasets or large numbers of rrtypes can slow down query processing, therefore limits can be set on a per-zone basis. The value, “0”, removes any upper limit. However, this may result in reduced performance. Configure the following settings:

    • Max Records per Type: Specify a numeric value for maximum records per type. The default value is 2000.

    • Max Types per Name: Specify a numeric value for maximum types per name. The default value is 100.

  13. Click Save & Close to save.

You cannot add the same NIOS-X Server as Grid Primary and Grid Secondary under Authoritative DNS Servers.

You cannot create a Secondary Zone under a NIOS View. You can only create a Primary Zone under a NIOS View. To create a Secondary Zone under a NIOS View, create a Primary Zone and configure External Primaries within it.