Document toolboxDocument toolbox

Configuring Zone Transfers

Owned by Sri Raghu
Last updated: Sept 06, 2024
2 min read

To configure zone transfers, you identify the servers to which zone data is transferred and optionally, servers to which data must not be transferred. For example, you can allow transfers to a network, but not to a specific server in the network. You can specify a different set of servers for specific zones.  

To configure zone transfer properties, complete the following:

  1. From the Infoblox Portal, click Configure > Networking > DNS, and click Global DNS Configuration. 
  2. In the Global DNS Configuration page, click Zone Transfers.
  3. In the ACCEPT ZONE TRANSFER REQUESTS FROM section, click Add to add or click Remove to remove the entries. Select one of the following from the TYPE drop-down list:
    • Any Address/Network: Select this option to allow or deny the application to send zone transfers to any IP address or network. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and selecting Deny from the drop-down list.

    • IPv4 Address: Select this option to add an IPv4 address. Click the VALUE field and enter the IP address of the remote server. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and selecting Deny from the drop-down list.

    • IPv4 Network: Select this option to add an IPv4 network address to the list. Click the VALUE field and enter an IPv4 network address and type a netmask. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and selecting Deny from the drop-down list.

    • Named ACL: Select this option to add a named ACL. Click the VALUE field and the list of named ACLs are displayed. If you have only one named ACL, it is displayed automatically. When you select this, the application allows servers that have the Allow permission to send and receive DNS zone transfer data. You can click Clear to remove the selected named ACL.

    • TSIG: Select an existing TSIG Key. For more information, see Configuring TSIG Keys. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    You can reorder the rows using the up and down arrows next to the table.

  4. Click Save & Close to save.

Note

Universal DDI supports incremental zone transfer. This feature is not user-configurable and is handled by Universal DDI automatically. Universal DDI will perform incremental zone transfers to decrease network load and to boost the speed of propagating the zone changes to NIOS-X Servers. This is useful for large zones, especially the ones that are changed frequently. In some cases, incremental zone transfers may not be performed due to certain factors or if secondary servers request a full zone transfer. In such cases, a full zone transfer will be performed.Â