Document toolboxDocument toolbox

Creating Authoritative DNS Server Groups

Owned by Sri Raghu
Last updated: Sept 06, 2024
2 min read

An authoritative DNS server group is a collection of primary DNS servers and secondary DNS servers. After you create an authoritative DNS server group, you can then assign it to serve authoritative forward-mapping and reverse-mapping zones. You cannot delete an authoritative DNS server group if the group is assigned to a zone.

When creating a DNS Server Group the usage of Primary or Secondary DNS servers depends on the type of target zone the DNS Server Group will be assigned to. To use a DNS Server Group with Secondary zones, both primary master DNS Servers and Secondary DNS servers must be configured. To use a DNS Server Group with Primary zones, only Secondary DNS servers should be configured.

To create an authoritative DNS server group, complete the following:

  1. From the Infoblox Portal, click Configure > Networking > DNS > DNS Server Groups > Create > Authoritative DNS Server Group.

  2. On the Create Authoritative DNS Server Group page, specify the following:
  • Name: Type a name that provides a meaningful reference for this set of servers.
  • Description: Optionally, enter additional information about the authoritative DNS Server Group.
  • In the Primary (Master) DNS SERVERS section, click Add and select one of the following options for every server that you are adding to the DNS server group:
    • External Primary: Select this option if you want to specify a primary server outside Universal DDI. 
    • DNS Server Group: Select this option to associate a DNS server group with the authoritative DNS server group.  
    If you select External Primary, complete the following:

    • Name: Displays the type of DNS Server.

    • AddressDisplays the IP address of the selected DNS server. 
    • Use TSIG: Select this check box to use the standards-based TSIG key that uses the one-way hash function to secure transfers between name servers. For more information, see Configuring TSIG Keys.
      • New TSIG: Choose this option to create a new TSIG key. Configure the following for a new TSIG key.
        • Key Name: Specify a name for the key.
        • Algorithm: Choose one of the following algorithm from the drop-down: HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512.
        • Secret: Specify a value for the secret. The value must be a Base64 encoded string. Alternatively, click Generate to automatically generate a unique value.
        • Description: Specify a description for the key.
      • Existing TSIG: Select an existing TSIG Key from the drop-down. For more information, see Configuring TSIG Keys
      • Click Add to add the DNS server group to the Primary (Master) DNS Servers list. You can also to reorder the rows using the up and down arrows. To edit an entry, select the check box and click Edit or click Remove to delete the entry from the table.
    1. If you select DNS Server Group, complete the following:
      • From the list of AVAILABLE servers, select the secondary name servers or name server groups you want to add to this Authoritative DNS Server Group, and then use the arrows to move them to the SELECTED section. You can use the double arrows to move all the available servers to the SELECTED section. These secondary servers are in effect only when you configure this Authoritative DNS Server Group as secondaries when you create a zone.

    2. Tags: For information about tags, see Managing Tags.

  2. In the Secondary DNS Servers section, select secondary DNS servers from the column selector. 
  3. In the DNS Server Group (Secondaries only) section, select the DNS server group from the column selector. 
  4. Click Save & Close to save the record.