Creating Authoritative Subzones

After creating a zone, you can add more zones at the same level, or add subordinate zones (subzones). The subzones can be authoritative. 

The distinction between domains and zones is that domains provide a logical structure to the DNS name space while zones provide an administrative structure. The difference between domains and subdomains, and zones and subzones is that the terms subdomains and subzones reference their relationship to a parent domain or zone. With the exception of the root domain and root zone, all domains are subdomains and all zones are subzones.

You can organize a domain based on logical divisions such as type (.com, .gov, .edu; or sales, eng, sup) or location (.uk, .jp, .us; or hq, east, west). The figure below shows one way to organize the external (public) namespace and the internal (private) namespace for a corporation with the domain name corpxyz.com. The external namespace follows standard DNS conventions. Internally, you create an individual subdomain and corresponding subzone for each department. 

The procedure for adding a subzone is the same as that used to add an authoritative zone. The only difference is that you specify the subzone name in the Name field. For information about adding authoritative zones, see Creating a Primary Zone.

To create an authoritative subzone, complete the following:

1. From the Infoblox Portal, click Configure > Networking > DNS >  Zones.
2. Create a DNS view or click an existing DNS view. For more information about creating a DNS view, see Configuring DNS Views.
3. Click the zone where you want to add a subzone.
4. Click Create > Zone and choose Primary Zone from the drop-down list.
5. On the Create Primary Zone page, select the zone to which you want to add a subzone.
6. Configure the following to create a subzone:
   
   • Name: Enter the name of the subzone and select the name of the zone for which you want to create the subzone.
   • Description: Optionally, enter additional information about the subzone.
   • Disable for DNS Protocol: Select this option to temporarily disable the subzone. For information, see Enabling and Disabling Zones.
   • DNS SERVERS: You can associate DNS servers with the subzone. see Creating a Secondary Zone. For information on specifying authoritative DNS server groups, see Configuring DNS Server Groups. To edit an existing primary or a secondary server or a DNS server group, select the respective row and click the Edit button. You can select a row and click the Remove button to delete a row.
   • Tags: Click Add to associate keys with the reverse-mapping zone and specify the following details:

   • • KEY: Enter a meaningful name for the key, such as a location or a department.  

     • VALUE: Enter a value for the key.   
       To remove a tag, select the respective check box and click Remove to delete the associated tag. For information about tags, see Managing Tags.

7. Configure the Zone Settings Defaults. The Zone Settings Defaults are inherited from Global DNS Properties. For more information, see Configuring Global DNS Properties. Alternatively, toggle Inherit to Off and configure the values for each of the following:

   • Refresh: Specify the value and choose Hours,  Minutes, or Seconds from the drop-down list.

   • Retry: Specify the value and choose Hours, Minutes, or Seconds from the drop-down list.
   • Expire: Specify the value and choose Days, Hours, Minutes, or Seconds from the drop-down list.
   • Default TTL: Specify the value and choose Hours, Minutes, or Seconds from the drop-down list.
   • Negative-caching TTL: Specify the value and choose Minutes or Seconds from the drop-down list.
   • EMAIL ADDRESS (FOR SOA RNAME FIELD): Specify an email address for the SOA RNAME FIELD.

   • Use default forwarders to resolve queries for delegated zones, select the check box to use the default forwarders for delegated zones.

8. Configure the Queries. The queries are inherited from Global DNS Properties. For more information, see Configuring Global DNS Properties. Alternatively, toggle Inherit to Off and configure the values in the ALLOW QUERIES FROM section. Click Add to add or click Remove to remove the entries. Choose one of the following from the TYPE drop-down list:   
   
   • IPv4 Address: Choose this option to add an IPv4 address. Click the VALUE field and enter the IP address of the client from which the query originates. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

   • IPv4 Network: Choose this option to add a network to the list. Click the VALUE field and enter an IPv4 network address and type a netmask. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

   • Named ACL: Choose this option to add a named ACL that you want to use. Click the VALUE field and the list of named ACLs are displayed. If you have only one named ACL, the application automatically displays the named ACL. When you select this, the application replies to DNS queries from clients matching the ACL. You can click Clear to remove the selected named ACL.

   • Any Address/Network: Choose this option to allow or deny queries from any IP addresses or networks. The application replies to queries from all clients. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

9. Configure the Zone transfers. The queries are inherited from Global DNS Properties. For more information, see Configuring Global DNS Properties. Alternatively, toggle Inherit to Off and configure the values in the ACCEPT ZONE TRANSFER REQUESTS FROM section. Click Add to add or Remove to remove the entries. Choose one of the following from the TYPE drop-down list:   
   

   • IPv4 Address: Choose this option to add an IPv4 address. Click the VALUE field and enter the IP address of the remote server. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

   • IPv4 Network: Choose this option to add an IPv4 network address to the list. Click the VALUE field and enter an IPv4 network address and type a netmask. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

   • Named ACL: Choose this option to add a named ACL. Click the VALUE field and the list of named ACLs are displayed. If you have only one named ACL, it is displayed automatically. When you select this, the application allows servers permission to send and receive DNS zone transfer data. You can click Clear to remove the selected named ACL.

   • Any Address/Network: Choose this option to allow or deny the application to send zone transfers to any IP address or network. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

10. Configure dynamic updates. The dynamic updates are inherited from Global DNS Properties. For more information, see Configuring Global DNS Properties. Alternatively, toggle Inherit to Off and configure the values in the ALLOW DYNAMIC UPDATES section. Click Add to add or click Remove to remove the entries. Choose one of the following from the TYPE drop-down list:
    

    • IPv4 Address: Choose this option to add an IPv4 address. Click the VALUE field and enter the IP address of the remote server. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    • IPv4 Network: Choose this option to add an IPv4 network address to the list. Click the VALUE field and enter an IPv4 network address and type a netmask. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    • Named ACL: Choose this option to add a named ACL. Click the VALUE field and the list of named ACLs are displayed. If you have only one named ACL, it is displayed automatically. When you select this, the application allows servers permission to send and receive DNS zone transfer data. You can click Clear to remove the selected named ACL.

    • Any Address/Network: Choose this option to allow or deny the application to send zone transfers to any IP address or network. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

11. Click Save & Close to save.
    

To modify or delete a subzone, click the respective zone name with which the subzone is associated. When you click the zone name, the list of subzones associated with it are listed. Click ☰ and select Edit from the list to modify the details or Delete to delete the subzone. You can also select the check box and click the Edit button to modify or click the Delete button to delete the subzone.