Global Load Balancing : Configuring DNS zones
 
Configuring DNS zones
The DNS zone configuration is the key to the global load balancing solution. This configuration contains the key DNS server settings, including:
Domain name and name server details.
Type—Whether the server is the master or a forwarder.
DNSSEC—Whether to use DNSSEC.
DNS RR records—The zone configuration contains resource records (RR) used to resolve DNS queries delegated to the domain by the parent zone.
You can specify different DNS server settings for each zone you create. For example, the DNS server can be a master for one zone and a forwarder for another zone.
Before you begin:
You must have a good understanding of DNS and knowledge of the DNS deployment in your network.
You must have authority to create authoritative DNS zone records for your network.
You must have Read-Write permission for Global DNS Server settings.
After you have configured a DNS zone, you can select it in the DNS policy configuration.
To configure the DNS zone:
1. Go to Global Load Balance > Zone Tools.
2. Click the Zone tab.
3. Click Add to display the configuration editor.
4. Complete the configuration as described in Table 40.
Table 40: DNS zone configuration
Settings
Guidelines
Name
Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference the name in the global DNS policy configuration.
After you initially save the configuration, you cannot edit the name.
Type
Master—The configuration contains the “master” copy of data for the zone and is the authoritative server for it.
Forward—The configuration allows you to apply DNS forwarding on a per-domain basis, overriding the forwarding settings in the “general” configuration.
FQDN Generate—The zone and its resource record is generated from the global load balancing framework.
Domain Name
The domain name must end with a period. For example: example.com.
Forward Options
Forward
First—The DNS server queries the forwarder before doing its own DNS lookup.
Only—Only query the forwarder. Do not perform a DNS lookup.
Note: The internal server caches the results it learns from the forwarders, which optimizes subsequent lookups.
Forwarders
Select a remote server configuration object.
Master Options
DNSSEC
Enable/disable DNSSEC.
DNSSEC Algorithm
Only RSASHA1 is supported.
TTL
The $TTL directive at the top of the zone file (before the SOA) gives a default TTL for every RR without a specific TTL set.
The default is 86,400. The valid range is 0 to 2,147,483,647.
Responsible Mail
Username of the person responsible for this zone, such as root.
Primary Server Name
Sets the server name in the SOA record.
Primary Server Address
The IP address of the primary server.
Negative TTL
The last field in the SOA—the negative caching TTL. This informs other servers how long to cache no-such-domain (NXDOMAIN) responses from you. The default is 3600 seconds. The valid range is 0 to 2,147,483,647.
KSK Filename
It is generated by the system if DNSSEC is enabled for the zone.
To regenerate the KSK, disable DNSSEC and then re-enable DNSSEC.
KSK
Type characters for a string key. The file is generated by the system if DNSSEC is enabled for the zone.
ZSK Filename
It is generated by the system if DNSSEC is enabled for the zone.
To regenerate the ZSK, disable DNSSEC and then re-enable DNSSEC.
ZSK
Type characters for a string key. The file is generated by the system if DNSSEC is enabled for the zone.
DSSET Filename
The file is generated by the system if DNSSEC is enabled for the zone. The file generated by the zone configuration editor is the one you give to any parent zone or the registrar of your domain.
The convention is dsset-<domain>, for example dsset-example.com.
DSSET
It is generated by the system if DNSSEC is enabled for the zone.
DSSET List
Select a DSSET configuration object. See “Configuring the DSSET list”.
A or AAAA Record
Hostname
The hostname part of the FQDN, such as www.
Type
IPv4
IPv6
Weight
Assigns relative preference among members—higher values are more preferred and are assigned connections more frequently.
The default is 1. The valid range is 1-255.
Address
Specify the IP address of the virtual server.
Method
Weighted Round Robin is the only method supported.
NS Record
Domain Name
The domain for which the name server has authoritative answers, such as example.com.
Hostname
The hostname part of the FQDN, such as ns.
Type
IPv4
IPv6
Address
Specify the IP address of the name server.
CNAME Record
Alias
An alias name to another true or canonical domain name (the target). For instance, www.example.com is an alias for example.com.
Target
The true or canonical domain name. For instance, example.com.
MX Record
Hostname
The hostname part of the FQDN for a mail exchange server, such as mail.
Priority
Preference given to this RR among others at the same owner. Lower values have greater priority.
Type
IPv4
IPv6
Address
Specify the IP address.