Settings | Guidelines |
Name | Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference the name in the global DNS policy configuration. After you initially save the configuration, you cannot edit the name. |
Type | • Master—The configuration contains the “master” copy of data for the zone and is the authoritative server for it. • Forward—The configuration allows you to apply DNS forwarding on a per-domain basis, overriding the forwarding settings in the “general” configuration. • FQDN Generate—The zone and its resource record is generated from the global load balancing framework. |
Domain Name | The domain name must end with a period. For example: example.com. |
Forward Options | |
Forward | • First—The DNS server queries the forwarder before doing its own DNS lookup. • Only—Only query the forwarder. Do not perform a DNS lookup. Note: The internal server caches the results it learns from the forwarders, which optimizes subsequent lookups. |
Forwarders | Select a remote server configuration object. |
Master Options | |
DNSSEC | Enable/disable DNSSEC. |
DNSSEC Algorithm | Only RSASHA1 is supported. |
TTL | The $TTL directive at the top of the zone file (before the SOA) gives a default TTL for every RR without a specific TTL set. The default is 86,400. The valid range is 0 to 2,147,483,647. |
Responsible Mail | Username of the person responsible for this zone, such as root. |
Primary Server Name | Sets the server name in the SOA record. |
Primary Server Address | The IP address of the primary server. |
Negative TTL | The last field in the SOA—the negative caching TTL. This informs other servers how long to cache no-such-domain (NXDOMAIN) responses from you. The default is 3600 seconds. The valid range is 0 to 2,147,483,647. |
KSK Filename | It is generated by the system if DNSSEC is enabled for the zone. To regenerate the KSK, disable DNSSEC and then re-enable DNSSEC. |
KSK | Type characters for a string key. The file is generated by the system if DNSSEC is enabled for the zone. |
ZSK Filename | It is generated by the system if DNSSEC is enabled for the zone. To regenerate the ZSK, disable DNSSEC and then re-enable DNSSEC. |
ZSK | Type characters for a string key. The file is generated by the system if DNSSEC is enabled for the zone. |
DSSET Filename | The file is generated by the system if DNSSEC is enabled for the zone. The file generated by the zone configuration editor is the one you give to any parent zone or the registrar of your domain. The convention is dsset-<domain>, for example dsset-example.com. |
DSSET | It is generated by the system if DNSSEC is enabled for the zone. |
DSSET List | Select a DSSET configuration object. See “Configuring the DSSET list”. |
A or AAAA Record | |
Hostname | The hostname part of the FQDN, such as www. |
Type | • IPv4 • IPv6 |
Weight | Assigns relative preference among members—higher values are more preferred and are assigned connections more frequently. The default is 1. The valid range is 1-255. |
Address | Specify the IP address of the virtual server. |
Method | Weighted Round Robin is the only method supported. |
NS Record | |
Domain Name | The domain for which the name server has authoritative answers, such as example.com. |
Hostname | The hostname part of the FQDN, such as ns. |
Type | • IPv4 • IPv6 |
Address | Specify the IP address of the name server. |
CNAME Record | |
Alias | An alias name to another true or canonical domain name (the target). For instance, www.example.com is an alias for example.com. |
Target | The true or canonical domain name. For instance, example.com. |
MX Record | |
Hostname | The hostname part of the FQDN for a mail exchange server, such as mail. |
Priority | Preference given to this RR among others at the same owner. Lower values have greater priority. |
Type | • IPv4 • IPv6 |
Address | Specify the IP address. |