Work with the F5 Secondary DNS Cloud Service¶
The Secondary DNS Cloud Service allows you to provision and configure secondary authoritative DNS services in moments. Access to DNS Cloud Service is available through a modern user interface (UI) in the portal or programmatically via a declarative API. This document shows how to use the UI to setup and configure the DNS Cloud Service. For more information on the API, see the API Guidelines document.
Configure the Secondary DNS Cloud Service¶
First, you must Subscribe to F5 Cloud Services.
Then, to configure the Secondary DNS Cloud Service, specify which zones to transfer to the F5 DNS Cloud Service. The DNS service uses Zone Transfer (AXFR) to retrieve DNS zones from your primary DNS server.
You can configure as many zones as needed. For any zone that is configured with TSIG, you must specify the existing TSIG key.
To ensure that zone transfers succeed, add the following IP addresses to your application’s allow list: whitelist
Deployment regions download:
DNS Deployment Regions
Use the Secondary DNS Cloud Service dashboard¶
Access the Secondary DNS Cloud Service dashboard by using the Secondary DNS tab in the Cloud Services navigation menu.
On this page, you can:
- Survey the overall health of your Secondary DNS Cloud Service configuration
- View the status of each zone in your Secondary DNS Cloud Service environment
- See how many zones you have created
- Click the zone name to View the details for that DNS zone
- Create and deploy a secondary DNS zone
Create and deploy a secondary DNS zone¶
Creating and deploying a secondary DNS zone with DNS Cloud Services is both fast and easy. You can watch the video below to see how it is done, or you can follow the six steps below to setup the a service for your zone.
Click the Secondary DNS tab in the Cloud Services navigation menu.
On the Secondary DNS tab, click the Create button.
On Create Secondary DNS Zone, specify your zone details:
- Zone Name
- The zone name can be any name you want, but it must be a unique zone name that isn’t already registered with the service for any other account.
- DNS Primary Server IP
- This is the DNS master server that is the primary source of zone information for your zone. The secondary zone will perform a zone transfer to get the zone information.
- Alternative IP (optional)
- If your zone has more than one primary DNS server, you may enter another IP address in the Alternative IP field. To enter additional primary DNS servers, press the + sign to the right of the field to create addition IP address fields. To remove primary servers, press the – sign next to the IP address you want to remove. To change to only a single primary server, remove all added fields by pressing their corresponding – sign and deleting the IP address in the remaining Alternative IP address field.
- Division (optional)
- The Division field allows you to specify a group that can make changes to this zone.
- Description (optional)
- The Description field allows you to enter more information about the zone you are creating. This could be a longer, more descriptive name, or it could be your internal nomenclature for the zone or server where it resides.
- Add Transaction Signature Key (TSIG) (optional)
- TSIG enables DNS Cloud Services to authenticate updates it receives from the primary DNS server. If your zone is configured with TSIG on your primary server, you must select the Add Transaction Signature Key (TSIG) and then provide the key information here in order for DNS Cloud Services to perform the required zone transfers.
After you complete the settings for the secondary zone, click Get Zone File to retrieve the zone file from your primary DNS server. Zone File displays the zone file.
If you are satisfied with the contents of the zone file, click Deploy. If you decide that there is a problem with the configuration or the zone file, click Back to make changes. After you click Deploy, your zone will be in Pending status until it is completely deployed, and the system displays the Anycast information associated with this zone. Use this information with your registrar or in your NS records.
When you’re finished, click Done.
The Secondary DNS dashboard shows the zone that you created in its list of zones. For more information about the DNS Cloud Service dashboard, see Use the Secondary DNS Cloud Service dashboard.
When you create a new DNS zone, you may get this error message:
Failed to get zone file: dns: bad xfr rcode: 5
This error means that we cannot pull the zone file from your primary DNS server. The possible causes of this issue include:
- The IP address for the primary DNS server is incorrect
- The primary DNS server needs a TSIG for zone transfers, and the TSIG is either missing or incorrect.
- An access control list (ACL) for the network or on the primary DNS server prevents DNS Cloud Service from communicating with the primary DNS server.
- Zone transfers are disabled on the primary DNS server.
- A firewall is preventing communications
View the details for a DNS zone¶
To view the details for a DNS zone, click Secondary DNS in the Cloud Services navigation menu to go to the DNS dashboard.
On the details page for the zone, you can view information about the zone, such as its status, its fully qualified domain name (FQDN), its IPv4 and IPv6 addresses, and its zone file. You also can change some details about the zone, such as its name and the IP address for its primary DNS server.