Internet Performance Delivered right to your inbox

Customer Tip: How To Manage DNS Zones Effectively

Did you know that your DNS zone can be more than a simple collection of records to your web server for sending/receiving mail or to remotely access your host?

Here at Oracle Dyn we offer the ability to create a variety of zones, many of which may not come to mind when you think of a DNS zone. For many, your zone is just your domain with records to direct users to your web host or server, manage email routing, and, maybe, balance and direct your web traffic appropriately. But did you know that your Managed DNS service can also create zones to manage your own reverse DNS, create independent Child zones or to add the extra protection of Secondary DNS?

A reverse DNS zone is a common and critical part of DNS infrastructure.  It allows you to perform various functions, the most common of which is reverse lookups required by mail providers to match up the IP address they receive the mail from to the hostname associated with it.  Here’s an example:

<<>> DiG 9.8.3-P1 <<>> -x 216.146.33.201
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6444
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 7

;; QUESTION SECTION:
;201.33.146.216.in-addr.arpa. IN PTR

;; ANSWER SECTION:
201.33.146.216.in-addr.arpa. 86400 IN PTR mtaout-201-ewr.sendlabs.com.

; <<>> DiG 9.8.3-P1 <<>> 201.33.146.216.in-addr.arpa. PTR
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64507
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 7

;; QUESTION SECTION:
;201.33.146.216.in-addr.arpa. IN PTR

;; ANSWER SECTION:
201.33.146.216.in-addr.arpa. 85526 IN PTR mtaout-201-ewr.sendlabs.com.

Additionally, while most internet providers do not allow their users to control their own PTR records and instead will host them on your behalf, some providers may allow delegation to a third party.  You can find out by simply contacting them.  Some benefits to controlling your own include: easily managing your PTR records through your online portal, controlling your TTL values, being able to manage the records for  your reverse DNS zone within the same portal as your records for your sending domain, and the Dyn’s world class technical support to answer all your reverse DNS needs.

Secondary DNS is another kind of zone which has become a topic of the day due to the increase in awareness around DDoS attacks and DNS resiliency. A secondary zone, if properly configured, should require no manual intervention after set up; and your zone file will automatically copy from your primary provider’s nameservers whenever there is a recorded change. Have questions about Secondary DNS?  Just ask!  We are Secondary DNS experts, and are more than happy to assist you with the configuration as your primary or secondary provider to ensure a successful implementation!

And lastly, I want to highlight: the child zone. This zone type is probably the most infrequently used of the mentioned zone types, but can often be just as important. A child zone is used to host your records for a specific subdomain (and the subdomains below it) on a separate/unique zone. This child zone can then be delegated to another provider, or sit as a unique zone within your account.  A child zone within your account can even be used to allow a specific set of users access to this subdomain through directed permissions. We are more than happy to assist within your Dyn account and our Technical Support team is always available for configuration and migration assistance!

So, now that you know what they are, you might be asking: “Hey, how do I create all these amazing zones?!?!”  Look no further.  We love our customers; and because we do, we provide you with a plethora of options to not only create your zone, but also to transfer/migrate your records from another DNS provider.

First let’s talk about creating the zone manually:

Creating your zone manually is a great option for a small zone whether migrating from your current DNS provider, or creating a brand new zone for the first time. This can be done by either using our UI, or our API. When using the UI from our Managed DNS portal, you will see our intuitive interface below. From here you’ll want to click the “Create Zone” button.

After you click this button it will bring you to “Creating a new zone” within our portal. You’ll see many different tabs, and I will review them all, but we’ll continue with creating the zone manually for now. The most important fields you’re going to want to fill out here are your “Zone Name” and “Mailbox” fields as the remainder are largely standard unless you have specific adjustments you would like to make.

After you have completed the above and click the “Create Zone” button, you are able to begin managing all the records for your zone.

Let’s review doing this same thing using our API!  The API is a great resource to string together multiple changes, and accomplish tasks more quickly, than you could using our UI.  Now, the API can be intimidating to many people, but we pride ourselves on the ability to provide our customers with as much guidance and assistance as possible while utilizing our API. This specific task can be accomplished by using a few API calls, and I will include the help guides necessary below.

Rest API Getting Started Guide: https://help.dyn.com/rest/

Create a Zone: https://help.dyn.com/create-primary-zone-api/

Now let’s review a few options we offer to transfer your zone from a current DNS provider to Dyn.

First let’s discuss the Zone File. The Zone File contains all of the records and configurations that you have with your current provider. If you are able to download your Zone File in BIND or Tinydns format, you can simply upload, or copy and paste the file into your Managed DNS portal, and your account will automatically create the records (and zone) for you!

Below you can see where to paste a zone file:

And you can see how to upload your Zone File from a file below:

You are also able to upload a zone file to your Managed DNS account by using the API call referenced in our help guide below.

https://help.dyn.com/upload-zone-file-api/

Now let’s talk about creating your zone using a zone transfer. The first step is to configure your current DNS provider to allow a zone transfer. This is very similar to configuring Dyn as your secondary DNS provider. You can view our great help guide on this from our documentation team below.

https://help.dyn.com/configure-provider-for-zone-transfer/

After you have this configured, you are able to initiate the transfer from our portal. To do this you will require the Master Server IP address of your current DNS provider, but it should not be hard to find as long as your current provider supports AXFR and IXFR transfers. You can view what this page looks like below:

In addition to the above, if you already have Standard DNS and you’re looking to migrate to Dyn Managed DNS, we have a tool built just for you. Simply click the “Migrate” tab, enter the zone, username, and password for your Standard DNS account and your zone file will be automatically migrated. You can see this in the screenshot below:

Don’t forget to Delegate!

It is important to remember that adding your zone to Dyn will not change your nameservers at your registrar. Your service will not yet be active until your registrar is pointed to the nameservers within your account. This offers you a phenomenal sandbox environment to ensure your records are proper and valid before moving your traffic to the new records. Once you are ready for your zone to go live, you then simply need to delegate to your Dyn nameservers at your registrar. Once delegation is complete, Dyn will be the new home of your zone!

So we have created a zone many different ways, by now you’re an expert, but that’s just the beginning!

Let’s create a Secondary DNS zone

This configuration is used to make Dyn your secondary DNS provider, or configure a hidden primary DNS configuration. Using Dyn as a secondary provider requires that your current primary DNS provider supports AXFR and IXFR transfer. These transfers allow your zone file to flow seamlessly between your DNS providers, to ensure consistent records and prevent downtime. As a prerequisite to enabling secondary DNS you should set your Primary DNS provider to accept and send notifies, as well as accept transfers from the following IP addresses: 204.13.249.65, 208.78.68.65, 2600:2001:0:1::65, 2600:2003:0:1::65. Once completed, you’re ready to create a secondary zone! Simply click the Secondary DNS tab on our “Create Zone” page, and have the Master Server IP of your Primary DNS provider available. Please refer to the below screenshot for a visual on the layout of this section of the portal:

In addition to manually creating the Secondary DNS zone as shown above, we also have an available API call that will enable you to create a zone as well! You can view our help guide on this call below.

https://help.dyn.com/create-secondary-zone-api/

So we’ve reviewed an overview on the different kinds of zones and how to create them. We’ve touched upon the API and delegating your zone. We have simply scratched the surface on the features available to you, and we haven’t gone in depth about the how and why behind DNS. At Oracle Dyn, we are passionate about DNS, and passionate about your success. Our goal as a Technical Support team is to be available when you need us. We have an incredible team, and we want to be there for you from the first zone you create, to the millionth. Come over to  Oracle Dyn, request a demo and give us a call, we would love to speak with you and talk more in depth about any topic I’ve covered here today and the thousands that I haven’t.


Share Now

Whois: Ryan Firth

Ryan Firth is Technical Support Analyst at Oracle Dyn, a cloud-based Internet Performance company that helps companies monitor, control, and optimize online infrastructure for an exceptional end-user experience.