ADC

Configure a DNS zone

A DNS zone entity on the Citrix ADC appliance facilitates the ownership of a domain on the appliance. A zone on the appliance also enables you to implement DNS Security Extensions (DNSSEC) for the zone, or to offload the zone’s DNSSEC operations from the DNS servers to the appliance. DNSSEC sign operations are performed on all the resource records in a DNS zone. Therefore, if you want to sign a zone, or if you want to offload DNSSEC operations for a zone, you must first create the zone on the Citrix ADC appliance.

You must create a DNS zone on the appliance in the following scenarios:

  • The Citrix ADC appliance owns all the records in a zone, that is, the appliance is operating as the authoritative DNS server for the zone. The zone must be created with the proxyMode parameter set to NO.
  • The Citrix ADC appliance owns only a subset of the records in a zone, and all the other resource records in the zone are hosted on a set of back-end name servers for which the appliance is configured as a DNS proxy server. A typical configuration where the Citrix ADC appliance owns only a subset of the resource records in the zone is a global server load balancing (GSLB) configuration. Only the GSLB domain names are owned by the Citrix ADC appliance, while all the other records are owned by the back-end name servers. The zone must be created with the proxyMode parameter set to YES.
  • You want to offload DNSSEC operations for a zone from your authoritative DNS servers to the appliance. The zone must be created with the proxyMode parameter set to YES. You might need to configure additional settings for the zone.

The current topic describes how to create a zone for the first two scenarios. For more information about how to configure a zone for offloading DNSSEC operations to the appliance, see Offload DNSSEC operations to the Citrix ADC appliance.

Note

 If the Citrix ADC is operating as the authoritative DNS server for a zone, you must create Start of Authority (SOA) and name server (NS) records for the zone before you create the zone. If the Citrix ADC is operating as the DNS proxy server for a zone, SOA and NS records must not be created on the Citrix ADC appliance. For more information about creating SOA and NS records, see Configure DNS resource records.

When you create a zone, all existing domain names and resource records that end with the name of the zone are automatically treated as a part of the zone. Additionally, any new resource records created with a suffix that matches the name of the zone are implicitly included in the zone.

Create a DNS zone on the Citrix ADC appliance by using the CLI

At the command prompt, type the following command to add a DNS zone to the Citrix ADC appliance and verify the configuration:

-  add dns zone <zoneName> -proxyMode ( YES | NO )
-  show dns zone [<zoneName> | -type <type>]
<!--NeedCopy-->

Example:

> add dns zone example.com -proxyMode Yes
 Done
> show dns zone example.com
         Zone Name : example.com
         Proxy Mode : YES
Done
<!--NeedCopy-->

Modify or remove a DNS zone by using the CLI

  • To modify a DNS zone, type the set dns zone command, the name of the DNS zone, and the parameters to be changed, with their new values.
  • To remove a DNS zone, type the rm dns zone command and the name of the dns zone.

Configure a DNS zone by using the GUI

Navigate to Traffic Management > DNS > Zones and create a DNS zone.

Configure a DNS zone