NS1’s DNS, DHCP, and IPAM metadata tagging and inheritance features power search and discovery at scale, control access, and delegate resources to your teams efficiently for management. You can use metadata tagging and inheritance to rapidly categorize your objects, creating hierarchies between them.
All tags consist of name-value pairs. Leaving the value empty in the portal interface still creates an empty string value (e.g.
""). Tag names with the prefix
auth: are referred to as authorization (“auth”) tags and power tag-based permissions. These special tags determine access controls to view or manage resources. When added to a team’s permissions auth tags bring role-based access controls (RBAC) to IPAM and DHCP. Because auth tags control access, managing them requires a user or API key with the
manage_auth_keys permission. Only users or API keys with this privilege can create or modify IPAM and DHCP tags that use the
DNS, DHCP, and IPAM each have object relationships defining “parent” and “child” for the purposes of inheritance and a hierarchy in a one-to-many (1:M) relationship. In DNS, the top-most objects, or ancestors, are zones. A zone can have many records as descendants. In DHCP, the top-most objects are scope groups. A scope group can have many scopes and reservations as descendants. In IPAM, networks are the top-level objects, and can have one or more subnets as children. Subnets can then have other subnets or pools as descendants.
When you apply a tag to a parent object, each child inherits those same tags. To modify inheritance, you can take any of the following steps:
- Remove tags at the top-most, parent object
- Suppress or “block” inherited tags using the
blocked_tagsarray (blocked tags appear with a strikethrough in the portal)
- Replace the tag’s value with one that is more specific to that child object (for example, an inherited tag-value pair of
"foo":"bar"can be replaced with
Adding tags in the portal
You can add tags to DNS, DHCP and IPAM objects in the portal:
- To add tags to DNS objects, click DNS in the top navbar and Management in the subnavigation. Select the zone or record by clicking or using the arrow keys to highlight the object on the list.
- Zone: Add tags on the right side of the screen, under the Records tab.
- Record: Add tags on the right side of the screen in the Tags tab.
- To add tags to IPAM objects, open the IPAM page, select the object by clicking or using the arrow keys to highlight the object on the page list.
- Network: Select the network from the list. On the right side of the screen, click the Metadata tab.
- Subnet: Select the subnet from the list. On the right hand side of the screen, click the Metadata tab.
- Pool: Select the subnet’s overflow menu to the right of the subnet list. Select Add or Remove Ranges. In the modal window, add tags to the new range and click Add a Range.
- To add tags to DHCP objects, open the DHCP page, then assign tags to scope groups, scopes, and reservations in the following ways:
- Scope group: Click the arrow next to the Scope Groups label, then select a scope group and edit the tags and permission tags on the right side of the screen in the Metadata tab.
- Scope: In a scope group, select a scope, then click the right arrow above the list of scopes. Add tags and permission tags on the right side of the screen in the Metadata tab.
- Reservation: Tags can be added to a reservation upon creation in the create a reservation modal window, or tags can be added to existing reservations by selecting them in the list of scopes and reservations and clicking the Metadata tab on the right side of the list.
You can also add tags to DNS, DHCP, and IPAM objects via the NS1 API.