NS1 status

Articles in this section

See more

Editing zone settings

  • Updated
Follow

Follow the instructions below to edit the configuration settings for an existing primary or secondary zone.

Navigate to DNS > Zones in the portal and click the name of the zone you want to edit.

screenshot-foobar_zone_details.png

Click the Zone Settings tab to view configuration details.

Zone Settings page

The information on this page will vary depending on the type of zone. Refer to the relevant section below to learn more about editing primary vs. secondary zones.

Note

You cannot modify linked zones.

Editing primary zones

You can modify the following zone details for primary zones hosted on the NS1 platform:

  • DNS networks - Select or de-select the NS1 networks on which the zone should be published. If there are no zones selected, the zone remains unpublished.

  • Views - Add or remove DNS views with which to associate the zone. A DNS view — sometimes referred to as split-horizon or split-view DNS — is a configuration that allows you to respond to the same DNS query differently depending on the source of the query. Refer to this article to learn more about configuring DNS views.

    Note

    DNS views are not supported for zones published to NS1 Managed DNS networks.

  • Normal setup - This section includes basic settings for primary zones, including:

    • SOA TTL (seconds) - The time-to-live (TTL) of the zone’s start of authority (SOA) record. This value indicates the amount of time resolvers cache the SOA. Default is 3600 seconds (i.e., 1 hour).

    • Refresh (seconds) - The amount of time between each attempt by the secondary DNS servers to refresh the primary zone file. Default is 43200 seconds (i.e., 12 hours).

    • Retry (seconds) - If the secondary server's attempt to refresh the primary zone file fails, this is the amount of time before the secondary server attempts the refresh again. Default is 7200 seconds (i.e., 2 hours). The secondary server will continue to try refresh at this interval until the zone has refreshed successfully or until reaching the expiry time.

    • Expire (seconds) - If refresh and retry attempts fail repeatedly, this is the amount of time after which the primary server should be considered “down” and no longer the authoritative. Default is 1209600 seconds (i.e., 14 days).

    • NX TTL (seconds) - If the DNS query results in an NXDOMAIN error or EBOT/NODATA response, this value indicates the amount of time the “negative” answer is cached. Default is 3600 seconds (i.e., 1 hour).

    • MNAME - The domain name of the nameserver that is the original or primary source of data for this zone.

    • RNAME - The email address of the administrator responsible for this zone.

  • DNSSEC - Optionally, you can select the checkbox to enable DNSSEC for the primary zone. Refer to this article for details.

Editing secondary zones

You can modify the following zone details for secondary zones hosted on the NS1 platform:

  • Change to primary - If necessary, you can convert the secondary zone to a primary zone by clicking Change to primary. A modal appears for you to adjust the general settings as needed and (optionally) enable DNSSEC on the new primary zone. Once complete, click Confirm zone change to primary. Note that you will also need to modify the zone configuration at your registrar. Refer to Configuring NS1 as your primary DNS provider for details.

    screenshot-convert_secondary_to_primary.png

  • DNS networks - Select or de-select the NS1 networks on which the zone should be published. If there are no zones selected, the zone remains unpublished.

    Warning

    If you modify the DNS network(s) on which the zone is published, you must update the nameservers at the domain registrar to complete the configuration. If you are undergoing a DNS migration to NS1 from a previous provider or if you are migrating resources between NS1 services, adhere to the guidance provided by the NS1 team before updating the registrar.

  • Views - Add or remove DNS views with which to associate the zone. A DNS view — sometimes referred to as split-horizon or split-view DNS — is a configuration that allows you to respond to the same DNS query differently depending on the source of the query.

    Note

    DNS views are not supported for zones published to Managed DNS networks.

  • IP settings - In this section, you can adjust the IP address corresponding to the primary DNS server. Additionally, you can modify the port on which the primary server receives incoming AXFR queries from NS1 and the network from which the AXFR query will originate. Note that the network selected here must match a network to which the NS1 zone is published for the zone transfer request to succeed.

  • Additional IPs - Similar to above, this section allows you to specify multiple IPs corresponding to other additional primary servers to which this zone is secondary. NS1 will balance AXFR queries among all servers and retry failed queries with one of the other primary servers. You must also specify the inbound port configured on the primary and network from which the AXFR query will originate for each.

  • TSIG - Optionally, you can enable TSIG authentication for incoming zone transfers from the primary servers to NS1. If enabled, you must enter the following details:

    • TSIG hash - Indicates the cryptographic algorithm used to generate the TSIG key.

    • TSIG key name - Name of the TSIG key used in domain name syntax.

    • TSIG key value - The base64 string encoding the shared key secret.

Note that some changes you make here might also need to be reflected on the primary DNS server and registrar. For more information, refer to Configuring NS1 as a secondary DNS provider.

Related articles