List of published manuals

List of manuals for contractors

IIJ DNS Platform Service Manual

Examples

This page introduces some examples of operations in which the Managed DNS Service and your DNS servers (BIND, NSD, etc.) are linked.

Examples of Primary Server Settings

The following examples use your server as the primary name server and a Managed DNS Server as a secondary name server. Settings that are not directly related to the use of this service are omitted. Configure the settings according to your environment.

Refer to "Operating a Managed DNS Server as a Secondary Name Server" for more information on settings on the side of this service.

In the case of BIND
// TSIG key
// Paste the contents displayed in Dashboard → Service Management → TSIG Key Management → Examples
// Not required unless TSIG is used
key "xxx.xxxx.d-53.net." {
    algorithm hmac-sha256;
    secret "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=";
};

// NOTIFY send destination
// Delete the "Key name" when TSIG is not used
masters dpf-notify {
    210.130.1.35 key xxx.xxxx.d-53.net.;
    210.130.1.43 key xxx.xxxx.d-53.net.;
    210.130.1.48 key xxx.xxxx.d-53.net.;
    2001:240:bb81::2:35 key xxx.xxxx.d-53.net.;
    2001:240:bb81::2:43 key xxx.xxxx.d-53.net.;
    2001:240:bb81::2:48 key xxx.xxxx.d-53.net.;
};

// Set access permission from the DNS Platform Service side
// When TSIG is used; Reference https://kb.isc.org/docs/aa-00723
acl dpf {
    ! { ! { 210.130.1.32/27; 2001:240:bb81::2:0/112; }; any; };
    key xxx.xxxx.d-53.net.;
};
// When TSIG is not used
//acl dpf {
//    210.130.1.32/27; 2001:240:bb81::2:0/112;
//};

// Repeat as many times as the number of zones shown below
zone "example.jp" {
    type master;
    file "example.jp.zone";
    // NOTIFY
    notify explicit;
    also-notify { dpf-notify; };
    // Zone transfer
    allow-transfer { dpf; };
};
In the case of NSD
# TSIG key
# Paste the contents displayed in Dashboard → Service Management → TSIG Key Management → Examples
# Not required unless TSIG is used
key: 
        name: "xxx.xxxx.d-53.net."
        algorithm: sha256
        secret: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx="

# Zone setting template
# When TSIG is not used, replace the key name with "NOKEY"
pattern: 
        name: "dpf-primary"
        zonefile: "%s.zone"
        # NOTIFY send destination
        notify: 210.130.1.35 xxx.xxxx.d-53.net.
        notify: 210.130.1.43 xxx.xxxx.d-53.net.
        notify: 210.130.1.48 xxx.xxxx.d-53.net.
        notify: 2001:240:bb81::2:35 xxx.xxxx.d-53.net.
        notify: 2001:240:bb81::2:43 xxx.xxxx.d-53.net.
        notify: 2001:240:bb81::2:48 xxx.xxxx.d-53.net.
        # Zone transfer permission
        provide-xfr: 210.130.1.32/27 xxx.xxxx.d-53.net.
        provide-xfr: 2001:240:bb81::2:0/112 xxx.xxxx.d-53.net.

# Repeat as many times as the number of zones shown below
zone: 
        name: "example.jp"
        include-pattern: "dpf-primary"
In the case of Knot
# TSIG key
# Paste the contents displayed in Dashboard → Service Management → TSIG Key Management → Examples
# Not required unless TSIG is used
key: 
  - id: xxx.xxxx.d-53.net.
    algorithm: hmac-sha256
    secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=

# NOTIFY send destination
remote: 
  - id: dpf-notify
    address: [ 210.130.1.35, 210.130.1.43, 210.130.1.48 ]
    address: [ 2001:240:bb81::2:35, 2001:240:bb81::2:43, 2001:240:bb81::2:48 ]
    key: xxx.xxxx.d-53.net.     # Not required unless TSIG is used

# Zone transfer permission
acl: 
  - id: dpf-transfer
    address: 210.130.1.32/27
    address: 2001:240:bb81::2:0/112
    key: xxx.xxxx.d-53.net.     # Not required unless TSIG is used
    action: transfer

# Zone setting template
template: 
  - id: dpf-primary
    notify: dpf-notify
    acl: dpf-transfer

# Repeat as many times as the number of zones shown below
zone: 
  - domain: example.jp
    template: dpf-primary
Examples of Secondary Server Settings

The following examples use a Managed DNS Server as the primary name server and your server as a secondary name server. Settings that are not directly related to the use of this service are omitted. Configure the settings according to your environment.

Refer to "Operating a Managed DNS Server as the Primary Name Server" for more information on settings on the side of this service.

In the case of BIND
// TSIG key
// Paste the contents displayed in Dashboard → Service Management → TSIG Key Management → Examples
// Not required unless TSIG is used
key "xxx.xxxx.d-53.net." {
    algorithm hmac-sha256;
    secret "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=";
};

// Primary server setting
// Delete the "Key name" when TSIG is not used
masters dpf-primary {
    210.130.1.36 key xxx.xxxx.d-53.net.;
    210.130.1.44 key xxx.xxxx.d-53.net.;
    210.130.1.49 key xxx.xxxx.d-53.net.;
    2001:240:bb81::2:36 key xxx.xxxx.d-53.net.;
    2001:240:bb81::2:44 key xxx.xxxx.d-53.net.;
    2001:240:bb81::2:49 key xxx.xxxx.d-53.net.;
};

// Set access permission from the DNS Platform Service side
// When TSIG is used; Reference https://kb.isc.org/docs/aa-00723
acl dpf {
    ! { ! { 210.130.1.32/27; 2001:240:bb81::2:0/112; }; any; };
    key xxx.xxxx.d-53.net.;
};
// When TSIG is not used
//acl dpf {
//    210.130.1.32/27; 2001:240:bb81::2:0/112;
//};

// Repeat as many times as the number of zones shown below
zone "example.jp" {
    type slave;
    file "example.jp.zone";
    // Primary server setting
    masters { dpf-primary; };
    // NOTIFY permission
    allow-notify { dpf; };
};
In the case of NSD
# TSIG key
# Paste the contents displayed in Dashboard → Service Management → TSIG Key Management → Examples
# Not required unless TSIG is used
key: 
        name: "xxx.xxxx.d-53.net."
        algorithm: sha256
        secret: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx="

# Zone setting template
# When TSIG is not used, replace the key name with "NOKEY"
pattern: 
        name: "dpf-secondary"
        zonefile: "%s.zone"
        # Primary server setting
        request-xfr: 210.130.1.36 xxx.xxxx.d-53.net.
        request-xfr: 210.130.1.44 xxx.xxxx.d-53.net.
        request-xfr: 210.130.1.49 xxx.xxxx.d-53.net.
        request-xfr: 2001:240:bb81::2:36 xxx.xxxx.d-53.net.
        request-xfr: 2001:240:bb81::2:44 xxx.xxxx.d-53.net.
        request-xfr: 2001:240:bb81::2:49 xxx.xxxx.d-53.net.
        # NOTIFY permission
        allow-notify: 210.130.1.32/27 xxx.xxxx.d-53.net.
        allow-notify: 2001:240:bb81::2:0/112 xxx.xxxx.d-53.net.

# Repeat as many times as the number of zones shown below
zone: 
        name: "example.jp"
        include-pattern: "dpf-secondary"
In the case of Knot
# TSIG key
# Paste the contents displayed in Dashboard → Service Management → TSIG Key Management → Examples
# Not required unless TSIG is used
key: 
  - id: xxx.xxxx.d-53.net.
    algorithm: hmac-sha256
    secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=

# Primary server setting
remote: 
  - id: dpf-primary
    address: [ 210.130.1.36, 210.130.1.44, 210.130.1.49 ]
    address: [ 2001:240:bb81::2:36, 2001:240:bb81::2:44, 2001:240:bb81::2:49 ]
    key: xxx.xxxx.d-53.net.     # Not required unless TSIG is used

# NOTIFY permission
acl: 
  - id: dpf-notify
    address: 210.130.1.32/27
    address: 2001:240:bb81::2:0/112
    key: xxx.xxxx.d-53.net.     # Not required unless TSIG is used
    action: notify

# Zone setting template
template: 
  - id: dpf-secondary
    master: dpf-primary
    acl: dpf-notify

# Repeat as many times as the number of zones shown below
zone: 
  - domain: example.jp
    template: dpf-secondary