This page introduces some examples of operations in which the Managed DNS Service and your DNS servers (BIND, NSD, etc.) are linked.
Examples of Primary Server Settings
The following examples use your server as the primary name server and a Managed DNS Server as a secondary name server. Settings that are not directly related to the use of this service are omitted. Configure the settings according to your environment.
Refer to "Operating a Managed DNS Server as a Secondary Name Server" for more information on settings on the side of this service.
In the case of BIND
// TSIG key |
// Paste the contents displayed in Dashboard → Service Management → TSIG Key Management → Examples |
// Not required unless TSIG is used |
key "xxx.xxxx.d-53.net." { |
algorithm hmac-sha256; |
secret "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx="; |
}; |
|
// NOTIFY send destination |
// Delete the "Key name" when TSIG is not used |
masters dpf-notify { |
210.130.1.35 key xxx.xxxx.d-53.net.; |
210.130.1.43 key xxx.xxxx.d-53.net.; |
210.130.1.48 key xxx.xxxx.d-53.net.; |
2001:240:bb81::2:35 key xxx.xxxx.d-53.net.; |
2001:240:bb81::2:43 key xxx.xxxx.d-53.net.; |
2001:240:bb81::2:48 key xxx.xxxx.d-53.net.; |
}; |
|
// Set access permission from the DNS Platform Service side |
// When TSIG is used; Reference https://kb.isc.org/docs/aa-00723 |
acl dpf { |
! { ! { 210.130.1.32/27; 2001:240:bb81::2:0/112; }; any; }; |
key xxx.xxxx.d-53.net.; |
}; |
// When TSIG is not used |
//acl dpf { |
// 210.130.1.32/27; 2001:240:bb81::2:0/112; |
//}; |
|
// Repeat as many times as the number of zones shown below |
zone "example.jp" { |
type master; |
file "example.jp.zone"; |
// NOTIFY |
notify explicit; |
also-notify { dpf-notify; }; |
// Zone transfer |
allow-transfer { dpf; }; |
}; |
In the case of NSD
# TSIG key |
# Paste the contents displayed in Dashboard → Service Management → TSIG Key Management → Examples |
# Not required unless TSIG is used |
key: |
name: "xxx.xxxx.d-53.net." |
algorithm: sha256 |
secret: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=" |
|
# Zone setting template |
# When TSIG is not used, replace the key name with "NOKEY" |
pattern: |
name: "dpf-primary" |
zonefile: "%s.zone" |
# NOTIFY send destination |
notify: 210.130.1.35 xxx.xxxx.d-53.net. |
notify: 210.130.1.43 xxx.xxxx.d-53.net. |
notify: 210.130.1.48 xxx.xxxx.d-53.net. |
notify: 2001:240:bb81::2:35 xxx.xxxx.d-53.net. |
notify: 2001:240:bb81::2:43 xxx.xxxx.d-53.net. |
notify: 2001:240:bb81::2:48 xxx.xxxx.d-53.net. |
# Zone transfer permission |
provide-xfr: 210.130.1.32/27 xxx.xxxx.d-53.net. |
provide-xfr: 2001:240:bb81::2:0/112 xxx.xxxx.d-53.net. |
|
# Repeat as many times as the number of zones shown below |
zone: |
name: "example.jp" |
include-pattern: "dpf-primary" |
In the case of Knot
# TSIG key |
# Paste the contents displayed in Dashboard → Service Management → TSIG Key Management → Examples |
# Not required unless TSIG is used |
key: |
- id: xxx.xxxx.d-53.net. |
algorithm: hmac-sha256 |
secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= |
|
# NOTIFY send destination |
remote: |
- id: dpf-notify |
address: [ 210.130.1.35, 210.130.1.43, 210.130.1.48 ] |
address: [ 2001:240:bb81::2:35, 2001:240:bb81::2:43, 2001:240:bb81::2:48 ] |
key: xxx.xxxx.d-53.net. # Not required unless TSIG is used |
|
# Zone transfer permission |
acl: |
- id: dpf-transfer |
address: 210.130.1.32/27 |
address: 2001:240:bb81::2:0/112 |
key: xxx.xxxx.d-53.net. # Not required unless TSIG is used |
action: transfer |
|
# Zone setting template |
template: |
- id: dpf-primary |
notify: dpf-notify |
acl: dpf-transfer |
|
# Repeat as many times as the number of zones shown below |
zone: |
- domain: example.jp |
template: dpf-primary |
Examples of Secondary Server Settings
The following examples use a Managed DNS Server as the primary name server and your server as a secondary name server. Settings that are not directly related to the use of this service are omitted. Configure the settings according to your environment.
Refer to "Operating a Managed DNS Server as the Primary Name Server" for more information on settings on the side of this service.
In the case of BIND
// TSIG key |
// Paste the contents displayed in Dashboard → Service Management → TSIG Key Management → Examples |
// Not required unless TSIG is used |
key "xxx.xxxx.d-53.net." { |
algorithm hmac-sha256; |
secret "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx="; |
}; |
|
// Primary server setting |
// Delete the "Key name" when TSIG is not used |
masters dpf-primary { |
210.130.1.36 key xxx.xxxx.d-53.net.; |
210.130.1.44 key xxx.xxxx.d-53.net.; |
210.130.1.49 key xxx.xxxx.d-53.net.; |
2001:240:bb81::2:36 key xxx.xxxx.d-53.net.; |
2001:240:bb81::2:44 key xxx.xxxx.d-53.net.; |
2001:240:bb81::2:49 key xxx.xxxx.d-53.net.; |
}; |
|
// Set access permission from the DNS Platform Service side |
// When TSIG is used; Reference https://kb.isc.org/docs/aa-00723 |
acl dpf { |
! { ! { 210.130.1.32/27; 2001:240:bb81::2:0/112; }; any; }; |
key xxx.xxxx.d-53.net.; |
}; |
// When TSIG is not used |
//acl dpf { |
// 210.130.1.32/27; 2001:240:bb81::2:0/112; |
//}; |
|
// Repeat as many times as the number of zones shown below |
zone "example.jp" { |
type slave; |
file "example.jp.zone"; |
// Primary server setting |
masters { dpf-primary; }; |
// NOTIFY permission |
allow-notify { dpf; }; |
}; |
In the case of NSD
# TSIG key |
# Paste the contents displayed in Dashboard → Service Management → TSIG Key Management → Examples |
# Not required unless TSIG is used |
key: |
name: "xxx.xxxx.d-53.net." |
algorithm: sha256 |
secret: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=" |
|
# Zone setting template |
# When TSIG is not used, replace the key name with "NOKEY" |
pattern: |
name: "dpf-secondary" |
zonefile: "%s.zone" |
# Primary server setting |
request-xfr: 210.130.1.36 xxx.xxxx.d-53.net. |
request-xfr: 210.130.1.44 xxx.xxxx.d-53.net. |
request-xfr: 210.130.1.49 xxx.xxxx.d-53.net. |
request-xfr: 2001:240:bb81::2:36 xxx.xxxx.d-53.net. |
request-xfr: 2001:240:bb81::2:44 xxx.xxxx.d-53.net. |
request-xfr: 2001:240:bb81::2:49 xxx.xxxx.d-53.net. |
# NOTIFY permission |
allow-notify: 210.130.1.32/27 xxx.xxxx.d-53.net. |
allow-notify: 2001:240:bb81::2:0/112 xxx.xxxx.d-53.net. |
|
# Repeat as many times as the number of zones shown below |
zone: |
name: "example.jp" |
include-pattern: "dpf-secondary" |
In the case of Knot
# TSIG key |
# Paste the contents displayed in Dashboard → Service Management → TSIG Key Management → Examples |
# Not required unless TSIG is used |
key: |
- id: xxx.xxxx.d-53.net. |
algorithm: hmac-sha256 |
secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= |
|
# Primary server setting |
remote: |
- id: dpf-primary |
address: [ 210.130.1.36, 210.130.1.44, 210.130.1.49 ] |
address: [ 2001:240:bb81::2:36, 2001:240:bb81::2:44, 2001:240:bb81::2:49 ] |
key: xxx.xxxx.d-53.net. # Not required unless TSIG is used |
|
# NOTIFY permission |
acl: |
- id: dpf-notify |
address: 210.130.1.32/27 |
address: 2001:240:bb81::2:0/112 |
key: xxx.xxxx.d-53.net. # Not required unless TSIG is used |
action: notify |
|
# Zone setting template |
template: |
- id: dpf-secondary |
master: dpf-primary |
acl: dpf-notify |
|
# Repeat as many times as the number of zones shown below |
zone: |
- domain: example.jp |
template: dpf-secondary |