Editing zone settings

You can edit the configuration settings for an existing primary or secondary zone.

  1. Click DNS > Zones.
  2. Click the name of the zone you want to edit.
  3. Click the Zone Settings tab.

Editing primary zones

The information on this page varies depending on the type of zone. Refer to the relevant section to learn more about editing primary and secondary zones.
Note: You cannot modify linked zones.

You can modify the following zone details for primary zones hosted on IBM® NS1 Connect®:

DNS networks
Select or clear the NS1 Connect networks on which the zone should be published. If there are no zones selected, the zone remains unpublished.
Views

Add or remove DNS views with which to associate the zone. A DNS view is sometimes referred to as split-horizon or split-view DNS and it is a configuration that allows you to respond to the same DNS query differently depending on the source of the query.

Note: DNS views are not supported for zones published to NS1 Connect Managed DNS networks.
Normal setup
This section includes basic settings for primary zones, including:
SOA TTL
(seconds) - The time-to-live (TTL) of the zone’s start of authority (SOA) record. This value indicates the amount of time resolvers cache the SOA. Default is 3600 seconds (that is, 1 hour).
Refresh
(seconds) - The amount of time between each attempt by the secondary DNS servers to refresh the primary zone file. Default is 43200 seconds (that is, 12 hours).
Retry
(seconds) - If the secondary server's attempt to refresh the primary zone file fails, this is the amount of time before the secondary server attempts the refresh again. Default is 7200 seconds (that is, 2 hours). The secondary server will continue to try refresh at this interval until the zone has refreshed successfully or until reaching the expiry time.
Expire
(seconds) - If refresh and retry attempts fail repeatedly, this is the amount of time after which the primary server should be considered down and no longer the authoritative. Default is 1209600 seconds (that is, 14 days).
NX TTL
(seconds) - If the DNS query results in an NXDOMAIN error or EBOT/NODATA response, this value indicates the amount of time the negative answer is cached. Default is 3600 seconds (that is, 1 hour).
MNAME
The domain name of the nameserver that is the original or primary source of data for this zone.
RNAME
The email address of the administrator responsible for this zone.
DNSSEC
Optionally, you can select the checkbox to enable DNSSEC for the primary zone. Refer to this topic for details.

Editing secondary zones

You can modify the following zone details for secondary zones hosted on NS1 Connect:

Change to primary

If necessary, you can convert the secondary zone to a primary zone by clicking Change to primary. A modal appears for you to adjust the general settings as needed and (optionally) enable DNSSEC on the new primary zone. When complete, click Confirm zone change to primary. Note that you also need to modify the zone configuration at your registrar. Refer to Configuring NS1 Connect as a primary DNS provider for details.

DNS networks

Select or clear the NS1 Connect networks on which the zone should be published. If there are no zones selected, the zone remains unpublished.

Attention: If you modify the DNS network(s) on which the zone is published, you must update the nameservers at the domain registrar to complete the configuration. If you are undergoing a DNS migration to NS1 Connect from a previous provider or if you are migrating resources between NS1 Connect services, adhere to the guidance provided by IBM support before updating the registrar.
Views

Add or remove DNS views with which to associate the zone. A DNS view is sometimes referred to as split-horizon or split-view DNS and it is a configuration that allows you to respond to the same DNS query differently depending on the source of the query.

Note: DNS views are not supported for zones published to Managed DNS networks.
IP settings
In this section, you can adjust the IP address corresponding to the primary DNS server. Additionally, you can modify the port on which the primary server receives incoming AXFR queries from NS1 Connect and the network from which the AXFR query will originate. Note that the network selected here must match a network to which the NS1 Connect zone is published for the zone transfer request to succeed.
Additional IPs
Similar to above, this section allows you to specify multiple IPs corresponding to other additional primary servers to which this zone is secondary. NS1 Connect balances AXFR queries among all servers and retry failed queries with one of the other primary servers. You must also specify the inbound port configured on the primary and network from which the AXFR query will originate for each.
TSIG
Optionally, you can enable TSIG authentication for incoming zone transfers from the primary servers to NS1 Connect. If enabled, you must enter the following details:
TSIG hash
Indicates the cryptographic algorithm used to generate the TSIG key.
TSIG key name
Name of the TSIG key used in domain name syntax.
TSIG key value
The base64 string encoding the shared key secret.

Note that some changes you make here might also need to be reflected on the primary DNS server and registrar. For more information, refer to Configuring NS1 Connect as a secondary DNS provider.