The Zone Transfer section displays the Restrict IPs, Name Server Notify Addresses, as well as the TSIG Key (if used) for your domain.
Each section under Zone Transfer Settings contains an optional field titled Change Comment. The Change Comment field allows you up to 512 characters of free text to provide an explanation for the action taken. The Change Comments will be displayed in Audit Log for every action taken on the account that includes a Change Comment.
Restrict IPs
The Restrict IPs list identifies the IP addresses that are allowed to request a zone transfer from this UltraDNS managed domain. Unless specified, UltraDNS restricts all zone transfers.
-
IPv4 and IPv6 formats are accepted.
-
You can manually configure Restrict IPs for each zone, or, use the Inherit Account Settings to have the zone automatically use the account-level settings.
-
The Inherit Account Settings list of Restrict IPs can be found under the Accounts section.
-
To manually populate the Restrict IP list:
-
In the Restrict IP panel, click Add.
-
Select an IP Range Type from the drop-down list. Your choices include:
-
IP Address Start/End - Enter a range of IP addresses using the Start and End IP addresses of the range.
-
CIDR Notation - Allows you to enter IP addresses in the Classless Inter-Domain Routing (CIDR) format.
-
Single IP Address - For a single IP address entry.
-
-
You can add Comments if necessary. For example, you can specify the domain name or other common text identifiers for the IP number or range.
-
Click Save.
Using the Inherit Account Settings to populate the Restrict IPs:
You can view the current account level Restrict IPs by either clicking the View Account Settings button, or navigating to the Accounts section of your account, and clicking Zone Transfer.
-
Click the checkbox next to Inherit Account Settings.
-
A warning message appears stating that the account level Restrict IPs will override your current domain settings.
-
-
Click OK.
-
The account level list of Restrict IPs will appear under the Restrict IPs section.
To delete one or more Restrict IPs from the list:
-
Click on the checkbox to the left of each Restrict IP that you want to delete.
-
Click Delete Selected.
-
Click Delete to confirm the deletion.
Name Server Notify Addresses
The Name Server Notify Addresses section provides a way to identify the IP address(es) that need to be notified when there are changes to the Primary zone that initiate a zone transfer.
-
IPv4 and IPv6 formats are both accepted.
-
You can manually configure the Notify Addresses for each zone, or, use the Inherit Account Settings to have the zone automatically use the account-level settings.
To manually populate the Notify Address list:
-
In the Notify Addresses panel, click Add.
-
Enter an IP address to receive notification of changes to this zone.
-
You can add Comments if necessary. For example, you can specify recipient domain names or other common text identifiers for the IP address(es) entered.
-
Click Save.
-
Repeat the above steps for all addresses to be added to the list.
-
Using the Inherit Account Settings to populate the Notify Addresses
You can view the current account level Name Server Notify Addresses by either clicking the View Account Settings button, or navigating to the Accounts section of your account, and clicking Zone Transfer.
-
Click the checkbox next to Inherit Account Settings.
-
A warning message appears stating that the account level Restrict IPs will override your current domain settings.
-
-
Click OK.
-
The account level list of name server notify addresses will appear under the Name Server Notify Addresses.
To delete one or more Notify Addresses from the list:
-
Click on the checkbox to the left of each address that you want to delete.
-
Click Delete Selected.
-
Click Delete to confirm the deletion.
TSIG Key
The Transaction Signature (TSIG) Key section provides a way to enter and maintain the TSIG key for the domain. TSIG security requires that both sides of a transfer pass the same TSIG key value.
You can copy a key value from the corresponding server into the TSIG configuration, or Auto-generate the key in UltraDNS.
NOTE: If you elect to Autogenerate a TSIG Key, be sure to copy and paste the generated value to the corresponding zone server.
-
Only one TSIG Key can be applied to a zone at a time.
To manually add a TSIG Key:
-
Enter a Name for the key.
-
Select the proper Algorithm for the key using the drop-down list. This is either the algorithm used to generate the key you are copying in, or the algorithm you want to use to generate a new key.
-
Paste (we highly recommend copy and pasting in your TSIG key) or Enter the key value into the Secret field, or, click Autogenerate Key to have the system provide a key for you.
-
Click Save Key when done.
Using the Inherit Account Settings to populate the Notify Addresses:
You can view the current account level TSIG Key by either clicking the View Account Settings button, or navigating to the Accounts section of your account, and clicking Zone Transfer.
-
Click the checkbox next to Inherit Account Settings.
-
A warning message appears stating that the account level TSIG Key will override your current domain settings.
-
-
Click OK.
The account level TSIG Key details will appear in the associated fields. You do NOT need to click Save Key.
To delete the TSIG Key:
-
Click the Delete Key button. The TSIG Key will be instantly removed from the domain.