Page tree

Contents

You can configure to allow dynamic DNS updates to a particular zone from selected IP ranges. 

To configure dynamic DNS updates, complete the following:

  1. From the Cloud Services Portal, click Manage -> DNS, and click Global DNS Configuration.
  2. In the Global DNS Configuration page, click Updates.
  3. Allow GSS-TSIG–signed updates: To allow GSS-TSIG–signed updates, select this checkbox. GSS-TSIG (Generic Security Service Algorithm for Secret Key Transaction) is used to authenticate DDNS updates. For more information, see Configuring GSS-TSIG.
  4. In the GSS-TSIG CONFIGURATION section, choose one of the following options:
    • New GSS-TSIG Keytab File: Click Select File, find the keytab file, and click Add.
    • Existing GSS-TSIG Keytab File: Select the keytab file from the drop-down, and click AddThe following read-only information is shown:
      • PRINCIPAL: The principal name that is mapped to the keytab file
      • DOMAIN: The name of the domain that is mapped to the keytab file

      • VERSION: The version of the keytab file

      • ENCRYPTION TYPE: The encryption type of the key

      • LAST UPDATED: The timestamp of the key's last upload 
  5. In the ALLOW DYNAMIC UPDATES FROM section, click Add to add or click Remove to remove the entries. Select one of the following from the TYPE drop-down list:
    • Any Address/Network: Select this option to allow or deny the application to send zone transfers to any IP address or network. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and selecting Deny from the drop-down list.
    • IPv4 Address: Select this option to add an IPv4 address. Click the VALUE field and enter the IP address of the remote server. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and selecting Deny from the drop-down list.

    • IPv4 Network: Select this option to add an IPv4 network address to the list. Click the VALUE field and enter an IPv4 network address and type a netmask. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and selecting Deny from the drop-down list.

    • Named ACL: Select this option to add a named ACL. Click the VALUE field and the list of named ACLs are displayed. If you have only one named ACL, it is displayed automatically. When you select this, the application allows servers that have the Allow permission to send and receive DNS zone transfer data. You can click Clear to remove the selected named ACL.

    • TSIGSelect an existing TSIG Key. For more information, see Configuring TSIG KeysThe PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

    You can reorder the rows using the up and down arrows next to the table.

  6. Click Save & Close to save.
  • No labels

This page has no comments.