Oracle Cloud Infrastructure Documentation

Creating a Secondary DNS Zone

Create a secondary zone to set up ingress from an external DNS provider to Oracle Cloud Infrastructure (OCI) DNS.

This topic describes how to set up an OCI secondary zone that accepts zone transfers from an external DNS provider (secondary ingress). To set up a scenario where a primary OCI DNS zone transfers to a secondary external DNS provider (secondary egress), see the Secondary DNS overview page.

Secondary ingress DNS requires that you define the zone name and the IP addresses of the primary external server during the secondary zone creation process. Also, you need connectivity to OCI IP addresses on the externally managed primary DNS servers. Connectivity to OCI IP addresses is a requirement for secondary DNS because it lets the service perform the required zone transfer process from the primary DNS to keep the secondary zone in sync.

You can obtain the OCI IP addresses that perform the zone transfers from the primary DNS in one of the following ways:
  • Use the OCI API before you begin setup. ListZoneTransferServers returns a list of IP addresses provided for the specified root compartment. The provided transfer name server IP addresses vary by region. For more information, see Listing Zone Transfer Servers.
  • If you're using the Console, the list of zone transfer servers appears in the Create public zone page.

You can optionally configure a secondary DNS zone to use a TSIG key. If you don't already have an existing TSIG key, create one before you begin setting up the secondary DNS zone. For more information, see TSIG Keys.

See Secondary DNS for a feature overview and more information.

    1. Open the navigation menu and click Networking. Under DNS management, click Zones.
    2. On the Public zones tab, click Create zone.
    3. For Method, select Manual.
    4. For Zone type, select Secondary.
    5. Enter a descriptive name for the zone. Avoid entering confidential information.
    6. Specify the compartment to create the zone in. Be sure you have permission to work in the compartment.
      Important

      Ensure the primary nameservers can accept a transfer request from the list of OCI zone transfer destination IP addresses provided in the Create public zone panel.
    7. For Upstream server IP, add an external upstream nameserver IP address. Click Add additional server IP to add more upstream server IP addresses.
    8. (Optional) Select a TSIG key.
    9. Click Create.

  • Use the zone create command and required parameters to create a secondary zone:

    oci dns zone create --compartment-id compartment_id --name "zone_name" --zone-type SECONDARY --scope GLOBAL
--external-masters  '[{"address":"external_server_ip","port":"port_number","tsigKeyId":"tsig_key_OCID"}]' ... [OPTIONS]

    The external-masters option becomes a required parameter when the zoneType value is SECONDARY.

    For a complete list of flags and variable options for CLI commands, see the CLI Command Reference.

  • Run the CreateZone operation to create a secondary zone. Specify the zoneType as SECONDARY and the scope as GLOBAL.

    The externalMasters attribute becomes a required parameter when the zoneType value is SECONDARY.