dns-zone¶
The following operations can be performed on "dns-zone":
unset| add| sign| unsign| show| set| rm|
unset dns zone¶
Use this command to remove dns zone settings.Refer to the set dns zone command for meanings of the arguments.
Synopsis¶
unset dns zone
add dns zone¶
Creates a DNS zone on the Citrix ADC. Mandatory if you want to use the appliance to implement Domain Name Security Extensions (DNSSEC) for the zone. When you add a DNS resource record, if the domain name of the record belongs to the zone, the record is automatically added to the zone.
Synopsis¶
add dns zone
Arguments¶
zoneName Name of the zone to create.
proxyMode Deploy the zone in proxy mode. Enable in the following scenarios: * The load balanced DNS servers are authoritative for the zone and all resource records that are part of the zone. * The load balanced DNS servers are authoritative for the zone, but the Citrix ADC owns a subset of the resource records that belong to the zone (partial zone ownership configuration). Typically seen in global server load balancing (GSLB) configurations, in which the appliance responds authoritatively to queries for GSLB domain names but forwards queries for other domain names in the zone to the load balanced servers. In either scenario, do not create the zone's Start of Authority (SOA) and name server (NS) resource records on the appliance. Disable if the appliance is authoritative for the zone, but make sure that you have created the SOA and NS records on the appliance before you create the zone.
Possible values: YES, NO Default value: ENABLED
dnssecOffload Enable dnssec offload for this zone.
Possible values: ENABLED, DISABLED Default value: DISABLED
nsec Enable nsec generation for dnssec offload.
Possible values: ENABLED, DISABLED Default value: DISABLED
Example¶
add dns zone foo.bar -proxyMode NO -dnssec ENABLED
sign dns zone¶
Signs a DNS zone with a DNS key. Before you sign a zone, make sure that you've enabled DNSSEC by setting the global DNS parameter "Enable DNSSEC extension."
Synopsis¶
sign dns zone
Arguments¶
zoneName Name of the zone.
keyName Name of the public/private DNS key pair with which to sign the zone. You can sign a zone with up to four keys.
Example¶
sign dns zone abc.com. -keyname abc.com.zsk abc.com.ksk
unsign dns zone¶
Unsigns the specified DNS zone with the specified DNS key.
Synopsis¶
unsign dns zone
Arguments¶
zoneName Name of the zone.
keyName Name of the public-private DNS key pair with which to unsign the zone.
Example¶
unsign dns zone abc.com. -keyname abc.com.zsk abc.com.ksk
show dns zone¶
Displays the parameters of the specified DNS zone, along with information about the types of resource records available for each domain name in the zone. If no zone name is specified, just the parameters are shown, for all configured zones.
Synopsis¶
show dns zone [
Arguments¶
zoneName Name of the zone. Mutually exclusive with the type parameter.
type Type of zone to display. Mutually exclusive with the DNS Zone (zoneName) parameter. Available settings function as follows: * ADNS - Display all the zones for which the Citrix ADC is authoritative. * PROXY - Display all the zones for which the Citrix ADC is functioning as a proxy server. * ALL - Display all the zones configured on the appliance.
Possible values: ALL, ADNS, PROXY
Output¶
proxyMode Deploy the zone in proxy mode. Enable in the following scenarios: * The load balanced DNS servers are authoritative for the zone and all resource records that are part of the zone. * The load balanced DNS servers are authoritative for the zone, but the Citrix ADC owns a subset of the resource records that belong to the zone (partial zone ownership configuration). Typically seen in global server load balancing (GSLB) configurations, in which the appliance responds authoritatively to queries for GSLB domain names but forwards queries for other domain names in the zone to the load balanced servers. In either scenario, do not create the zone's Start of Authority (SOA) and name server (NS) resource records on the appliance. Disable if the appliance is authoritative for the zone, but make sure that you have created the SOA and NS records on the appliance before you create the zone.
flags Flags controlling display.
nsecBitarray Bit array representing the different record types configured for the domain name
domain Domain name that belongs to the given zone
nextRecs An array of record types associated with the nsec record.
stateflag flags controlling display
dnssecOffload Enable dnssec offload for this zone.
nsec Enable nsec generation for dnssec offload.
keyName Name of the public/private DNS key pair with which to sign the zone. You can sign a zone with up to four keys.
sigInceptionTime The time when sign was done with this key.
signed Integer which denote status of keys.
expires Time period for which to consider the key valid, after the key is used to sign a zone.
devno count
Example¶
show dns zone foo.bar
set dns zone¶
Modifies the parameters of the specified DNS zone.
Synopsis¶
set dns zone
Arguments¶
zoneName Name of the zone.
proxyMode Deploy the zone in proxy mode. Enable in the following scenarios: * The load balanced DNS servers are authoritative for the zone and all resource records that are part of the zone. * The load balanced DNS servers are authoritative for the zone, but the Citrix ADC owns a subset of the resource records that belong to the zone (partial zone ownership configuration). Typically seen in global server load balancing (GSLB) configurations, in which the appliance responds authoritatively to queries for GSLB domain names but forwards queries for other domain names in the zone to the load balanced servers. In either scenario, do not create the zone's Start of Authority (SOA) and name server (NS) resource records on the appliance. Disable if the appliance is authoritative for the zone, but make sure that you have created the SOA and NS records on the appliance before you create the zone.
Possible values: YES, NO Default value: ENABLED
dnssecOffload Enable dnssec offload for this zone.
Possible values: ENABLED, DISABLED Default value: DISABLED
nsec Enable nsec generation for dnssec offload.
Possible values: ENABLED, DISABLED Default value: DISABLED
Example¶
set dns zone foo.bar -proxyMode NO -dnssec ENABLED
rm dns zone¶
Removes a DNS zone from the Citrix ADC.
Synopsis¶
rm dns zone
Arguments¶
zoneName Name of the zone to remove.