It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure a Zone

  • Last updated on

The CloudGen Firewall offers the option to configure primary, secondary, reverse, and forwarding zones. When configuring a primary or reverse zone, it is important to correctly handle the serial / serial number offset value.

Timestamps are used in the DNS system to synchronize zone transfers. You must be careful when using the CloudGen Firewall as a DNS primary in conjunction with a DNS secondary server running a non-Barracuda Networks product!

The effective serial number is derived from the firewall's Unix time-stamp. In a mixed setup of a CloudGen based DNS primary server and a non-Barracuda DNS secondary server, Unix time-stamps are numerically lower than date-based time-stamps (e.g. 2019043000). Therefore, a serial number offset must be added to the Unix-based time-stamp. The result of this addition must be greater than the date-based time-stamp at the moment of activating the zone's data. Only then will a secondary DNS server accept a zone transfer from the primary.

For converting the current time into a Unix-based time-stamp, you can use a calculator on the Internet, e.g., www.unixtimestamp.com .

Before You Begin
  • Verify that all necessary IP addresses for answering DNS queries are already configured as service IP addresses on the respective incoming interfaces. For more information, see How to Assign Services.
  • Ensure that the serial number offset is high enough.

Option 1: Configure a Primary Zone

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > DNS > DNS-Service.
  2. In the left menu, click Hosted Zones.
  3. Right-click in the window.
  4. From the list, select Add new DNS Zone.
  5. The Add Hosted Zone / Domain window is displayed.
  6. For Hosted Zone Type, select Primary.
  7. For Enabled, select the check box if you want the record to be active.
  8. For Domain Name, enter the name of the domain, e.g., example.com .

    Because the underscore character ('_') is not processed correctly by the underlying BIND system, do not use this character when you enter domain names!

    While entering the domain name, the edit field for Authoritative Name Server will be auto-filled and the standard name ns1 will be prepended to your domain name for the name server.

  9. For Description, enter any text that best describes your domain.
  10. TTL (time to live [sec]) is already preset. Change the value if necessary.
  11. For Serial Number Offset, enter the offset only if the serial of your new zone record must be higher than the serial on the secondary DNS server.
  12. For the auto-filled edit field Authoritative Name Server you can omit any changes unless necessarily required.
  13. For Responsible Person Email, enter the email address of the person that is responsible for the configured domain. The edit field accepts the underscore character: '_'.
  14. Select Generate NS Record if you want to have the name server record created automatically for you.
  15. For Zone Transfer, select Yes if you want to allow automatic zone transfers.
  16. For Zone Transfer ACL, enter all IP addresses of secondary DNS servers that are allowed to exchange zone data with the primary.
  17. Click OK.
  18. Click Send Changes.
  19. Click Activate.
    add_master_zone_window_01.png

You have now configured a primary zone.
master_zone_record.png

Option 2: Configure a Secondary Zone

If your firewall must operate as a secondary DNS server for a certain zone hosted on another authoritative primary DNS server, create a secondary zone to host it on your firewall.

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > DNS > DNS-Service.
  2. In the left menu, click Hosted Zones.
  3. Right-click in the window.
  4. From the list, select Add new DNS Zone.
  5. The Add Hosted Zone / Domain window is displayed.
  6. For Hosted Zone Type, select Secondary.
  7. For Enabled, select the check box if you want the record to be active.
  8. For Domain Name, enter the domain for which you want to create a secondary zone, e.g., example2.com .
  9. For Description, enter any text that best describes your domain.
  10. Click + to add the primary DNS server that hosts the primary zone.
  11. The Add New Key window is displayed.
  12. Enter the IP address for the primary DNS server, e.g., 212.86.0.11, where to make the zone transfer from.
  13. Click OK.
  14. Click Send Changes.
  15. Click Activate.
    add_slave_zone_window_01.png

In the Hosted Zones window, you can now see the record for the primary zone
slave_zone_record2.png

Because a secondary zone is managed by its owning primary server, no records will be shown on the secondary DNS server.

Option 3: Configure a Reverse Zone

Configuring a reverse zone requires a primary zone that is already configured. If there is no primary zone configured yet, start over with Option 1 above.

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > DNS > DNS-Service.
  2. In the left menu, click Hosted Zones.
  3. Right-click in the window.
  4. From the list, select Add new DNS Zone.
  5. The Add Hosted Zone / Domain window is displayed.
  6. For Hosted Zone Type, select Reverse.
  7. For Enabled, select the check box if you want the record to be active.
  8. In the edit field Network at the bottom of the window, enter the network address that you are configuring the reverse zone for, e.g., 62.99.0.0/24 .
  9. The edit field for Domain Name will be auto-filled based on the network address.
  10. For Description, enter any text that best describes your domain.
  11. TTL (time to live [sec]) is already preset. Change the value if necessary.
  12. For Serial Number Offset, enter the offset only if the serial of your new zone record must be higher than the serial on the secondary DNS server.
  13. For Authoritative Name Server, enter the same name server as for the related primary zone, e.g., ns1.example.com .
  14. For Responsible Person Email, enter the email address of the person that is responsible for the configured domain.
  15. For Zone Transfer, select Yes if you want to allow automatic zone transfers.
  16. For Zone Transfer ACL, enter all IP addresses of secondary DNS servers that are allowed to exchange zone data with the primary.
  17. Click OK.
  18. Click Send Changes.
  19. Click Activate.
    reverse_01.png

In the Hosted Zones window, you can now see the record for the reverse zone.

reverse_zone_record2.png

Option 4: Configure a Forward Zone

If your firewall must operate as a secondary DNS server for a certain zone hosted on another authoritative primary DNS server, create a secondary zone to host it on your firewall.

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > DNS > DNS-Service.
  2. In the left menu, click Hosted Zones.
  3. Right-click in the window.
  4. From the list, select Add new DNS Zone.
  5. The Add Hosted Zone / Domain window is displayed.
  6. For Hosted Zone Type, select Forward.
  7. For Enabled, select the check box if you want the record to be active.
  8. For Domain Name, enter the domain for which you want to create a forwarder, e.g., example.com .
  9. For Description, enter any text that best describes your domain.
  10. Click + to add a DNS forwarder.
  11. The Add New Key window is displayed.
  12. Enter the IP address for the DNS forwarder, e.g., 212.86.0.11.
  13. Click OK.
  14. Click Send Changes.
  15. Click Activate.
    add_foward_zone_01.png