Skip to main content

Zone transfer management

Updated

Summary

A feature that enables users to control DNS zone transfers with greater precision and security. The primary IP set, managed by DigiCert®​​ DNS, represents the authoritative servers that hold the original zone data. The secondary IP set, managed by the user or a third party, defines the external servers authorized to receive zone transfers.

Description

Through its intuitive interface, DigiCert®​​ DNS simplifies the oversight of zone transfers by providing detailed control over both primary and secondary IP sets. Users can monitor and validate which IPs are authorized for data exchange, apply updates in real time, and audit changes for greater transparency. This granular control helps enforce strict transfer policies, minimize misconfigurations, and ensure only trusted IPs participate in DNS replication.

Related functions

  • Primary IP set management: This function allows users to configure and maintain primary IP sets, ensuring accurate routing and network stability.
  • Secondary IP set management: This function provides the ability to manage secondary IP sets for redundancy, failover, and load-balancing strategies.

Primary IP set management

Notice

In DigiCert®​​ DNS, managed IP sets (as seen in the UI) are referred to as primary IP sets in the documentation. Both terms refer to the same concept.

Overview

This guide provides detailed instructions for primary IP set management, covering both targeted and comprehensive actions.

Targeted actions include:

Comprehensive actions include listing all available primary IP sets.

Benefits

Managing primary IP sets through DigiCert®​​ DNS enhances DNS efficiency by simplifying troubleshooting, improving scalability, and maintaining record consistency. Centralized management accelerates configuration changes, minimizes errors, and reduces manual effort. Consolidated IP assignment and tracking also increase visibility, making it easier to monitor and optimize network performance.

Procedures

Create a new primary IP set

Notice

This procedure creates a primary IP set (ipset) that will be updated and deleted in subsequent procedures. Follow Path 1 to create an IP set as-is. Follow Path 2 to associate a new IP set with a primary domain (domain1) created in an earlier procedure.

To test this function, call this API endpoint: POST /ipsets/primary

Path 1

  1. Sign in to your DigiCert®​​ DNS account.
  2. From the landing page, go to the left sidebar and select DNS > Configurations.
  3. In the MANAGED IP SETS tab, select the Add IP Set button.
  4. In the Add Managed IP Set dialog:
    1. Enter a name in the Name field (for example, ipset).
    2. In the Transfer To field, enter the destination IP address.
    3. In the Notify field, enter the IP address to be notified.

    4. Select Save to finish.

      A message appears confirming the successful creation of the IP set.

Path 2

  1. Sign in to your DigiCert®​​ DNS account.
  2. From the landing page, go to the left sidebar and select DNS > Domains.
  3. In the MANAGED DNS tab, select the relevant domain (for example, domain1).
  4. Select the SETTINGS tab.
  5. From the Managed IP Set drop-down list, select Add New IP Set.
  6. In the Add Managed IP Set dialog:
    1. Enter a name in the Name field (for example, ipset).
    2. In the Transfer To field, enter the destination IP address.
    3. In the Notify field, enter the IP address to be notified.
    4. Select Save to finish.

  7. Select Save to finish.

    A message appears confirming the successful creation of the IP set.

Delete a specific primary IP set

Notice

This procedure deletes a specific primary IP set (ipset) created in an earlier procedure. You can follow either Path 1 or Path 2 to complete the deletion.

To test this function, call this API endpoint: DELETE /ipsets/primary/{ipSetId}

Path 1

  1. Sign in to your DigiCert®​​ DNS account.
  2. From the landing page, go to the left sidebar and select DNS > Configurations.
  3. In the MANAGED IP SETS tab, at the end of the row of the IP set you want to delete, select the trash icon.

  4. In the Confirm Deletion dialog, select Confirm.

    A message appears confirming the successful deletion of the IP set.

Path 2

  1. Sign in to your DigiCert®​​ DNS account.
  2. From the landing page, go to the left sidebar and select DNS > Configurations.

  3. In the MANAGED IP SETS tab, select the checkbox of the IP set you want to delete.

    Tip

    You can select multiple checkboxes to delete several IP sets at once.

  4. Select Delete at the top of the table.

  5. In the Confirm Deletion dialog, select Confirm.

    A message appears confirming the successful deletion of the IP set.

List all available primary IP sets

Notice

This procedure displays all primary IP sets created by the user.

To test this function, call this API endpoint: GET /ipsets/primary

  1. Sign in to your DigiCert®​​ DNS account.
  2. From the landing page, go to the left sidebar and select DNS > Configurations.

  3. Select the MANAGED IP SETS tab.

    The table displays all the primary IP sets associated with the account.

    Tip

    Use Columns and Filters to customize your view of the results.

Return the details of a specific primary IP set

Notice

This procedure displays the details of a specific primary IP set (ipset) created in an earlier procedure. Follow Path 1 if there are only a few results to review. Follow Path 2 if you prefer to filter results quickly.

To test this function, call this API endpoint: GET /ipsets/primary/{ipSetId}

Path 1

  1. Sign in to your DigiCert®​​ DNS account.
  2. From the landing page, go to the left sidebar and select DNS > Configurations.

  3. Select the MANAGED IP SETS tab.

    The table displays all the primary IP sets associated with the account.

  4. Locate the IP set (for example, ipset) whose details you want to view.
  5. Select Columns at the top of the results table, then select all checkboxes to ensure that all IP set information is displayed.
Path 2

  1. Sign in to your DigiCert®​​ DNS account.
  2. From the landing page, go to the left sidebar and select DNS > Configurations.

  3. Select the MANAGED IP SETS tab.

    The table displays all the primary IP sets associated with the account.

  4. Select Filters at the top of the results table to locate the specific IP set quickly.

    Tip

    In this example, the name of the IP set is known, so the following filter was applied:

    1. Under Column, select Name.
    2. Under Operator, select contains.

    3. Under Value, enter the IP set's name (ipset).

      If no results appear, double-check the Filters selections and input values.

  5. Select Columns at the top of the results table, then select all checkboxes to ensure that all IP set information is displayed.

Update a specific primary IP set

Notice

This procedure updates a specific primary IP set (ipset) created in an earlier procedure.

To test this function, call this API endpoint: PUT /ipsets/primary/{ipSetId}

  1. Sign in to your DigiCert®​​ DNS account.
  2. From the landing page, go to the left sidebar and select DNS > Configurations.

  3. Select the MANAGED IP SETS tab.

    The table displays all the primary IP sets associated with the account.

  4. Locate the specific IP set - see Path 2 for quick filtering.
  5. Select the name of the IP set (for example, ipset) whose details you want to update.
  6. In the Edit Managed IP Set dialog:
    1. Edit the IP set's details as required.

    2. Select Save to finish.

      A message appears confirming the successful update of the IP set.

Secondary IP set management

Overview

This guide provides detailed instructions for secondary IP set management, covering both targeted and comprehensive actions.

Targeted actions include:

Comprehensive actions include listing all available secondary IP sets.

Benefits

Managing secondary IP sets with DigiCert®​​ DNS strengthens DNS resilience, optimizes performance, and simplifies network scaling. Seamless failover and efficient traffic distribution enhance disaster recovery and minimize downtime, while streamlined redundancy lowers operational costs. Centralized management provides real-time visibility into performance, allocation, and potential bottlenecks, supporting a stable and efficient DNS infrastructure.

Procedures

Create a new secondary IP set

Notice

This procedure creates a secondary IP set (ipset) that will be updated and deleted in subsequent procedures. Follow Path 1 to create an IP set as-is. Follow Path 2 to associate a new IP set with a secondary domain (domain1) created in an earlier procedure.

To test this function, call this API endpoint: POST /ipsets/secondary

Path 1

  1. Sign in to your DigiCert®​​ DNS account.
  2. From the landing page, go to the left sidebar and select DNS > Configurations.
  3. In the SECONDARY IP SETS tab, select the Add IP Set button.
  4. In the Add Secondary IP Set dialog:
    1. Enter a name in the Name field (for example, ipset).
    2. In the Transfer To field, enter the destination IP address.
    3. In the Notify field, enter the IP address to be notified.

    4. Select Save to finish.

      A message appears confirming the successful creation of the IP set.

Path 2

  1. Sign in to your DigiCert®​​ DNS account.
  2. From the landing page, go to the left sidebar and select DNS > Domains.
  3. In the SECONDARY DNS tab, select the relevant domain (for example, domain1).
  4. Select the SETTINGS tab.
  5. From the Secondary IP Set drop-down list, select Add New IP Set.
  6. In the Add Secondary IP Set dialog:
    1. Enter a name in the Name field (for example, ipset).
    2. In the Transfer To field, enter the destination IP address.
    3. In the Notify field, enter the IP address to be notified.
    4. Select Save to finish.

  7. Select Save to finish.

    A message appears confirming the successful creation of the IP set.

Delete a specific secondary IP set

Notice

This procedure deletes a specific secondary IP set (ipset) created in an earlier procedure. You can follow either Path 1 or Path 2 to complete the deletion.

To test this function, call this API endpoint: DELETE /ipsets/secondary/{ipSetId}

Path 1

  1. Sign in to your DigiCert®​​ DNS account.
  2. From the landing page, go to the left sidebar and select DNS > Configurations.
  3. In the SECONDARY IP SETS tab, at the end of the row of the IP set you want to delete, select the trash icon.

  4. In the Confirm Deletion dialog, select Confirm.

    A message appears confirming the successful deletion of the IP set.

Path 2

  1. Sign in to your DigiCert®​​ DNS account.
  2. From the landing page, go to the left sidebar and select DNS > Configurations.

  3. In the SECONDARY IP SETS tab, select the checkbox of the IP set you want to delete.

    Tip

    You can select multiple checkboxes to delete several IP sets at once.

  4. Select Delete at the top of the table.

  5. In the Confirm Deletion dialog, select Confirm.

    A message appears confirming the successful deletion of the IP set.

List all available secondary IP sets

Notice

This procedure displays all secondary IP sets created by the user.

To test this function, call this API endpoint: GET /ipsets/secondary

  1. Sign in to your DigiCert®​​ DNS account.
  2. From the landing page, go to the left sidebar and select DNS > Configurations.

  3. Select the SECONDARY IP SETS tab.

    The table displays all the secondary IP sets associated with the account.

    Tip

    Use Columns and Filters to customize your view of the results.

Return the details of a specific secondary IP set

Notice

This procedure displays the details of a specific secondary IP set (ipset) created in an earlier procedure. Follow Path 1 if there are only a few results to review. Follow Path 2 if you prefer to filter results quickly.

To test this function, call this API endpoint: GET /ipsets/secondary/{ipSetId}

Path 1

  1. Sign in to your DigiCert®​​ DNS account.
  2. From the landing page, go to the left sidebar and select DNS > Configurations.

  3. Select the SECONDARY IP SETS tab.

    The table displays all the secondary IP sets associated with the account.

  4. Locate the IP set (for example, ipset) whose details you want to view.
  5. Select Columns at the top of the results table, then select all checkboxes to ensure that all IP set information is displayed.
Path 2

  1. Sign in to your DigiCert®​​ DNS account.
  2. From the landing page, go to the left sidebar and select DNS > Configurations.

  3. Select the SECONDARY IP SETS tab.

    The table displays all the secondary IP sets associated with the account.

  4. Select Filters at the top of the results table to locate the specific IP set quickly.

    Tip

    In this example, the name of the IP set is known, so the following filter was applied:

    1. Under Column, select Name.
    2. Under Operator, select contains.

    3. Under Value, enter the IP set's name (ipset).

      If no results appear, double-check the Filters selections and input values.

  5. Select Columns at the top of the results table, then select all checkboxes to ensure that all IP set information is displayed.

Update a specific secondary IP set

Notice

This procedure updates a specific secondary IP set (ipset) created in an earlier procedure.

To test this function, call this API endpoint: PUT /ipsets/secondary/{ipSetId}

  1. Sign in to your DigiCert®​​ DNS account.
  2. From the landing page, go to the left sidebar and select DNS > Configurations.

  3. Select the SECONDARY IP SETS tab.

    The table displays all the secondary IP sets associated with the account.

  4. Locate the specific IP set - see Path 2 for quick filtering.
  5. Select the name of the IP set (for example, ipset) whose details you want to update.
  6. In the Edit Secondary IP Set dialog:
    1. Edit the IP set's details as required.

    2. Select Save to finish.

      A message appears confirming the successful update of the IP set.