POST - Create a BIND Zone

Purpose

This API endpoint is tailored for ISC BIND servers, enabling the creation of various DNS zones under a specified cluster:

  • Authoritative Zone: Hosts and manages DNS records (e.g., A, CNAME, MX) for a specific domain name, allowing the DNS server to provide authoritative responses to queries for that domain.
  • Forwarder Zone: Redirects DNS queries to specific external servers for resolution rather than resolving them locally via authoritative servers.
  • Response Policy Zone (RPZ): Implements DNS-based policies for controlling and redirecting DNS traffic. This type of zone is often used for security purposes, such as protecting users by blocking access to malicious or unwanted domains. Redirects queries to internal IP addresses for compliance or monitoring purposes. Enforces traffic filtering policies across the network.

Request URL

Method: POST

https://{appconsole_IP}:{9443}/api/dns/zone/

Request Headers

The following headers must be included in the API request for successful authentication and data submission:

Authorization: DDI Central's OAuth implementation uses the Bearer authentication scheme. Hence, while making API calls, access_token obtained via the OAuth 2.0 Client Credentials Grant must be included in the Authorization header of API requests. This token verifies the client’s identity and ensures appropriate permissions for accessing resources.

The Authorization Header follows the format below:

headers = { "Authorization": "Bearer {bearer_tk}" }


Content-Type: Required in the header to indicate the media type of the resource being sent. It helps the server at the receiving end understand how to process the transmitted request body.

The Content-Type Header follows the format below:

headers ={ "Content-Type": "application/json" }

Request Body

Common Parameters for all zone types

  • zone_name* string
    • The fully qualified domain name (FQDN) of the DNS zone (e.g., marshal345.zoho.com.).
  • zone_type* string
    • The type of the zone: authoritative, forwarder, or rpz.
  • view_name string
    • The name of the view assciated with the zone to be created (e.g., alaska1).
  • zone_ttl* string
    • The Time-to-Live (TTL) for the zone, in seconds (e.g., 86400).
  • zone_contact* string
    • The email address of the zone administrator, formatted as darshana.gmail.com..

Authoritative Zone Parameters

  • refresh*  string
    •  Specifies the interval (in seconds) that secondary servers should wait to check for updates from the master.
  • retry*  string
    •  Defines the interval (in seconds) a secondary server should wait before retrying a failed zone transfer attempt.
  • expiry*  string
    •  The time (in seconds) after which a secondary server considers the zone data invalid if it cannot contact the master server. Provides a fallback mechanism by specifying how long a zone remains valid without a successful refresh.
  • minimum*  integer
    •  Sets the minimum TTL (Time-To-Live) value for resource records in the zone, specifying the duration (in seconds) that resolvers can cache the zone’s records before querying again.
  • master_servers*  string
    •  The IP address of the master server for the zone, where authoritative response originate. Specifies the primary source of truth for the queries to DNS records in the zone.
  • slave_servers  string
    •  The IP address of the secondary (slave) servers for the zone. Provides redundancy by allowing slave servers to respond to queries if the master server is unavailable.
  • ddns_zone*  boolean
    •  Indicates whether the new zone supports Dynamic DNS (DDNS), allowing dynamic IP updates to DNS records by the DHCP server.
  • tsigtemplate_name string
    • The name of the TSIG (Transaction Signature) template used for secure DNS updates. Ensures secure communication for dynamic updates by signing requests using the TSIG template.
  • nameservers* string
    • Details a list of authoritative nameservers responsible for the zone including their fully qualified domain names (FQDNs) and IP addresses that are used for resolving their queries.
  • dnssec* boolean
    • Indicates whether DNSSEC is enabled for the zone (e.g., false).

Forwarder Zone Parameters

  • forwarder_servers* string
    • Comma-separated list of IP addresses of external DNS servers to which queries will be forwarded (e.g., 1.1.1.1,2.2.2.2).

RPZ Zone Parameters

  • dnssec* boolean
    • Indicates whether DNSSEC is enabled for the zone (e.g., false).
  • serial* long
    • Serial number of the RPZ zone for synchronization purposes (e.g., 2024090209).

 

- Mandatory parameter.

 

Sample Request

CopiedAuthoritative zone
{
   "zone_name": "marshal345.zoho.com.",
   "zone_type": "authoritative",
   "view_name": "alaska1",
   "zone_ttl": 86400,
   "zone_contact": "darshana@gmail.com.",
   "refresh": 43200,
   "retry": 3600,
   "expiry": 1209600,
   "minimum": 180,
   "master_servers": ["10.16.33.42"],
   "slave_servers": ["192.168.56.51"],
   "ddns_zone": false,
   "cluster_name": "chennai",
   "tsigtemplate_name": "testtsig",
   "nameservers": {
      "nameservers": ["ns1.ex.com.", "ns.marshal345.zoho.com."],
      "ns_with_ip": [
         {
            "ns": "ns.marshal345.zoho.com.",
            "ips": ["1.1.1.1", "2.2.2.2"]
         }
      ]
   }
}

  
Forwarder Zone
{
   "zone_name": "marshal345.zoho.com.",
   "cluster_name": "chennai",
   "zone_type": "forwarder",
   "forwarder_servers": [
      "1.1.1.1",
      "2.2.2.2",
      "3.3.3.3"
   ],
   "view_name": "view_name"
}

RPZ Zone
{
    "zone_name": "rpz2.zoho.com.",
    "zone_type": "rpz",
    "zone_ttl": 300,
    "zone_contact": "darshana@gmail.com.",
    "refresh": 43200,
    "retry": 3600,
    "expiry": 1209600,
    "minimum": 180,
    "dnssec": false,
    "serial": 2024090209,
    "master_servers": ["10.16.27.88"],
    "cluster_name": "chennai",
    "view_name": "alaska1",
    "nameservers": {
        "nameservers": ["ns1.ex.com."],
        "ns_with_ip": []
    }
}

Sample Response

Copied
{
    {
  "zone_id": 6087,
  "zone_name": "marshal345.zoho.com.",
  "zone_type": 1,
  "rpz_zone": false,
  "zone_ttl": 86400,
  "zone_contact": "darshana.gmail.com.",
  "refresh": 43200,
  "retry": 3600,
  "expiry": 1209600,
  "minimum": 180,
  "dnssec": false,
  "serial": 2024082609,
  "sec_ns": "ns1.ex.com.",
  "master_servers": "10.63.6.119",
  "slave_servers": null,
  "tsigTemplate": null,
  "ddns_zone": false,
  "named_view": null,
  "provider_details": null,
  "provider_zone_uniq_key": null,
  "ad_zone": false,
  "zone_scope": null
}