Create a DHCP forward zone for forward DHCP zone declarations to configure TSIG or GSS-TSIG signing of Dynamic DNS updates.
To add a DHCP forward zone:
- From the configuration drop-down menu, select a configuration.
- Select the IP Space tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
- Click the DHCP Settings tab. Under DHCP Zone Groups, click a DHCP zone group.
- Click the DHCP Zone Declarations tab. Under Forward Zones, click New.
-
Select a DNS zone from an Address Manager-managed server or
provide the fully-qualified domain name for a DNS zone not managed by Address Manager:
- For a zone located on an Address Manager-managed server, select Under Address Manager Control and select a zone from the Select Zone drop-down list. To filter the list of zones, click in the Select Zone list and type the first few letters of the zone name. The DNS View to which each zone belongs appears in [square brackets] after the zone name.
- For a zone located on a server not managed by Address Manager, select Third Party and type a fully qualified domain name in the Zone Name field.
- In the Primary DNS Server IP Address field, enter the IP address for the zone’s primary DNS server.
-
In the Secondary DNS Server IP Address field, enter the
IP address for the zone’s secondary DNS server.
Note: The primary and secondary fields refer to the Windows DNS Server definition of primary/secondary servers (two read/write servers), not the standard primary/secondary architecture of the DNS protocol (where primary is read/write and the secondary is read-only). When adding a forward DHCP zone to non-Windows DNS servers in a standard primary-secondary relationship, fill out only the Primary DNS Server IP Address field. The Secondary DNS Server IP Address field is only for Windows DNS Server configurations, where both servers are read/write.
-
To sign DDNS updates for the zone, select the Sign DDNS
Updates check box and do one of the following:
- To sign DDNS updates with a TSIG key, select Using
TSIG, then select a TSIG key from the Key drop-down
menu.Note: Only TSIG keys created with the hmac-md5 algorithm can be used to sign Dynamic DNS updates for forward and reverse DHCP zones.
- To sign DDNS updates with GSS-TSIG, select Using GSS-TSIG.
- To sign DDNS updates with a TSIG key, select Using
TSIG, then select a TSIG key from the Key drop-down
menu.
- Under Change Control, add comments, if required.
- Click Add.