Skip to main content
Skip table of contents

2576 - Creating a Secondary Zone in BloxOne DDI


The training department, which administrates, wants to work with your team to implement local survivability for their DNS clients. Your DNS clients also use their services, like, so this could help the efficiency of the DNS implementation as well.  We don't want to simply set up a forwarding zone, because we want the zone to still work if their DNS servers are not responding.

They want to keep administrating their domain as the primary for, but they are using some other DNS server that we will need to add as an External Primary on a Secondary zone in our DNS environment. They will host their own DNS servers and they will maintain their own records but their DNS servers will allow ours to synchronize with theirs with a shared TSIG key for zone transfers. 

Estimated Completion Time

  • 10 to 15 minutes


  • Administrative access to the CSP

  • Lab 2801: Deploying BloxOne Hosts

  • Lab 2570: Configuring DHCP Services in BloxOne DDI

  • Lab 2571: Creating DHCP Networks in BloxOne DDI

  • Lab 2573: Enabling and Configuring DNS Services

  • Lab 2574: Creating a Primary Zone in BloxOne DDI

Course References

  • 2159: BloxOne DDI Configuring DNS Services


  1. Creating a Secondary Zone and Configuring Zone Transfer

  2. Validating the DNS zones and records from a client

Task 1: Creating a Secondary Zone and Configuring Zone Transfer

The training team has provided us with TSIG key information in a file named tsig_xfer_b1.txt (This is in your jump-desktop filesystem folder 'Shared Drive') and the IP address of the DNS server we'll be adding as an External DNS Primary: We'll need to create a secondary zone under called and use this External DNS server as the authoritative DNS server for this zone. Also, we should configure the TSIG key trust for the Zone Transfer to work.

Task 2: Validating the DNS zone and records from a client

We have set up the zone transfer for this domain so the resource records should be copied and available. But we should verify that when our clients try to get the records, they get what we expect. Use our testing-linux virtual machine to verify that we can get A records for


Task 1 Solution: Creating a Secondary Zone and Configuring Zone Transfer

  1. Switch to your CSP browser window, navigate to ManageDNS

  2. Select the Zones tab

  3. Click on the default DNS View to go inside the view

  4. Click on the zone to go into the zone

  5. Click the Create button and from the drop-down Zone list, select Secondary Zone

  6. Enter the zone Name: training

  7. Check that is selected from the suffix drop-down list

  8. Expand the Authoritative DNS Servers section

  9. Under External Primary Servers, click Add and fill out the required fields:

    • Name: (we can get this name with a reverse lookup on a terminal - dig -x

    • Address:

    • Check Use TSIG and fill out KeyName, Algorithm, and KeyValue based on the information in the lab environment file /mnt/shared/tsig_xfer_b1.txt (This is in your jump-desktop filesystem folder Shared Drive)

  10. Click Add

  11. Under BloxOne Secondary DNS Servers click the arrow next to both of your DNS service instances to move them to the list of BloxOne Secondary DNS Servers

  12. Click Save & Close

Task 2 Solution: Validating the DNS zone and records from a client

  1. On testing-linux open a Terminal window

  2. Set the IP address as a fixed address with the command sudo set-network-static-bloxone to allow a route to the DNS server.

  3. Check the dig response for the following query should return an Authoritative Answer (aa) with NOERROR:

    dig @


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.