A stub zone contains records that identify the authoritative name servers in the zone. It does not contain resource records for resolving IP addresses to hosts in the zone. Instead, it contains the following records:
SOA (Start of Authority) record of the zone
NS (name server) records at the apex of the stub zone
A (Address) records that map the name servers to their IP addresses
Stub zones, like secondary zones, obtain their records from other name servers. Their records are read only; therefore, administrators do not manually add, remove, or modify the records.
Stub zone records are also periodically refreshed, just like secondary zone records. However, secondary name servers contain a complete copy of the zone data on the primary server. Therefore, zone transfers from a primary server to a secondary server, or between secondary servers, can increase CPU usage and consume excessive bandwidth. A name server hosting a stub zone maintains a much smaller set of records; therefore, updates are less CPU intensive and consume less bandwidth. When a name server hosting a stub zone receives a query for a domain name that it determines is in the stub zone, the name server uses the records in the stub zone to locate the correct name server to query, eliminating the need to query the root server.
References to zone_stub are object references. The name part of a DNS Stub Zone object reference has the following components:
- FQDN of the zone
- Name of the view
Example: zone_stub/ZG5zLmhvc3QkLZhd3QuaDE:zone.com/default
The object does not support the following operations:
The object cannot be managed on Cloud Platform members.
These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.
The basic version of the object contains the field(s): fqdn, stub_from, view.
The following fields are required to create this object:
| Field | Notes |
|---|---|
| fqdn | |
| stub_from |
The IP address of the server that is serving this zone.
Type
String.
Search
The field is not available for search.
Notes
The address cannot be updated.
address cannot be written.
Comment for the zone; maximum 256 characters.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The default value is empty.
Search
The field is available for search via
Determines whether a zone is disabled or not. When this is set to False, the zone is enabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if the name servers that host the zone should not forward queries that end with the domain name of the zone to any configured forwarders.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The displayed name of the DNS zone.
Type
String.
Search
The field is not available for search.
Notes
The display_domain cannot be updated.
display_domain cannot be written.
The name of this DNS zone in punycode format. For a reverse zone, this is in “address/cidr” format. For other zones, this is in FQDN format in punycode format.
Type
String.
Search
The field is not available for search.
Notes
The dns_fqdn cannot be updated.
dns_fqdn cannot be written.
Extensible attributes associated with the object.
For valid values for extensible attributes, see the following information.
Type
Extensible attributes.
This field allows +/- to be specified as part of the field name when updating the object, see the following information.
Create
The default value is empty.
Search
For how to search extensible attributes, see the following information.
A forward stub server name server group.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The default value is empty.
Search
The field is not available for search.
The name of this DNS zone. For a reverse zone, this is in “address/cidr” format. For other zones, this is in FQDN format. This value can be in unicode format.
Note that for a reverse zone, the corresponding zone_format value should be set.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The field is required on creation.
Search
The field is available for search via
Notes
The fqdn is part of the base object.
The fqdn cannot be updated.
If you enable this flag, other administrators cannot make conflicting changes. This is for administration purposes only. The zone will continue to serve DNS data even when it is locked.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The name of a superuser or the administrator who locked this zone.
Type
String.
Values with leading or trailing white space are not valid for this field.
Search
The field is not available for search.
Notes
The locked_by cannot be updated.
locked_by cannot be written.
IPv4 Netmask or IPv6 prefix for this zone.
Type
String.
Values with leading or trailing white space are not valid for this field.
Search
The field is not available for search.
Notes
The mask_prefix cannot be updated.
mask_prefix cannot be written.
The flag that determines whether Active Directory is integrated or not. This field is valid only when ms_managed is “STUB”, “AUTH_PRIMARY”, or “AUTH_BOTH”.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines whether an Active Directory-integrated zone with a Microsoft DNS server as primary allows dynamic updates. Valid values are:
“SECURE” if the zone allows secure updates only.
“NONE” if the zone forbids dynamic updates.
“ANY” if the zone accepts both secure and nonsecure updates.
This field is valid only if ms_managed is either “AUTH_PRIMARY” or “AUTH_BOTH”. If the flag ms_ad_integrated is false, the value “SECURE” is not allowed.
Type
String.
Create
The default value is NONE.
Search
The field is not available for search.
The flag that indicates whether the zone is assigned to a Microsoft DNS server. This flag returns the authoritative name server type of the Microsoft DNS server. Valid values are:
“NONE” if the zone is not assigned to any Microsoft DNS server.
“STUB” if the zone is assigned to a Microsoft DNS server as a stub zone.
“AUTH_PRIMARY” if only the primary server of the zone is a Microsoft DNS server.
“AUTH_SECONDARY” if only the secondary server of the zone is a Microsoft DNS server.
“AUTH_BOTH” if both the primary and secondary servers of the zone are Microsoft DNS servers.
Type
String.
Search
The field is not available for search.
Notes
The ms_managed cannot be updated.
ms_managed cannot be written.
Determines if a Grid member manages the zone served by a Microsoft DNS server in read-only mode. This flag is true when a Grid member manages the zone in read-only mode, false otherwise.
When the zone has the ms_read_only flag set to True, no changes can be made to this zone.
Type
Bool.
Search
The field is not available for search.
Notes
The ms_read_only cannot be updated.
ms_read_only cannot be written.
The name of MS synchronization master for this zone.
Type
String.
Values with leading or trailing white space are not valid for this field.
Search
The field is not available for search.
Notes
The ms_sync_master_name cannot be updated.
ms_sync_master_name cannot be written.
A stub member name server group.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The default value is empty.
Search
The field is not available for search.
The parent zone of this zone.
Note that when searching for reverse zones, the “in-addr.arpa” notation should be used.
Type
String.
Values with leading or trailing white space are not valid for this field.
Search
The field is available for search via
Notes
The parent cannot be updated.
parent cannot be written.
The RFC2317 prefix value of this DNS zone.
Use this field only when the netmask is greater than 24 bits; that is, for a mask between 25 and 31 bits. Enter a prefix, such as the name of the allocated address block. The prefix can be alphanumeric characters, such as 128/26 , 128-189 , or sub-B.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The default value is empty.
Search
The field is not available for search.
The SOA email for the zone. This value can be in unicode format.
Type
String.
Values with leading or trailing white space are not valid for this field.
Search
The field is not available for search.
Notes
The soa_email cannot be updated.
soa_email cannot be written.
This setting defines the amount of time, in seconds, after which the secondary server stops giving out answers about the zone because the zone data is too old to be useful.
Type
Unsigned integer.
Search
The field is not available for search.
Notes
The soa_expire cannot be updated.
soa_expire cannot be written.
The SOA mname value for this zone. The Infoblox appliance allows you to change the name of the primary server on the SOA record that is automatically created when you initially configure a zone. Use this method to change the name of the primary server on the SOA record. For example, you may want to hide the primary server for a zone. If your device is named dns1.zone.tld, and for security reasons, you want to show a secondary server called dns2.zone.tld as the primary server. To do so, you would go to dns1.zone.tld zone (being the true primary) and change the primary server on the SOA to dns2.zone.tld to hide the true identity of the real primary server. This value can be in unicode format.
Type
String.
Values with leading or trailing white space are not valid for this field.
Search
The field is not available for search.
Notes
The soa_mname cannot be updated.
soa_mname cannot be written.
The negative Time to Live (TTL) value of the SOA of the zone indicates how long a secondary server can cache data for “Does Not Respond” responses.
Type
Unsigned integer.
Search
The field is not available for search.
Notes
The soa_negative_ttl cannot be updated.
soa_negative_ttl cannot be written.
This indicates the interval at which a secondary server sends a message to the primary server for a zone to check that its data is current, and retrieve fresh data if it is not.
Type
Unsigned integer.
Search
The field is not available for search.
Notes
The soa_refresh cannot be updated.
soa_refresh cannot be written.
This indicates how long a secondary server must wait before attempting to recontact the primary server after a connection failure between the two servers occurs.
Type
Unsigned integer.
Search
The field is not available for search.
Notes
The soa_retry cannot be updated.
soa_retry cannot be written.
The serial number in the SOA record incrementally changes every time the record is modified. The Infoblox appliance allows you to change the serial number (in the SOA record) for the primary server so it is higher than the secondary server, thereby ensuring zone transfers come from the primary server.
Type
Unsigned integer.
Search
The field is not available for search.
Notes
The soa_serial_number cannot be updated.
soa_serial_number cannot be written.
The primary servers (masters) of this stub zone.
Type
A/An External Server struct array.
Create
The field is required on creation.
Search
The field is not available for search.
Notes
The stub_from is part of the base object.
The Grid member servers of this stub zone.
Note that the lead/stealth/grid_replicate/ preferred_primaries/override_preferred_primaries fields of the struct will be ignored when set in this field.
Type
A/An Member Server struct array.
Create
The default value is:
empty
Search
The field is not available for search.
The Microsoft DNS servers of this stub zone.
Note that the stealth field of the struct will be ignored when set in this field.
Type
A/An Msserver Server struct array.
Create
The default value is:
empty
Search
The field is not available for search.
This is true if the zone is associated with a shared record group.
Type
Bool.
Search
The field is not available for search.
Notes
The using_srg_associations cannot be updated.
using_srg_associations cannot be written.
The name of the DNS view in which the zone resides. Example “external”.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The default value is The default DNS view.
Search
The field is available for search via
Notes
The view is part of the base object.
This function is used to lock or unlock a zone to prevent other administrators from making conflicting changes.
This function does not support multiple object matches when called as part of an atomic insertion operation.
Input fields
operation ( String. Valid values are: “LOCK”, “UNLOCK” ). This parameter is mandatory. The operation to perform.
Output fields
None
| Field | Type | Req | R/O | Base | Search |
|---|---|---|---|---|---|
| address | String | N | Y | N | N/A |
| comment | String | N | N | N | : = ~ |
| disable | Bool | N | N | N | N/A |
| disable_forwarding | Bool | N | N | N | N/A |
| display_domain | String | N | Y | N | N/A |
| dns_fqdn | String | N | Y | N | N/A |
| extattrs | Extattr | N | N | N | ext |
| external_ns_group | String | N | N | N | N/A |
| fqdn | String | Y | N | Y | = ~ |
| locked | Bool | N | N | N | N/A |
| locked_by | String | N | Y | N | N/A |
| mask_prefix | String | N | Y | N | N/A |
| ms_ad_integrated | Bool | N | N | N | N/A |
| ms_ddns_mode | String | N | N | N | N/A |
| ms_managed | String | N | Y | N | N/A |
| ms_read_only | Bool | N | Y | N | N/A |
| ms_sync_master_name | String | N | Y | N | N/A |
| ns_group | String | N | N | N | N/A |
| parent | String | N | Y | N | = |
| prefix | String | N | N | N | N/A |
| soa_email | String | N | Y | N | N/A |
| soa_expire | Unsigned int | N | Y | N | N/A |
| soa_mname | String | N | Y | N | N/A |
| soa_negative_ttl | Unsigned int | N | Y | N | N/A |
| soa_refresh | Unsigned int | N | Y | N | N/A |
| soa_retry | Unsigned int | N | Y | N | N/A |
| soa_serial_number | Unsigned int | N | Y | N | N/A |
| stub_from | [struct] | Y | N | Y | N/A |
| stub_members | [struct] | N | N | N | N/A |
| stub_msservers | [struct] | N | N | N | N/A |
| using_srg_associations | Bool | N | Y | N | N/A |
| view | String | N | N | Y | = |
| zone_format | String | N | N | N | = |
zone_rp : DNS Response Policy Zone object.