Enable Zone transfer (AXFR) page

Tags: 336 views 0

How to set up a Zone transfer (AXFR) page to allow secure zone transfer setup.

Overview

This page enables setting up a secure DNS zone transfer (AXRF) feature in Atomia Hosting Control Panel (HCP), which allows customers to add and manage TSIG keys along with assigning them to a zone.

Existing TSIG keys can be assigned to a master or a slave zone using the Zone transfer page. A customer can assign an existing TSIG key to a zone in HCP via Domains and Websites->Zone transfer menu with a click on an Assign TSIG Key action button for one of the listed zones. In addition, a customer can view and unassign any previously assigned TSIG keys, on the same page.

Image: Zone transfer page

TSIG keys are managed on the TSIG keys manager page, which is accessed through the Zone transfer page. A customer can add a new TSIG key in HCP via Domains and Websites->Zone transfer->TSIG key manager menu with a click on an Add a TSIG key button. Similarly, a customer can view and delete any previously added TSIG keys, on the same page.

Image: TSIG key manager page

Before you begin

Make sure Atomia DNS is installed and properly configured along with the PowerDNS component.

Enable Zone transfer in Atomia Hosting Control Panel

Add a transformation file ProvisioningDescription.EnableZoneTransfer.xml in …Atomia/AutomationServer/Common/ProvisioningDescriptions/Transformation Files. This transformation file will enable the zone transfer feature in the HCP after transformation files have been recreated:

<?xml version="1.0" encoding="utf-8"?>
<provisioningDescription xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
  <packageDescription>
    <packageList>
      <package name="BasePackage" xdt:Locator="Match(name)">
        <serviceLimitationList>
          <globalLimitation>
            <group maxCount="1" xdt:Locator="Condition(service/@name='CsTSIGKeyList')" xdt:Transform="SetAttributes(maxCount)"/>
          </globalLimitation>
        </serviceLimitationList>
      </package>
    </packageList>
  </packageDescription>
</provisioningDescription>

The provided transformation file will enable the zone transfer (AXFR) feature only for the Base package. You can edit the transformation file to your preferences before applying it, in order to allow other packages to have the zone transfer feature.
The maximum number of TSIG key list services any package should have is 1, this is because the service acts as a container for actual TSIG keys and one container is enough to hold all the keys. Therefore, maxCount value in the transformation file should never exceed 1.

In case you wish to enable the zone transfer (AXFR) feature on a custom package, you need to insert CsTSIGKeyList into serviceList and add a global limitation for CsTSIGKeyList within your package. The following transformation file can be used for this purpose (just make sure to edit the name of the package in the transformation):

<?xml version="1.0" encoding="utf-8"?>
<provisioningDescription xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
  <packageDescription>
    <packageList>
      <package name="CustomPackageNameExample" xdt:Locator="Match(name)">
        <serviceList>
            <service name="CsTSIGKeyList" xdt:Transform="Insert" />
        </serviceList>
        <serviceLimitationList>
          <globalLimitation>
            <group maxCount="1" xdt:Transform="Insert">
                <service name="CsTSIGKeyList" />
            </group>
          </globalLimitation>
        </serviceLimitationList>
      </package>
    </packageList>
  </packageDescription>
</provisioningDescription>

Zone transfer page zone restrictions

You can choose what type of zones will be displayed on the Zone transfer page. This is done through the configuration parameter zoneTransferShowZones in …Atomia/HostingControlPanel/bin/Atomia.Web.Plugin.Domains.dll.config. Possible values are: master – show only master zones, slave – show only slave zones or master,slave – show both types (this is the default value).

Was this helpful?