.. _DNS and Zone Delegation Requirements: DNS and Zone Delegation Requirements ------------------------------------ .. note:: If you need to install Virtuozzo DevOps on top of Amazon or Azure, skip this step and perform step 4 in :ref:`Additional Requirements for Amazon and Azure` instead. Virtuozzo DevOps must be able to manage domain names in the zone that is assigned to it. This functionality is used to provide access to the applications that run on the platform. For example, if you designate the mydomain.example.com zone to your installation and then create an application called "web-01", Virtuozzo DevOps will automatically make this application available at web-01.mydomain.example.com. To do that, Virtuozzo DevOps will deploy a DNS server at the IP address that you provide as the Platform Entry Point, expecting that the chosen domain will be delegated to the mentioned DNS server. .. important:: DNS zone delegation must be configured prior to installing Virtuozzo DevOps. To configure DNS zone delegation, do the following: 1. Choose a domain name for the platform (e.g mydomain.example.com). 2. Choose the IP address that will be used as a Platform Entry Point (see :ref:`External Network Requirements`). 3. Add records to the parent zone of the chosen domain and IP address. For example, the records for the parent zone example.com of the domain “mydomain.example.com” and the Platform Entry Point IP address 1.1.1.1 are: :: mydomain.example.com. IN NS ns1.mydomain.example.com. ns1.mydomain.example.com. IN A 1.1.1.1 4. Make sure there is no SOA record for the mydomain.example.com zone on your DNS servers, like: :: ns1.mydomain.example.com IN SOA ns1.mydomain.example.com admin.mydomain.example. You can verify zone delegation with the ``dig`` command as follows: :: domain='mydomain.example.com'; tmp=${domain#*.}; for tmp in $(dig +short -t ns $tmp); do dig +norecurse -t soa @$tmp $domain; \ done | grep -vE '^(;|$)' - If the zone is delegated correctly, the output should contain only NS-type records with optional A-type glue records, for example: :: mydomain.example.com. 60 IN NS ns.mydomain.example.com. ns.mydomain.example.com. 60 IN A 1.1.1.1 - If the zone is delegated incorrectly, the output may be empty or contain SOA-type records, for example: :: example.com. 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082630 7200 3600 ... example.com. 0 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082630 7200 3600 ... .. note:: For the general DNS domain zone delegation guidelines and troubleshooting tips, see https://tools.ietf.org/html/rfc1912.