Guide

Manage a shield configuration

Suggest Edits

You can modify a shield configuration at any time. Complete any of these procedures to manage a shield.

📘

You currently cannot delete a shield configuration in Control Center. To delete a shield, contact your ​Akamai​ account representative.

Change filtering modes for a zone

Complete this procedure to change the filtering modes for a shield zone.

To change filtering modes for a zone:

  1. In Control Center, go to ☰ > DNS SOLUTIONS > Shield NS53. The Shields List page appears.
  2. Go to the shield that contains the zones you want to modify.
  3. Click the name of the shield or click Edit Shield.
  4. In the Shield zones area, click a zone name or in the Action menu for the zone, select Edit. The edit window for the shield zone appears.
  5. In the Filtering mode menu, select a new filtering mode for the zone.
  6. If you select Automatic and you want to secure your zones with a TSIG key, create or upload a TSIG key.
  7. If you select Manual, configure domains for the selected zone. You can upload a zone file or you can provide domains in the provided text box. When providing names in the text box, you can use wildcards to allow requests from different subdomains. For example, you can add *.example.com as a name to allow requests from www.example.com and www2.example.com. If you choose to upload a zone file, only the names are extracted from the file.
  8. Click Save changes.

Add domains for manual filtering

If you created a shield zone that uses manual filtering, you must define the DNS resource records that you want to allow. Incoming queries are checked against the list you configure to determine whether Shield NS53 should reject or forward the queries to your name servers.

To perform this operation with the Edge DNS API, see Manage manual filter names.

To add domains for manual filtering:

  1. In Control Center, go to ☰ > DNS SOLUTIONS > Shield NS53. The Shields List page appears.
  2. Go to the shield that contains the zone you want to modify.
  3. Click the name of the shield or click Edit Shield.
  4. In the Shield zones area, click the zone name. The edit window for the shield zone appears.
  5. Do one of the following to add domains:
    • In the Add filter names text box, enter the domains. When providing names in the text box, you can use wildcards to allow requests from different subdomains. For example, you can add *.example.com as a name to allow requests from www.example.com and www2.example.com.
    • Click Upload zone file to upload a zone file. Only the names in the file are extracted.
  6. Click Save changes.

Edit a shield

You can modify settings for a shield configuration, including name server IP addresses, name server health check information, alternate transfer targets, and the filtering modes for zones. You can also add or delete zones.

To edit a shield:

  1. In Control Center, go to ☰ > DNS SOLUTIONS > Shield NS53. The Shields List page appears.
  2. Go to the shield that contains the zones you want to modify.
  3. Click the name of the shield or click Edit shield.
  4. To change name server information, enter new IP addresses or provide a new record for the health check.
  5. If you would like to see the client IP address in a valid DNS request that’s forwarded to Shield NS53, enable EDNS client subnet. EDNS client subnet (ECS) allows a DNS resolver to include the client’s IP address in DNS queries that are sent to authoritative DNS servers. This helps optimize DNS responses based on the client’s geographic location, providing more accurate results for location-based services.
  6. If you use automatic filtering in the zone, you can modify alternative transfer targets. Click Add alternate transfer targets to configure new IP addresses.
  7. To change the filtering modes for a zone, see Change filtering modes for a zone.
  8. To add, change, or delete an apex alias, see Add or modify an apex alias.
  9. To add one or more zones, click Add zones. For detailed steps, see Add shield zones and assign filtering modes.
  10. To delete one or more zones, in the Shield zones area, select the zone or zones, and in the actions menu that appears, select Delete.
    A message appears that indicates you can run safety checks before the delete operation is completed. These safety checks confirm the selected zones are not delegated to ​Akamai​ and are not receiving traffic. To perform these safety checks, select Run safety checks. Click Delete to continue with the delete operation. If the checks find no issue, the zone or zones are deleted. Otherwise, a message appears that explains why the delete operation was unsuccessful.
  11. Click Save.

View the status of zone transfers

If you use automatic filtering for a shield zone, you can view the status of your zone transfers. A status is provided in the list of shield zones.

To view the status of zone transfers:

  1. In Control Center, go to > DNS SOLUTIONS > Shield NS53. The Shields List page appears.
  2. Go to the shield that contains the zone you want to check.
  3. Click the name of the shield or click Edit shield. A list of zones is available in the Shield zones section.
  4. Search for the zone.
  5. In the Zone transfer column, click the status icon. A red error icon indicates that there was a failure, while a green check mark indicates the transfer was a success.
    In the window that appears, you can view specific information about the transfer, including the zone transfer agent that was responsible for the transfer.

Add or modify an apex alias

An apex alias defines the apex record that you want Shield NS53 to resolve instead of forwarding it to the origin name server for resolution. For example, if you set apexalias.example.com as the alias for the example.com zone, Shield resolves requests to example.com with the answer for apexalias.example.com. Requests to domains like www.example.com are handled by Shield based on the filtering mode you select.

Complete this procedure to add or modify an apex alias record that’s configured for an existing shield zone.

To add or modify an apex alias:

  1. In Control Center, go to > DNS SOLUTIONS > Shield NS53. The Shields List page appears.
  2. Go to the shield that contains the zones you want to modify.
  3. Click the name of the shield or click Edit shield.
  4. To add an apex alias, complete these steps:
    1. Click Add apex alias. The Add apex alias window appears.
    2. Enter a fully qualified domain name in the provided field.
    3. Click Save.
  5. To modify an apex alias, complete these steps:
    1. Click Edit apex alias. The Edit Apex Alias window appears.
    2. Enter a new fully qualified domain name in the provided field.
    3. Click Save.
  6. To delete an apex alias, complete these steps:
    1. Click Edit apex alias.
    2. In the Edit Apex Alias window, click Delete.
  7. Click Save changes.

Updated about 13 hours ago