Manage GTM domains
The DNS forms a tree-structured namespace. For example, in this list of domain names each item is a domain, and each domain is also a subdomain of the one above it in the list.
com
customer.com
sales.customer.com
A GTM domain is a DNS domain that you own or that you define with an Akamai suffix.
If you choose to use an Akamai domain, the following applies:
- An Akamai domain usually ends in
.akadns.net
. These additional namespaces are also present:akadns6.net
andakadns99.net
. - The namespace
akadns6.net
is currently not in use. - The namespace
akadns99.net
is available for GTM domain names that require China Internet Content Provider (ICP) compliant workflow.
If you use your own domain, you can secure these custom domains with Domain Name System Security Extensions (DNSSEC). This feature allows you to secure your domain from DNS cache poisoning, answer forgery, and other threats that can occur when data is transmitted over the internet. DNSSEC adds cryptographic signatures to validate authenticity and data integrity of responses. Akamai generates the Zone Signing Key (ZSK) and the Key Signing Key (KSK) pair that are necessary for this validation.
DNSSEC is currently in limited availability.
A number of attributes are specified at the GTM domain level, including portal access control. Anyone with permission to edit a GTM domain can modify or delete any of the properties (subdomains) within that domain.
Add a new domain
The first step in using GTM is to create a GTM domain. You need to have Add Scope contract permissions to create a domain.
-
Log in to Control Center.
-
Go to ☰ > DNS SOLUTIONS > Global Traffic Management. The Traffic Management Domains page opens.
-
Click Add New Domain.
-
Select the contract from the menu for the domain. This field is visible if you have at least one contract.
-
Configure a domain. Do one of the following:
- To use an Akamai domain, select Use an Akamai Domain. Enter the domain and select how you want the domain to end. Usually, an Akamai domain ends with
.akadns.net
. - To use your own domain, select Use your own domain and enter the domain in the provided field.
The fully qualified domain name (FQDN) appears. A warning is shown if the domain name format is invalid
- To use an Akamai domain, select Use an Akamai Domain. Enter the domain and select how you want the domain to end. Usually, an Akamai domain ends with
-
Configure a data center. Complete these steps:
- Enter a data center name and location. You need to specify at least one data center and the maximum number per domain is 213. Be sure to provide the most accurate location data possible to enable GTM to properly balance traffic to your data centers.
- To add another data center, click Add Another Data Center. Enter the data center name and location information.
-
If you chose to use your your own domain in step 5, you can enable DNSSEC for the domain. Select DNSSEC Sign and Serve to protect the domain with DNSSEC and in the provided menu, select the DNSSEC algorithm that you want to use.
After you enable this feature, make sure you provide authoritative name servers, DS record, and DNSKEY record information to the registrar. For more information, see Provide information to the registrar.
-
(Optional) In the Email Notification List, enter the email addresses of administrators or users who you want notified when there’s a change to this domain. Separate the email addresses with a comma, space, or line break. Your email address is automatically added to the list.
-
(Optional) If you plan to set Traffic Distribution Targets, set the Load Imbalance Factor. The Load Imbalance Factor field determines the flexibility of the weight settings. The higher you set the Load Imbalance Factor, the more flexible you can be in letting GTM distribute traffic among your traffic targets. For more information, see Load imbalance factor.
-
Click the Load Feedback checkbox to enable these performance-based property types.
- Performance-Based Load Balancing with Load Feedback
- Performance-Based Load Balancing with Load Feedback (targets computed from configured weights)
- Performance-Based Load Balancing with Load Feedback Based on Liveness Test Download Scores
Load Feedback setting
After you create a domain, you cannot change the Load Feedback setting. If you plan to use these property types, enable Load Feedback now as you will not to be able to do so after you create the domain.
-
Click Save. The New Property-Basic Info page appears. The next step is to add a property to your domain. See Add a property.
If you save a domain before creating a property you are prompted to create a property the next time you open that domain.
Edit domain settings
Use these instructions to Edit domain settings for a variety of functions on properties, maps, data centers, and settings.
-
Log in to Control Center.
-
Go to ☰ > DNS SOLUTIONS > Global Traffic Management. The Traffic Management Domains page opens.
-
From the Traffic Management Domains page, click the name of the domain you want to edit. The domain page appears and displays these domain details.
-
Status. An icon that indicates the current state of the domain. Status can be complete, pending, or denied.
-
History. Lists a history of the changes that have been made to the domain. Click View to see details.
-
Configuration.
-
Click Upload File to upload configuration revisions to a whole domain you have revised. Uploading is limited to those that have permission to do so.
-
Click Download File to get a JSON file listing all the domain's information (properties, maps, and so forth). Anyone can download this information.
-
-
-
Use these tabs to edit settings for the selected domain. Tabs that appear grayed out are not available based on your contract type.
-
Properties tab. This displays the domain's properties. From this tab, you can:
-
View or edit an existing property's basic settings, traffic targets, and liveness tests.
-
Add a new property, delete a property, or duplicate an existing property.
-
Edit a property's static record sets.
See Manage properties.
-
-
Geographic Maps tab. This displays the domain's geographic maps. From this tab, you can:
-
View or edit existing map settings.
-
Add or delete geographic maps
See Manage maps.
-
-
CIDR Maps tab. This displays the domain's CIDR maps. From this tab, you can:
-
View or edit existing CIDR map settings.
-
Add or delete CIDR maps
See Manage maps.
-
-
AS Maps tab. This displays the domain's AS maps. From this tab, you can:
-
View or edit existing AS map settings.
-
Add or delete AS maps
See Manage maps.
-
-
Data Centers tab. This displays the domain's data centers. From this tab, you can:
-
View or edit existing data centers.
-
Add, delete, or clone data centers.
See Manage data centers.
-
-
Resources tab. This displays the domain's resources. From this tab, you can:
-
View or edit existing resources.
-
Add or delete resources.
-
View load feedback report.
See Manage Resources.
-
-
Settings tab. This displays the domain's settings. From this tab, you can:
-
Enable or disable DNSSEC Sign and Serve for custom GTM domains. This feature is only available if your GTM domain does not contain an Akamai suffix, such as
.akadns.net
.
After you activate DNSSEC Sign and Serve, make sure you provide authoritative name servers, DS record, and DNSKEY record information to the registrar. For more information, see Provide information to the registrar. -
Add or delete email addresses to the notification list.
-
Change the load imbalance factor.
-
Collapse CNAMEs.
-
Load Feedback. When Load Feedback is enabled, three performance-based property types are available. When Load Feedback is disabled, only the performance-based load balancing property type is available.
-
Edit the default SSL certificate for the domain.
-
-
View domain status
Use this procedure to view the status of domains.
-
Log in to Control Center.
-
Go to ☰ > DNS SOLUTIONS > Global Traffic Management. The Traffic Management Domains page opens.
-
In the Status column, view these icons that indicate the current state of the domain as complete, pending, or denied. Use Search Domains to filter the list to find a specific domain.
Indicates a completed state.
Indicates that a change list has been submitted to update the domain.
Indicates a problem with the domain that needs to be fixed. The problem is described in the Comment column.
-
In the Domain column, click a domain name to view or edit its configuration. Domain names are dynamically truncated based on screen width. Roll over the Domain name to display the complete name. See Edit domain settings.
-
Last Updated. Provides the date and time, in UTC, of the domain's most recent update.
-
Action. In this column, click the ellipsis to perform these tasks.
-
Download Configuration. Provides a JSON file with a domain's configuration data.
-
Validate Configuration. Click to validate the domain's configuration.
-
-
Activate domain changes
When you make any changes on the domain page, you need save those changes to activate them using this procedure.
-
After you’re done making domain changes, click Add to Change List to save. This returns you to the main maps page.
-
Click Review Change List, which is accessible from any of the tabs on the domain page.
-
If you want to undo the changes you made, click Discard All Changes.
-
In the Review Change List dialog box, add a required comment.
-
To activate the changes you made, click Activate Domain.
Delete domains
You can delete domains individually or as a group.
-
Log in to Control Center.
-
Go to ☰ > DNS SOLUTIONS > Global Traffic Management. The Traffic Management Domains page opens.
-
Select the checkbox for domains you want to delete.
-
In the Select Domains Action menu, click Delete.
The Delete domains dialog opens with Run safety checks selected by default and a list of the selected domains.
Safety checks allow deletions if the domain has received less than 2,000 requests in the last 24 hours.
-
Choose one of these options:
-
To run safety checks and delete the selected list of domains, click Delete.
A progress bar shows the percentage of deletions. On completion, the Domain delete status page opens. A red checkmark indicates prevented deletions with a status message for the reason the deletion did not occur. -
To delete domains without running safety checks:
a. Deselect Run safety checks. The Bypass safety checks confirmation dialog opens.
b. Click Yes. The Delete domains dialog reopens with a message advising you of the risks if you proceed.
c. Click Delete. A progress bar shows the percentage of deletions. On completion, the Domain status page opens showing the result.
-
Enable DNSSEC for a custom GTM domain
You can enable Domain Name System Security Extensions (DNSSEC) for your custom GTM domains that do not contain an Akamai suffix, such as .akadns.net
. This feature allows you to secure your domain from DNS cache poisoning and answer forgery.
Akamai automatically generates a new Zone Signing Key (ZSK) and Key Signing Key (KSK) pair required for this feature.
This procedure describes the steps to enable DNSSEC for an existing GTM domain. To enable it for a new domain, see Add a new domain.
To enable DNSSEC:
- Go to ☰ > DNS SOLUTIONS > Global Traffic Management. The Traffic Management Domains page opens.
- Click the GTM domain name that you want protected with DNSSEC.
- Click the Settings tab.
- Select DNSSEC Sign and Serve.
- From the DNSSEC algorithm, select the algorithm that you want to use.
- Click Add to Change List.
- Click Review Change List. The Change List Detail page opens.
- Review your changes, validate them, add a required comment, and click Activate Domain to save and activate your changes. For more information, see Review change list detail.
Next step:
Make sure you provide information to the registrar. For more information, see Provide information to the registrar.
Provide information to the registrar
After you enable DNSSEC sign and serve, you must provide the following information to the registrar:
- Authoritative name servers. To retrieve the server list, do the following:
- Go to the custom GTM domain on the Traffic Management Domains page. Click the domain.
- In the properties, click the @ [at apex] property
- Go to the Static record sets section.
- For the NS record, view and take note of the listed authorities.
- Delegation signer (DS) record or DNSKEY record. The DS record is on the DNSSEC Sign and Serve status page. You can access this information from the Traffic Management Domains list page. In the DNSSEC column, click the status icon to open the DNSSEC Sign and Serve status page. This page displays the current DS record and the corresponding DNSKEY record. Government agencies must provide the DNSKEY record to their registrars, who then generate the DS record.
Updated 19 days ago