GuideReference
Guide

DNS zone

akamai_dns_zone

Suggest Edits
 Average processing time 1-2 minutes

Create and update a DNS zone to configure its integration with your existing DNS infrastructure.

Terraform doesn't have access to the zone resource configuration when processing the import. As such, Terraform will populate the contract attribute for that resource in your state after import, but it won’t populate the group attribute. Update the group locally and then run terraform apply to reconcile your configuration and state.

resource "akamai_dns_zone" "my-dns-zone" {
  contract = "C-0N7RAC7"
  zone     = "my-dns-zone.com"
  type     = "secondary"
  masters = [
    "1.2.3.4",
    "1.2.3.5",
  ]
  comment        = "My dns zone"
  group          = 12345
  sign_and_serve = false
  tsig_key {
    name      = "my-example.com"
    algorithm = "hmac-sha1"
    secret    = "aB1Cd23E4FGhij5klmnOPqRSTvw5y7xyZabCdeFgH8i90JKlMN1OpqrSTu2V3Wx+4y56ZAbcDefgh789iJkLm=="
  }
  outbound_zone_transfer {
    acl            = [
      "123.4.5.678/12",
      "987.6.5.4.321/98"
    ]
    enabled        = true
    notify_targets = [
      "123.4.5.678",
      "987.6.5.432"
    ]
    tsig_key {
      name      = "my-other-example.com"
      algorithm = "hmac-sha512"
      secret    = "Zy9xW87v6utSrq5pOLNMLKJIHgf4e3cYbAZyzWVUTS2r1qPonml0kJihg9F8D+7c65BAZYxwvu432tsRqpo=="
    }
  }
}

Arguments

Argument Required Description
contract Your contract ID.
zone The domain zone, encapsulating any nested subdomains.
type The zone type. It can be: primary, secondary, or alias.
  • A primary zone's records are stored in the Akamai Portal.
  • A secondary zone's records are stored on the customer's name servers.
  • An alias zone enables you to duplicate the configuration of an existing zone.
masters Required only for secondary zones. The IP addresses of the customer's name servers from which the zone data should be retrieved.
comment A descriptive comment. You can add it when you review the change list to activate zone updates.
If you don't provide any comments, it's filled out with a default value: Managed by Terraform.
group The currently selected group ID.
sign_and_serve Required only for primary and secondary zones. Indicates whether DNSSEC Sign and Serve is enabled. true to enable.
sign_and_serve_algorithm The algorithm currently or last used by DNSSEC Sign and Serve. Possible values:
  • RSA_SHA1
  • RSA_SHA256
  • RSA_SHA512
  • ECDSA_P256_SHA256
  • ECDSA_P384_SHA384
end_customer_id A free-form identifier for the zone.
target Required only for alias zones. The name of the zone whose configuration this zone will copy.
tsig_key Required only for secondary zones. The TSIG Key used in secure zone transfers. If used, it requires these arguments:
  • name. The key name in domain name format.
  • algorithm. The hashing algorithm to encode the TSIG key's secret data. Possible values:
    • hmac-md5
    • hmac-sha1
    • hmac-sha224
    • hmac-sha256
    • hmac-sha384
    • hmac-sha512
    • HMAC-MD5.SIG-ALG.REG.INT
  • secret. A Base64-encoded string known between transfer endpoints.
outbound_zone_transfer Can be used with primary and secondary zones. The outbound zone transfer properties. Includes:
  • acl. The access control list, defined as IPv4 and IPv6 CIDR blocks.
  • enabled. Enables the outbound zone transfer. true to enable.
  • notify_targets. Customer secondary name servers to notify if NOTIFY requests are desired. You can provide up to 64 IPv4 or IPv6 addresses. If no targets are specified, you can manually request zone transfer updates.
  • tsig_key. The TSIG key used for outbound zone transfers. If used, it requires these arguments:
    • name. The key name in domain name format.
    • algorithm. The hashing algorithm to encode the TSIG key's secret data. Possible values:
      • hmac-md5
      • hmac-sha1
      • hmac-sha224
      • hmac-sha256
      • hmac-sha384
      • hmac-sha512
      • HMAC-MD5.SIG-ALG.REG.INT
    • secret. A Base64-encoded string known between transfer endpoints.

Attributes

There is no default standard output. Upon creation, the last line of the process log contains a success message with the resource id.

Adding an output block returns the zone details you provided on create along with the computed attributes.

AttributeDescription
version_idThe ID of the most recently activated zone version.
alias_countThe number of zones of the alias type that point to this zone. Computed only for primary and secondaryzones.
activation_stateThe zone's activation status.

Updated 6 months ago