Restrict zone transfers to the zone transfer agents

You might want to restrict zone transfer access from your primary name servers to only allow the Edge DNS zone transfer agents (ZTAs).

To obtain a list of ZTAs, subscribe to Control Center’s firewall rules notification service. This service allows you to view all ZTA IP addresses and proactively notifies you of any changes to the ZTA infrastructure. Use the following procedures to subscribe to this service.

How to

  1. Log in to Control Center.
  2. Go to > COMMON SERVICES > Firewall change notifications.
  3. Click Manage Subscriptions.
  4. Click Subscribe Users, enter your email information, and select Edge DNS Zone Transfer Agents.

    Ensure that zone transfers are allowed from your primary name servers from the IPs and ports included in the Edge DNS Zone Transfer Agents service, over both UDP and TCP.