Custom DNS Zones define private DNS records that are distributed directly to peers within your EagleSafe ZTB network. Unlike nameservers that forward queries to external DNS servers, Custom Zones are hosted within ZTB and resolved locally on peers — no separate DNS infrastructure required.
Custom Zones are ideal for internal service discovery, environment isolation, split-horizon DNS, and assigning friendly names to private resources.
Create a custom zone
- Go to DNS → Zones and click Add Zone.
- Configure the zone settings:
Domain
The fully qualified domain name for the zone (e.g. services.company.internal). All records in this zone will use this domain as their suffix.
- Must be a valid FQDN format.
- Cannot be changed after creation — the zone must be deleted and recreated to change the domain.
- Must not conflict with the ZTB peer DNS domain.
Distribution groups
Select one or more peer groups that should receive this zone. Only peers in the selected groups will be able to resolve the zone's records. Changes to group membership automatically update zone distribution.
Enable Search Domain
When enabled, the zone domain is added to the peer's DNS search list, allowing short name queries. For example, querying api expands to api.services.company.internal. Disabled by default.
Enable DNS Zone
Controls whether the zone is active and distributed to peers. When disabled, the zone is not distributed but its records are preserved — useful for testing before deployment.
- Click Add Zone to create the zone.
Add records to a zone
Click on the zone to open its details, then click Add Record.
| Field | Description |
|---|---|
| Hostname | The hostname within the zone. For example, server in zone dev.local creates server.dev.local. |
| Record Type | A (IPv4), AAAA (IPv6), or CNAME (alias). |
| Value | For A records: an IPv4 address. For CNAME records: another domain name. |
| TTL | How long (in seconds) resolvers cache this record before checking for updates. Default: 300 seconds. |
Update a zone
Click the three dots (⋮) next to the zone, select Edit, make changes to distribution groups or search domain settings, and click Save Changes.
Delete a zone
Click the three dots (⋮) next to the zone, select Delete, and confirm. Deleting a zone removes all its records. If you only need to remove a single record, delete the individual record instead.
Behavior
Resolution precedence
Custom DNS Zones take precedence over nameservers. If a nameserver is configured with a match domain identical to a Custom Zone domain, the zone's records are resolved first and the nameserver is not queried for that domain.
Limitations
- Domain cannot be changed after creation — delete and recreate to change it.
- Cannot conflict with the ZTB peer DNS domain.
- CNAME exclusivity: CNAME records cannot coexist with A or AAAA records for the same hostname.
- Empty zones are not distributed: a zone with no records is not pushed to peers.
