search
githubEdit

Akamai Edge DNS

"Akamai Edge DNS Provider" configures Akamai's Edge DNSarrow-up-right service.

This provider interacts with Edge DNS via the Edge DNS Zone Management APIarrow-up-right.

Before you can use this provider, you need to create an "API Client" with authorization to use the Edge DNS Zone Management APIarrow-up-right.

See the "Get Started" section of Edge DNS Zone Management APIarrow-up-right, which says, "To enable this API, choose the API service named DNS—Zone Record Management, and set the access level to READ-WRITE."

Follow directions at Authenticate With EdgeGridarrow-up-right to generate the required credentials.

hashtag
Configuration

To use this provider, add an entry to creds.json with TYPE set to AKAMAIEDGEDNS along with the authentication fields.

Example:

creds.json
{
  "akamaiedgedns": {
    "TYPE": "AKAMAIEDGEDNS",
    "client_secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "host": "akaa-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxx.akamaiapis.net",
    "access_token": "akaa-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "client_token": "akaa-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "contract_id": "X-XXXX",
    "group_id": "NNNNNN"
  }
}

hashtag
Limitations

hashtag
Records

AKAMAICDN

The AKAMAICDN target must be an Edge Hostname preconfigured in your Akamai account.

The AKAMAICDN record must have a TTL of 20 seconds. Note that dnscontrol preview will not flag an incorrect TTL as an error; the TTL mismatches are only caught during dnscontrol push.

The AKAMAICDN record may only be used at the zone apex (@) if an AKAMAITLC record hasn't been used.

AKAMAITLC

The AKAMAITLC record can only be used at the zone apex (@).

The AKAMAITLC record can only be used once per zone.

ALIAS

Akamai Edge DNS does directly support ALIAS records. This provider will convert ALIAS records used at the zone apex (@) to AKAMAITLC records, and any other names to CNAME records.

hashtag
Secondary zones

This provider only supports creating primary zones in Akamai. If a secondary zone has been manually created, only AKAMAICDN and AKAMAITLC records can be managed, as all other records are read-only.

hashtag
Usage

Store your zone configuration details in a dnsconfig.js file in the same folder where the creds.json file is present.

Akamai assigns a unique set of authoritative nameservers for each contract. These authorities should be used as the NS records on all zones belonging to this contract.

The NS records for these authorities have a TTL of 86400.

Add:

modifier to the dnscontrol.js D() function so that DNSControl does not change the TTL of the authoritative NS records.

Example dnsconfig.js:

Note: A CNAME and an AKAMAICDN record with the same name is allowed.

Note: TTL for AKAMAICDN record must always be set to 20.

AKAMAICDN is a proprietary record type that is used to configure Zone Apex Mappingarrow-up-right. The AKAMAICDN target must be preconfigured in the Akamai network.

hashtag
dnscontrol check command

Use dnscontrol check to verify whether the dnsconfig.js file contents are valid.

Example:

Output:

hashtag
dnscontrol preview command

Use dnscontrol preview to see which DNS changes would be made by dnscontrol push—without applying them.

Example:

Note: If the zone does not exist dnscontrol preview returns an error:

Note: If the zone does not exist and you want to see the changes which will be made by dnscontrol push then use dnscontrol preview with the --populate-on-preview flag specified. This automatically creates the zone with SOA and NS records.

Command:

Output:

In the above example since, the zone example.com did not exist, running dnscontrol preview with the --populate-on-preview flag created a zone named example.com with only the NS and SOA records and showed what changes will be applied by dnscontrol push.

hashtag
dnscontrol push command

Use dnscontrol push to create a new zone or update an existing zone.

Creating a New Zone

Example:

Output:

In the above example since, zone example_2.com did not exist running dnscontrol push created a new zone example_2.com with NS, SOA and the other records (In this example, AKAMAICDN and A records).

Updating an Existing Zone

Important Note:

  • When running the dnscontrol push command to update an existing DNS zone, the dnsconfig.js file must include all records for that zone—not just the ones being modified.

  • Any records that exist in Akamai EdgeDNS but are not present in the dnsconfig.js file will be deleted during the push, as dnscontrol treats the file as the authoritative source.

Example 1

Output:

Since, the zone example.com was created with SOA and NS when the command dnscontrol preview --populate-on-preview ran, running dnscontrol push adds the AKAMAICDN and A records.

Example 2

In this example the A record is updated to have the IP 1.2.3.10 from 1.2.3.4.

Output:

hashtag
dnscontrol create-domains

automatically creates SOA and authoritative NS records.

Example:

Output:

PreviousAdGuard HomeNextAlibaba Cloud DNS (ALIDNS)

Last updated