1. Home
  2. Guides
  3. Platform
  4. Fastly DNS

Adding a secondary DNS zone

WARNING:

This information is part of a beta release. For additional details, read our product and feature lifecycle descriptions.

You can use the Fastly control panel to add DNS zones for your domains. By adding DNS zones, you configure your primary DNS service to add Fastly as a secondary provider. Once completed, Fastly DNS will sync DNS records with your primary service and serve authoritative responses for your configured zones.

Adding a secondary DNS zone consists of the following steps:

  1. Adding the fully qualified domain name (FQDN) for the zone to Fastly DNS.
  2. (Optional) Generating a TSIG (Transaction Signature) key for zone transfer security.
  3. Adding your primary DNS IP addresses to Fastly.
  4. Enabling communication between your primary DNS and Fastly.
  5. Updating your name server (NS) records at your domain name registrar.

Before you begin

Be sure to review the prerequisites and considerations before using Fastly DNS.

Adding zone details in Fastly DNS

Start the process by going to Domains > Zones. If it's your first time setting up zone transfers (AXFR) in Fastly, click Add a secondary DNS zone. Otherwise, click Add zone.

Fill out the Zone details fields as follows:

  • In the Domain name field, enter the fully qualified domain name (FQDN) for the zone.
  • In the Description field, optionally enter a description to help identify the zone within Fastly.

Then, follow the steps below to configure zone transfers including adding optional security via TSIG.

(Optional) Generating a TSIG key for zone transfer security

To cryptographically secure your zone transfers, generate a TSIG key at your primary DNS service. Back in the Fastly control panel, fill out the Zone transfer security fields as follows. If you don't want to enable zone transfer security, click Proceed without TSIG security.

IMPORTANT: The Name, Secret, and Algorithm values must exactly match the values from your primary DNS.

  • In the Name field, enter the exact key name from your primary DNS service
  • In the Description field, optionally enter a description to help identify the TSIG key within Fastly.
  • In the Secret field, enter the TSIG key generated at your primary DNS service. This key is not visible within Fastly.
  • In the Algorithm field, select the algorithm used to generate the TSIG key.

Click Next to proceed with adding your primary DNS IP addresses to Fastly DNS.

Adding your primary DNS IP addresses to Fastly

IMPORTANT: IPv6 is not supported.

Within your primary DNS service, locate the IP addresses that the service uses for zone transfers. Then, add those IP addresses to Fastly on the primary DNS IPs page:

  • In the Description field, optionally enter a description to help identify the IP address within Fastly.
  • In the IP address field, enter the IP address that the service uses for zone transfers.

Click Add another IP address and repeat the steps as needed to add additional IPs. Once finished, click Next.

Enabling communication between your primary DNS and Fastly

IMPORTANT: IPv6 is not supported.

To ensure successful communication between your primary DNS service and Fastly DNS, use the IP addresses listed on the Primary DNS configuration page in Fastly to update your primary DNS instance:

  • If your primary DNS service supports zone transfer NOTIFY IP access control lists (ACLs), copy the Fastly IP addresses and add them to the list at your primary DNS service.
  • If your primary DNS service requires IP access control lists for zone transfers, add the Fastly IP addresses to allow communication.

Click Next to access domain delegation details.

Updating your name server (NS) records at your domain name registrar

When you're ready to add your Fastly DNS name server names at your domain registrar, complete the following:

IMPORTANT: Do not complete this step until you have confirmed that your zone transfers are working, and that the serial number from your primary DNS service matches the serial number you see in Fastly DNS. If the serial numbers don't match, and you update your NS records, your site's DNS could stop working correctly.

  1. Go to DNS management > Zones.
  2. Click the name of the domain you are updating.
  3. Click the Configuration tab.
  4. Use the name server values from the Parent/registrar name servers section to update your NS records at your domain registrar.

Viewing DNS zones

You can view a list of DNS zones you've added by going to Domains > DNS management > Zones.

Click the name of a zone to view the following zone details from the Summary tab:

  • Type: the type of zone.
  • Latest serial number: the latest serial number for the zone.
  • Description: the description you entered to help identify the zone within Fastly.
  • Last modified: a UTC timestamp of when the zone was last modified.
  • Date created: a UTC timestamp of when the zone was created.

Click the Configuration tab to view the following configuration details:

Editing DNS zones in Fastly

You can edit the Description field of a DNS zone at any time. To edit a zone:

  1. Log in to the Fastly control panel.
  2. Go to Domains > DNS management > Zones.
  3. Click the domain name for the zone you want to edit.
  4. Click the pencil Pencil icon to edit the zone details.
  5. Update the zone description as needed.
  6. Click Save changes.

Deleting DNS zones from Fastly

You can delete a DNS zone at any time. To delete a zone from Fastly:

  1. Log in to the Fastly control panel.
  2. Go to Domains > DNS management > Zones.
  3. Click the domain name for the zone you want to delete.
  4. Click the pencil Pencil icon to edit the zone details.
  5. Click Delete zone.
  6. Enter the name of the zone to confirm you want to delete it.
  7. Click Delete to permanently delete the zone.
Fastly
© Fastly 2025