Your IP : 216.73.216.220
<!doctype html>
<html class="no-js" lang="en" data-content_root="../../">
<head><meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="color-scheme" content="light dark"><meta name="viewport" content="width=device-width, initial-scale=1" />
<meta property="og:title" content="How to configure network zones" />
<meta property="og:type" content="website" />
<meta property="og:url" content="/howto/network_zones/" />
<meta property="og:site_name" content="LXD documentation" />
<meta property="og:description" content="Network zones can be used to serve DNS records for LXD networks. You can use network zones to automatically maintain valid forward and reverse records for all your instances. This can be useful if ..." />
<meta property="og:image" content="https://documentation.ubuntu.com/lxd/latest/_static/lxd_tag.png" />
<meta property="og:image:alt" content="LXD documentation" />
<meta name="description" content="Network zones can be used to serve DNS records for LXD networks. You can use network zones to automatically maintain valid forward and reverse records for all your instances. This can be useful if ..." />
<meta property="article:modified_time" content="2026-02-13T13:16:52+00:00" /><link rel="index" title="Index" href="../../genindex/"><link rel="search" title="Search" href="../../search/"><link rel="next" title="How to configure your firewall" href="../network_bridge_firewalld/"><link rel="prev" title="How to configure network forwards" href="../network_forwards/">
<link rel="canonical" href="/howto/network_zones/">
<link rel="shortcut icon" href="../../_static/favicon.ico"><!-- Generated with Sphinx 7.4.7 and Furo 2025.12.19 -->
<title>How to configure network zones - LXD documentation</title>
<link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=d111a655" />
<link rel="stylesheet" type="text/css" href="../../_static/styles/furo.css?v=7bdb33bb" />
<link rel="stylesheet" type="text/css" href="../../_static/copybutton.css?v=76b2166b" />
<link rel="stylesheet" type="text/css" href="../../_static/config-options.css" />
<link rel="stylesheet" type="text/css" href="../../_static/related-links.css" />
<link rel="stylesheet" type="text/css" href="../../_static/terminal.css" />
<link rel="stylesheet" type="text/css" href="../../_static/youtube.css" />
<link rel="stylesheet" type="text/css" href="../../_static/sphinx-design.min.css?v=95c83b7e" />
<link rel="stylesheet" type="text/css" href="../../_static/styles/furo-extensions.css?v=8dab3a3b" />
<link rel="stylesheet" type="text/css" href="../../_static/lxd_custom.css?v=bfbf4da2" />
<link rel="stylesheet" type="text/css" href="../../_static/cookie-banner.css?v=b74831ab" />
<link rel="stylesheet" type="text/css" href="../../_static/custom.css?v=e189117a" />
<link rel="stylesheet" type="text/css" href="../../_static/header.css?v=a8078839" />
<link rel="stylesheet" type="text/css" href="../../_static/github_issue_links.css?v=3d761185" />
<link rel="stylesheet" type="text/css" href="../../_static/furo_colors.css?v=825fec6f" />
</head>
<body>
<header id="header" class="p-navigation">
<!-- Google Tag Manager -->
<script>
(function(w, d, s, l, i) {
w[l] = w[l] || [];
w[l].push({
'gtm.start': new Date().getTime(),
event: 'gtm.js'
});
var f = d.getElementsByTagName(s)[0];
var j = d.createElement(s);
var dl = '';
if (l != 'dataLayer') {
dl = '&l=' + l;
}
j.async = true;
j.src = 'https://www.googletagmanager.com/gtm.js?id=' + i + dl;
f.parentNode.insertBefore(j, f);
})(window, document, 'script', 'dataLayer', 'GTM-KNX3CJC');
</script>
<div class="p-navigation__nav" role="menubar">
<ul class="p-navigation__links" role="menu">
<li>
<a class="p-logo" href="https://canonical.com/lxd" aria-current="page">
<img src="../../_static/lxd_tag.png" alt="Logo" class="p-logo-image">
<div class="p-logo-text p-heading--4">LXD
</div>
</a>
</li>
<li class="nav-ubuntu-com">
<a href="https://canonical.com/lxd" class="p-navigation__link">canonical.com/lxd</a>
</li>
<li class="nav-dropdown">
<a href="#" class="p-navigation__link nav-more-links"
id="more-resources-toggle"
aria-haspopup="true"
aria-expanded="false">
More resources
</a>
<ul class="more-links-dropdown" aria-labelledby="more-resources-toggle">
<li>
<a href="https://discourse.ubuntu.com/c/lxd/" class="p-navigation__sub-link p-dropdown__link">Discourse</a>
</li>
<li>
<a href="https://matrix.to/#/#documentation:ubuntu.com" class="p-navigation__sub-link p-dropdown__link">Matrix</a>
</li>
<li>
<a href="https://github.com/canonical/lxd" class="p-navigation__sub-link p-dropdown__link">GitHub</a>
</li>
</ul>
</li>
</ul>
</div>
</header>
<script>
document.body.dataset.theme = localStorage.getItem("theme") || "auto";
</script>
<svg xmlns="http://www.w3.org/2000/svg" style="display: none;">
<symbol id="svg-toc" viewBox="0 0 24 24">
<title>Contents</title>
<svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 1024 1024">
<path d="M408 442h480c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8H408c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8zm-8 204c0 4.4 3.6 8 8 8h480c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8H408c-4.4 0-8 3.6-8 8v56zm504-486H120c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h784c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zm0 632H120c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h784c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zM115.4 518.9L271.7 642c5.8 4.6 14.4.5 14.4-6.9V388.9c0-7.4-8.5-11.5-14.4-6.9L115.4 505.1a8.74 8.74 0 0 0 0 13.8z"/>
</svg>
</symbol>
<symbol id="svg-menu" viewBox="0 0 24 24">
<title>Menu</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather-menu">
<line x1="3" y1="12" x2="21" y2="12"></line>
<line x1="3" y1="6" x2="21" y2="6"></line>
<line x1="3" y1="18" x2="21" y2="18"></line>
</svg>
</symbol>
<symbol id="svg-arrow-right" viewBox="0 0 24 24">
<title>Expand</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather-chevron-right">
<polyline points="9 18 15 12 9 6"></polyline>
</svg>
</symbol>
<symbol id="svg-sun" viewBox="0 0 24 24">
<title>Light mode</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="feather-sun">
<circle cx="12" cy="12" r="5"></circle>
<line x1="12" y1="1" x2="12" y2="3"></line>
<line x1="12" y1="21" x2="12" y2="23"></line>
<line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line>
<line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line>
<line x1="1" y1="12" x2="3" y2="12"></line>
<line x1="21" y1="12" x2="23" y2="12"></line>
<line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line>
<line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line>
</svg>
</symbol>
<symbol id="svg-moon" viewBox="0 0 24 24">
<title>Dark mode</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-moon">
<path stroke="none" d="M0 0h24v24H0z" fill="none" />
<path d="M12 3c.132 0 .263 0 .393 0a7.5 7.5 0 0 0 7.92 12.446a9 9 0 1 1 -8.313 -12.454z" />
</svg>
</symbol>
<symbol id="svg-sun-with-moon" viewBox="0 0 24 24">
<title>Auto light/dark, in light mode</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1" stroke-linecap="round" stroke-linejoin="round"
class="icon-custom-derived-from-feather-sun-and-tabler-moon">
<path style="opacity: 50%" d="M 5.411 14.504 C 5.471 14.504 5.532 14.504 5.591 14.504 C 3.639 16.319 4.383 19.569 6.931 20.352 C 7.693 20.586 8.512 20.551 9.25 20.252 C 8.023 23.207 4.056 23.725 2.11 21.184 C 0.166 18.642 1.702 14.949 4.874 14.536 C 5.051 14.512 5.231 14.5 5.411 14.5 L 5.411 14.504 Z"/>
<line x1="14.5" y1="3.25" x2="14.5" y2="1.25"/>
<line x1="14.5" y1="15.85" x2="14.5" y2="17.85"/>
<line x1="10.044" y1="5.094" x2="8.63" y2="3.68"/>
<line x1="19" y1="14.05" x2="20.414" y2="15.464"/>
<line x1="8.2" y1="9.55" x2="6.2" y2="9.55"/>
<line x1="20.8" y1="9.55" x2="22.8" y2="9.55"/>
<line x1="10.044" y1="14.006" x2="8.63" y2="15.42"/>
<line x1="19" y1="5.05" x2="20.414" y2="3.636"/>
<circle cx="14.5" cy="9.55" r="3.6"/>
</svg>
</symbol>
<symbol id="svg-moon-with-sun" viewBox="0 0 24 24">
<title>Auto light/dark, in dark mode</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1" stroke-linecap="round" stroke-linejoin="round"
class="icon-custom-derived-from-feather-sun-and-tabler-moon">
<path d="M 8.282 7.007 C 8.385 7.007 8.494 7.007 8.595 7.007 C 5.18 10.184 6.481 15.869 10.942 17.24 C 12.275 17.648 13.706 17.589 15 17.066 C 12.851 22.236 5.91 23.143 2.505 18.696 C -0.897 14.249 1.791 7.786 7.342 7.063 C 7.652 7.021 7.965 7 8.282 7 L 8.282 7.007 Z"/>
<line style="opacity: 50%" x1="18" y1="3.705" x2="18" y2="2.5"/>
<line style="opacity: 50%" x1="18" y1="11.295" x2="18" y2="12.5"/>
<line style="opacity: 50%" x1="15.316" y1="4.816" x2="14.464" y2="3.964"/>
<line style="opacity: 50%" x1="20.711" y1="10.212" x2="21.563" y2="11.063"/>
<line style="opacity: 50%" x1="14.205" y1="7.5" x2="13.001" y2="7.5"/>
<line style="opacity: 50%" x1="21.795" y1="7.5" x2="23" y2="7.5"/>
<line style="opacity: 50%" x1="15.316" y1="10.184" x2="14.464" y2="11.036"/>
<line style="opacity: 50%" x1="20.711" y1="4.789" x2="21.563" y2="3.937"/>
<circle style="opacity: 50%" cx="18" cy="7.5" r="2.169"/>
</svg>
</symbol>
<symbol id="svg-pencil" viewBox="0 0 24 24">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-pencil-code">
<path d="M4 20h4l10.5 -10.5a2.828 2.828 0 1 0 -4 -4l-10.5 10.5v4" />
<path d="M13.5 6.5l4 4" />
<path d="M20 21l2 -2l-2 -2" />
<path d="M17 17l-2 2l2 2" />
</svg>
</symbol>
<symbol id="svg-eye" viewBox="0 0 24 24">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-eye-code">
<path stroke="none" d="M0 0h24v24H0z" fill="none" />
<path d="M10 12a2 2 0 1 0 4 0a2 2 0 0 0 -4 0" />
<path
d="M11.11 17.958c-3.209 -.307 -5.91 -2.293 -8.11 -5.958c2.4 -4 5.4 -6 9 -6c3.6 0 6.6 2 9 6c-.21 .352 -.427 .688 -.647 1.008" />
<path d="M20 21l2 -2l-2 -2" />
<path d="M17 17l-2 2l2 2" />
</svg>
</symbol>
</svg>
<input type="checkbox" class="sidebar-toggle" name="__navigation" id="__navigation" aria-label="Toggle site navigation sidebar">
<input type="checkbox" class="sidebar-toggle" name="__toc" id="__toc" aria-label="Toggle table of contents sidebar">
<label class="overlay sidebar-overlay" for="__navigation"></label>
<label class="overlay toc-overlay" for="__toc"></label>
<a class="skip-to-content muted-link" href="#furo-main-content">Skip to content</a>
<div class="page">
<header class="mobile-header">
<div class="header-left">
<label class="nav-overlay-icon" for="__navigation">
<span class="icon"><svg><use href="#svg-menu"></use></svg></span>
</label>
</div>
<div class="header-center">
<a href="../../"><div class="brand">LXD documentation</div></a>
</div>
<div class="header-right">
<div class="theme-toggle-container theme-toggle-header">
<button class="theme-toggle" aria-label="Toggle Light / Dark / Auto color theme">
<svg class="theme-icon-when-auto-light"><use href="#svg-sun-with-moon"></use></svg>
<svg class="theme-icon-when-auto-dark"><use href="#svg-moon-with-sun"></use></svg>
<svg class="theme-icon-when-dark"><use href="#svg-moon"></use></svg>
<svg class="theme-icon-when-light"><use href="#svg-sun"></use></svg>
</button>
</div>
<label class="toc-overlay-icon toc-header-icon" for="__toc">
<span class="icon"><svg><use href="#svg-toc"></use></svg></span>
</label>
</div>
</header>
<aside class="sidebar-drawer">
<div class="sidebar-container">
<div class="sidebar-sticky"><a class="sidebar-brand" href="../../">
<span class="sidebar-brand-text">LXD documentation</span>
</a><form class="sidebar-search-container" method="get" action="../../search/" role="search">
<input class="sidebar-search" placeholder="Search" name="q" aria-label="Search">
<input type="submit" value="Go">
<input type="hidden" name="check_keywords" value="yes">
<input type="hidden" name="area" value="default">
</form>
<div id="searchbox"></div><div class="sidebar-scroll"><div class="sidebar-tree">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../">LXD</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../tutorial/first_steps/">Tutorial</a></li>
<li class="toctree-l1 current has-children"><a class="reference internal" href="../">How-to guides</a><input aria-label="Toggle navigation of How-to guides" checked="" class="toctree-checkbox" id="toctree-checkbox-1" name="toctree-checkbox-1" role="switch" type="checkbox"/><label for="toctree-checkbox-1"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul class="current">
<li class="toctree-l2 has-children"><a class="reference internal" href="../../getting_started/">Getting started</a><input aria-label="Toggle navigation of Getting started" class="toctree-checkbox" id="toctree-checkbox-2" name="toctree-checkbox-2" role="switch" type="checkbox"/><label for="toctree-checkbox-2"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../installing/">Install LXD</a></li>
<li class="toctree-l3"><a class="reference internal" href="../initialize/">Initialize LXD</a></li>
<li class="toctree-l3"><a class="reference internal" href="../access_ui/">Access the UI</a></li>
<li class="toctree-l3"><a class="reference internal" href="../access_documentation/">Access documentation locally</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../operation/">LXD server and client</a><input aria-label="Toggle navigation of LXD server and client" class="toctree-checkbox" id="toctree-checkbox-3" name="toctree-checkbox-3" role="switch" type="checkbox"/><label for="toctree-checkbox-3"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../server_expose/">Expose LXD to the network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../server_configure/">Configure the LXD server</a></li>
<li class="toctree-l3 has-children"><a class="reference internal" href="../oidc/">Configure single sign-on with OIDC</a><input aria-label="Toggle navigation of Configure single sign-on with OIDC" class="toctree-checkbox" id="toctree-checkbox-4" name="toctree-checkbox-4" role="switch" type="checkbox"/><label for="toctree-checkbox-4"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l4"><a class="reference internal" href="../oidc_auth0/">How to configure Auth0</a></li>
<li class="toctree-l4"><a class="reference internal" href="../oidc_ory/">How to configure Ory Hydra</a></li>
<li class="toctree-l4"><a class="reference internal" href="../oidc_keycloak/">How to configure Keycloak</a></li>
<li class="toctree-l4"><a class="reference internal" href="../oidc_entra_id/">How to configure Entra ID</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../../remotes/">Add remote servers</a></li>
<li class="toctree-l3"><a class="reference internal" href="../lxc_alias/">Add command aliases</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../instances/">Instances</a><input aria-label="Toggle navigation of Instances" class="toctree-checkbox" id="toctree-checkbox-5" name="toctree-checkbox-5" role="switch" type="checkbox"/><label for="toctree-checkbox-5"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../instances_create/">Create instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../instances_configure/">Configure instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../instances_manage/">Manage instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../profiles/">Use profiles</a></li>
<li class="toctree-l3"><a class="reference internal" href="../instances_troubleshoot/">Troubleshoot errors</a></li>
<li class="toctree-l3"><a class="reference internal" href="../instances_ubuntu_pro_attach/">Auto attach Ubuntu Pro</a></li>
<li class="toctree-l3"><a class="reference internal" href="../instances_access_files/">Access files</a></li>
<li class="toctree-l3"><a class="reference internal" href="../instances_console/">Access the console</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../instance-exec/">Run commands</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../cloud-init/">Use cloud-init</a></li>
<li class="toctree-l3"><a class="reference internal" href="../instances_routed_nic_vm/">Add a routed NIC to a VM</a></li>
<li class="toctree-l3"><a class="reference internal" href="../instances_backup/">Back up instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../instances_migrate/">Migrate instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../import_machines_to_instances/">Import existing machines</a></li>
<li class="toctree-l3"><a class="reference internal" href="../container_gpu_passthrough_with_docker/">Pass NVIDIA GPUs</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../images/">Images</a><input aria-label="Toggle navigation of Images" class="toctree-checkbox" id="toctree-checkbox-6" name="toctree-checkbox-6" role="switch" type="checkbox"/><label for="toctree-checkbox-6"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../images_remote/">Use remote images</a></li>
<li class="toctree-l3"><a class="reference internal" href="../images_manage/">Manage images</a></li>
<li class="toctree-l3"><a class="reference internal" href="../images_profiles/">Associate profiles</a></li>
<li class="toctree-l3"><a class="reference internal" href="../images_copy/">Copy and import images</a></li>
<li class="toctree-l3"><a class="reference internal" href="../images_create/">Create images</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../projects/">Projects</a><input aria-label="Toggle navigation of Projects" class="toctree-checkbox" id="toctree-checkbox-7" name="toctree-checkbox-7" role="switch" type="checkbox"/><label for="toctree-checkbox-7"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../projects_create/">Create and configure</a></li>
<li class="toctree-l3"><a class="reference internal" href="../projects_work/">Work with projects</a></li>
<li class="toctree-l3"><a class="reference internal" href="../projects_confine/">Confine users to projects</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../storage/">Storage</a><input aria-label="Toggle navigation of Storage" class="toctree-checkbox" id="toctree-checkbox-8" name="toctree-checkbox-8" role="switch" type="checkbox"/><label for="toctree-checkbox-8"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../storage_pools/">Manage pools</a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_volumes/">Manage volumes</a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_buckets/">Manage buckets</a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_create_instance/">Create an instance in a pool</a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_backup_volume/">Back up a volume</a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_move_volume/">Move or copy a volume</a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_csi/">Use the LXD CSI driver with Kubernetes</a></li>
</ul>
</li>
<li class="toctree-l2 current has-children"><a class="reference internal" href="../../networks/">Networking</a><input aria-label="Toggle navigation of Networking" checked="" class="toctree-checkbox" id="toctree-checkbox-9" name="toctree-checkbox-9" role="switch" type="checkbox"/><label for="toctree-checkbox-9"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="../network_create/">Create a network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../network_configure/">Configure a network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../network_bgp/">Configure as BGP server</a></li>
<li class="toctree-l3"><a class="reference internal" href="../network_acls/">Configure network ACLs</a></li>
<li class="toctree-l3"><a class="reference internal" href="../network_forwards/">Configure forwards</a></li>
<li class="toctree-l3 current current-page"><a class="current reference internal" href="#">Configure network zones</a></li>
<li class="toctree-l3"><a class="reference internal" href="../network_bridge_firewalld/">Configure your firewall</a></li>
<li class="toctree-l3"><a class="reference internal" href="../network_bridge_resolved/">Integrate with resolved</a></li>
<li class="toctree-l3"><a class="reference internal" href="../network_ovn_setup/">Set up OVN</a></li>
<li class="toctree-l3"><a class="reference internal" href="../network_load_balancers/">Configure load balancers</a></li>
<li class="toctree-l3"><a class="reference internal" href="../network_ovn_peers/">Configure peer routing</a></li>
<li class="toctree-l3"><a class="reference internal" href="../network_ipam/">Display IPAM information</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../clustering/">Clustering</a><input aria-label="Toggle navigation of Clustering" class="toctree-checkbox" id="toctree-checkbox-10" name="toctree-checkbox-10" role="switch" type="checkbox"/><label for="toctree-checkbox-10"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../cluster_form/">Form a cluster</a></li>
<li class="toctree-l3"><a class="reference internal" href="../cluster_manage/">Manage a cluster</a></li>
<li class="toctree-l3"><a class="reference internal" href="../cluster_config_networks/">Configure networks</a></li>
<li class="toctree-l3"><a class="reference internal" href="../cluster_config_storage/">Configure storage</a></li>
<li class="toctree-l3"><a class="reference internal" href="../cluster_manage_instance/">Manage instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../cluster_groups/">Set up cluster groups</a></li>
<li class="toctree-l3"><a class="reference internal" href="../cluster_placement_groups/">Use placement groups</a></li>
<li class="toctree-l3"><a class="reference internal" href="../cluster_recover/">Recover a cluster</a></li>
<li class="toctree-l3"><a class="reference internal" href="../cluster_vip/">Set up a highly available virtual IP</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../production-setup/">Production setup</a><input aria-label="Toggle navigation of Production setup" class="toctree-checkbox" id="toctree-checkbox-11" name="toctree-checkbox-11" role="switch" type="checkbox"/><label for="toctree-checkbox-11"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../benchmark_performance/">Benchmark performance</a></li>
<li class="toctree-l3"><a class="reference internal" href="../network_increase_bandwidth/">Increase bandwidth</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../metrics/">Monitor metrics</a></li>
<li class="toctree-l3"><a class="reference internal" href="../logs_loki/">Send logs to Loki</a></li>
<li class="toctree-l3"><a class="reference internal" href="../grafana/">Set up Grafana</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../backup/">Back up a server</a></li>
<li class="toctree-l3"><a class="reference internal" href="../disaster_recovery/">Recover instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../disaster_recovery_replication/">Disaster recovery with storage replication</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../snap/">Manage the snap</a></li>
<li class="toctree-l2"><a class="reference internal" href="../security_harden/">Harden security</a></li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../troubleshoot/">Troubleshooting</a><input aria-label="Toggle navigation of Troubleshooting" class="toctree-checkbox" id="toctree-checkbox-12" name="toctree-checkbox-12" role="switch" type="checkbox"/><label for="toctree-checkbox-12"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../network_bridge_firewalld/">Configure your firewall</a></li>
<li class="toctree-l3"><a class="reference internal" href="../instances_troubleshoot/">Troubleshoot instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../dqlite_troubleshoot/">Troubleshoot Dqlite</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../debugging/">Debug LXD</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../faq/">Frequently asked</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../support/">Get support</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../contributing/">Contribute to LXD</a></li>
<li class="toctree-l2"><a class="reference internal" href="../auth_bearer/">How to authenticate to the LXD API using bearer tokens</a></li>
<li class="toctree-l2"><a class="reference internal" href="../devlxd_authenticate/">How to authenticate to the DevLXD API</a></li>
</ul>
</li>
<li class="toctree-l1 has-children"><a class="reference internal" href="../../explanation/">Explanation</a><input aria-label="Toggle navigation of Explanation" class="toctree-checkbox" id="toctree-checkbox-13" name="toctree-checkbox-13" role="switch" type="checkbox"/><label for="toctree-checkbox-13"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/lxd_lxc/"><code class="docutils literal notranslate"><span class="pre">lxd</span></code> and <code class="docutils literal notranslate"><span class="pre">lxc</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/instances/">Containers and VMs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../image-handling/">Local and remote images</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/storage/">Storage pools, volumes, and buckets</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/networks/">Networking setups</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../database/">The LXD Dqlite database</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/lxc_show_info/"><code class="docutils literal notranslate"><span class="pre">lxc</span></code> <code class="docutils literal notranslate"><span class="pre">show</span></code> and <code class="docutils literal notranslate"><span class="pre">info</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../authentication/">Remote API authentication</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/authorization/">Remote API authorization</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/projects/">Instances grouping with projects</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/clusters/">Clusters</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/performance_tuning/">Performance tuning</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/security/">Security</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/bpf/">Privilege delegation using BPF Token</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/csi/">The LXD CSI driver</a></li>
</ul>
</li>
<li class="toctree-l1 has-children"><a class="reference internal" href="../../reference/">Reference</a><input aria-label="Toggle navigation of Reference" class="toctree-checkbox" id="toctree-checkbox-14" name="toctree-checkbox-14" role="switch" type="checkbox"/><label for="toctree-checkbox-14"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l2"><a class="reference internal" href="../../requirements/">Requirements</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../architectures/">Architectures</a></li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../reference/release-notes/">Release notes</a><input aria-label="Toggle navigation of Release notes" class="toctree-checkbox" id="toctree-checkbox-15" name="toctree-checkbox-15" role="switch" type="checkbox"/><label for="toctree-checkbox-15"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../reference/release-notes/release-notes-6.7/">LXD 6.7</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/release-notes/release-notes-6.6/">LXD 6.6</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../reference/releases-snap/">Releases and snap</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../reference/remote_image_servers/">Remote image servers</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../reference/image_format/">Image format</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../guest-os-compatibility/">Guest OS compatibility</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../container-environment/">Container environment</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../config-options/">Configuration option index</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../server/">Server configuration</a></li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../explanation/instance_config/">Instance configuration</a><input aria-label="Toggle navigation of Instance configuration" class="toctree-checkbox" id="toctree-checkbox-16" name="toctree-checkbox-16" role="switch" type="checkbox"/><label for="toctree-checkbox-16"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../reference/instance_properties/">Instance properties</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/instance_options/">Instance options</a></li>
<li class="toctree-l3 has-children"><a class="reference internal" href="../../reference/devices/">Devices</a><input aria-label="Toggle navigation of Devices" class="toctree-checkbox" id="toctree-checkbox-17" name="toctree-checkbox-17" role="switch" type="checkbox"/><label for="toctree-checkbox-17"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l4"><a class="reference internal" href="../../reference/standard_devices/">Standard devices</a></li>
<li class="toctree-l4"><a class="reference internal" href="../../reference/devices_none/">Type: <code class="docutils literal notranslate"><span class="pre">none</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../../reference/devices_nic/">Type: <code class="docutils literal notranslate"><span class="pre">nic</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../../reference/devices_disk/">Type: <code class="docutils literal notranslate"><span class="pre">disk</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../../reference/devices_unix_char/">Type: <code class="docutils literal notranslate"><span class="pre">unix-char</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../../reference/devices_unix_block/">Type: <code class="docutils literal notranslate"><span class="pre">unix-block</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../../reference/devices_usb/">Type: <code class="docutils literal notranslate"><span class="pre">usb</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../../reference/devices_gpu/">Type: <code class="docutils literal notranslate"><span class="pre">gpu</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../../reference/devices_infiniband/">Type: <code class="docutils literal notranslate"><span class="pre">infiniband</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../../reference/devices_proxy/">Type: <code class="docutils literal notranslate"><span class="pre">proxy</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../../reference/devices_unix_hotplug/">Type: <code class="docutils literal notranslate"><span class="pre">unix-hotplug</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../../reference/devices_tpm/">Type: <code class="docutils literal notranslate"><span class="pre">tpm</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../../reference/devices_pci/">Type: <code class="docutils literal notranslate"><span class="pre">pci</span></code></a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/instance_units/">Units for storage and network limits</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../reference/preseed_yaml_fields/">Preseed YAML file fields</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../reference/projects/">Project configuration</a></li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../reference/storage_drivers/">Storage drivers</a><input aria-label="Toggle navigation of Storage drivers" class="toctree-checkbox" id="toctree-checkbox-18" name="toctree-checkbox-18" role="switch" type="checkbox"/><label for="toctree-checkbox-18"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../reference/storage_dir/">Directory - <code class="docutils literal notranslate"><span class="pre">dir</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/storage_btrfs/">Btrfs - <code class="docutils literal notranslate"><span class="pre">btrfs</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/storage_lvm/">LVM - <code class="docutils literal notranslate"><span class="pre">lvm</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/storage_zfs/">ZFS - <code class="docutils literal notranslate"><span class="pre">zfs</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/storage_ceph/">Ceph RBD - <code class="docutils literal notranslate"><span class="pre">ceph</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/storage_powerflex/">Dell PowerFlex - <code class="docutils literal notranslate"><span class="pre">powerflex</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/storage_pure/">Pure Storage - <code class="docutils literal notranslate"><span class="pre">pure</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/storage_alletra/">HPE Alletra - <code class="docutils literal notranslate"><span class="pre">alletra</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/storage_cephfs/">CephFS - <code class="docutils literal notranslate"><span class="pre">cephfs</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/storage_cephobject/">Ceph Object - <code class="docutils literal notranslate"><span class="pre">cephobject</span></code></a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../reference/networks/">Networks</a><input aria-label="Toggle navigation of Networks" class="toctree-checkbox" id="toctree-checkbox-19" name="toctree-checkbox-19" role="switch" type="checkbox"/><label for="toctree-checkbox-19"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../reference/network_bridge/">Bridge network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/network_ovn/">OVN network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/network_macvlan/">Macvlan network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/network_physical/">Physical network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/network_sriov/">SR-IOV network</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../reference/cluster_member_config/">Cluster configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../reference/placement_groups/">Placement group configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../reference/server_settings/">Production server settings</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../reference/provided_metrics/">Provided metrics</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../reference/permissions/">Permissions</a></li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../restapi_landing/">REST API</a><input aria-label="Toggle navigation of REST API" class="toctree-checkbox" id="toctree-checkbox-20" name="toctree-checkbox-20" role="switch" type="checkbox"/><label for="toctree-checkbox-20"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../rest-api/">Main API documentation</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../api/">Main API specification</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../api-extensions/">Main API extensions</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../events/">Events API documentation</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../dev-lxd/">Instance API</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../reference/driver_csi/">LXD CSI driver reference</a></li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../reference/manpages/">Man pages</a><input aria-label="Toggle navigation of Man pages" class="toctree-checkbox" id="toctree-checkbox-21" name="toctree-checkbox-21" role="switch" type="checkbox"/><label for="toctree-checkbox-21"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../reference/manpages/lxc/"><code class="docutils literal notranslate"><span class="pre">lxc</span></code></a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../internals/">Internals</a><input aria-label="Toggle navigation of Internals" class="toctree-checkbox" id="toctree-checkbox-22" name="toctree-checkbox-22" role="switch" type="checkbox"/><label for="toctree-checkbox-22"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../environment/">Environment variables</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/uefi_variables/">UEFI variables for VMs</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../daemon-behavior/">Daemon behavior</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../syscall-interception/">System call interception</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../userns-idmap/">User namespace setup</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/ovn-internals/">OVN implementation</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/vm_live_migration_internals/">VM live migration implementation</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../reference/dqlite-internals/">Dqlite</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference external" href="https://github.com/canonical/lxd">Project repository</a></li>
<li class="toctree-l2"><a class="reference external" href="https://images.lxd.canonical.com">Image server</a></li>
</ul>
</li>
</ul>
</div>
</div>
</div>
</div>
</aside>
<div class="main">
<div class="content">
<div class="article-container">
<a href="#" class="back-to-top muted-link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
<path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12z"></path>
</svg>
<span>Back to top</span>
</a>
<div class="content-icon-container">
<div class="edit-this-page">
<a class="muted-link" href="https://github.com/canonical/lxd/edit/main/doc/howto/network_zones.md" title="Contribute to this page">
<svg><use href="#svg-pencil"></use></svg>
<span class="visually-hidden">Contribute to this page</span>
</a>
</div><div class="theme-toggle-container theme-toggle-content">
<button class="theme-toggle" aria-label="Toggle Light / Dark / Auto color theme">
<svg class="theme-icon-when-auto-light"><use href="#svg-sun-with-moon"></use></svg>
<svg class="theme-icon-when-auto-dark"><use href="#svg-moon-with-sun"></use></svg>
<svg class="theme-icon-when-dark"><use href="#svg-moon"></use></svg>
<svg class="theme-icon-when-light"><use href="#svg-sun"></use></svg>
</button>
</div>
<label class="toc-overlay-icon toc-content-icon" for="__toc">
<span class="icon"><svg><use href="#svg-toc"></use></svg></span>
</label>
</div>
<article role="main" id="furo-main-content">
<section id="how-to-configure-network-zones">
<span id="network-zones"></span><h1>How to configure network zones<a class="headerlink" href="#how-to-configure-network-zones" title="Link to this heading">¶</a></h1>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Network zones are available for the <a class="reference internal" href="../../reference/network_ovn/#network-ovn"><span class="std std-ref">OVN network</span></a> and the <a class="reference internal" href="../../reference/network_bridge/#network-bridge"><span class="std std-ref">Bridge network</span></a>.</p>
</div>
<p class="youtube_link">
<a href="https://www.youtube.com/watch?v=2MqpJOogNVQ" target="_blank">
<span title="LXD network zones" class="play_icon">▶</span>
<span title="LXD network zones">Watch on YouTube</span>
</a>
</p>
<p>Network zones can be used to serve DNS records for LXD networks.</p>
<p>You can use network zones to automatically maintain valid forward and reverse records for all your instances.
This can be useful if you are operating a LXD cluster with multiple instances across many networks.</p>
<p>Having DNS records for each instance makes it easier to access network services running on an instance.
It is also important when hosting, for example, an outbound SMTP service.
Without correct forward and reverse DNS entries for the instance, sent mail might be flagged as potential spam.</p>
<p>Each network can be associated to different zones:</p>
<ul class="simple">
<li><p>Forward DNS records - multiple comma-separated zones (no more than one per project)</p></li>
<li><p>IPv4 reverse DNS records - single zone</p></li>
<li><p>IPv6 reverse DNS records - single zone</p></li>
</ul>
<p>LXD will then automatically manage forward and reverse records for all instances, network gateways and downstream network ports and serve those zones for zone transfer to the operator’s production DNS servers.</p>
<section id="project-views">
<h2>Project views<a class="headerlink" href="#project-views" title="Link to this heading">¶</a></h2>
<p>Projects have a <a class="configref reference internal" href="../../reference/projects/#project-features:features.networks.zones"><code class="docutils literal notranslate"><span class="pre">features.networks.zones</span></code></a> feature, which is disabled by default.
This controls which project new networks zones are created in.
When this feature is enabled new zones are created in the project, otherwise they are created in the default project.</p>
<p>This allows projects that share a network in the default project (i.e those with <code class="docutils literal notranslate"><span class="pre">features.networks=false</span></code>) to have their own project level DNS zones that give a project oriented
“view” of the addresses on that shared network (which only includes addresses from instances in their project).</p>
</section>
<section id="generated-records">
<h2>Generated records<a class="headerlink" href="#generated-records" title="Link to this heading">¶</a></h2>
<section id="forward-records">
<h3>Forward records<a class="headerlink" href="#forward-records" title="Link to this heading">¶</a></h3>
<p>If you configure a zone with forward DNS records for <code class="docutils literal notranslate"><span class="pre">lxd.example.net</span></code> for your network, it generates records that resolve the following DNS names:</p>
<ul class="simple">
<li><p>For all instances in the network: <code class="docutils literal notranslate"><span class="pre"><instance_name>.lxd.example.net</span></code></p></li>
<li><p>For the network gateway: <code class="docutils literal notranslate"><span class="pre"><network_name>.gw.lxd.example.net</span></code></p></li>
<li><p>For downstream network ports (for network zones set on an uplink network with a downstream OVN network): <code class="docutils literal notranslate"><span class="pre"><project_name>-<downstream_network_name>.uplink.lxd.example.net</span></code></p></li>
<li><p>Manual records added to the zone.</p></li>
</ul>
<p>You can check the records that are generated with your zone setup with the <code class="docutils literal notranslate"><span class="pre">dig</span></code> command.</p>
<p>This assumes that <a class="configref reference internal" href="../../server/#server-core:core.dns_address"><code class="docutils literal notranslate"><span class="pre">core.dns_address</span></code></a> was set to <code class="docutils literal notranslate"><span class="pre"><DNS_server_IP>:<DNS_server_PORT></span></code>. (Setting that configuration
option causes the backend to immediately start serving on that address.)</p>
<p>In order for the <code class="docutils literal notranslate"><span class="pre">dig</span></code> request to be allowed for a given zone, you must set the
<code class="docutils literal notranslate"><span class="pre">peers.NAME.address</span></code> configuration option for that zone. <code class="docutils literal notranslate"><span class="pre">NAME</span></code> can be anything random. The value must match the
IP address where your <code class="docutils literal notranslate"><span class="pre">dig</span></code> is calling from. You must leave <code class="docutils literal notranslate"><span class="pre">peers.NAME.key</span></code> for that same random <code class="docutils literal notranslate"><span class="pre">NAME</span></code> unset.</p>
<p>For example: <code class="docutils literal notranslate"><span class="pre">lxc</span> <span class="pre">network</span> <span class="pre">zone</span> <span class="pre">set</span> <span class="pre">lxd.example.net</span> <span class="pre">peers.whatever.address=192.0.2.1</span></code>.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>It is not enough for the address to be of the same machine that <code class="docutils literal notranslate"><span class="pre">dig</span></code> is calling from; it needs to
match as a string with what the DNS server in <code class="docutils literal notranslate"><span class="pre">lxd</span></code> thinks is the exact remote address. <code class="docutils literal notranslate"><span class="pre">dig</span></code> binds to
<code class="docutils literal notranslate"><span class="pre">0.0.0.0</span></code>, therefore the address you need is most likely the same that you provided to <a class="configref reference internal" href="../../server/#server-core:core.dns_address"><code class="docutils literal notranslate"><span class="pre">core.dns_address</span></code></a>.</p>
</div>
<p>For example, running <code class="docutils literal notranslate"><span class="pre">dig</span> <span class="pre">@<DNS_server_IP></span> <span class="pre">-p</span> <span class="pre"><DNS_server_PORT></span> <span class="pre">axfr</span> <span class="pre">lxd.example.net</span></code> might give the following output:</p>
<div class="terminal docutils container">
<div class="input docutils container">
<div class="prompt docutils container">
<code class="docutils literal notranslate"><span class="pre">user@host:~$</span> </code></div>
<span class="command"><code class="docutils literal notranslate"><span class="pre">dig</span> <span class="pre">@192.0.2.200</span> <span class="pre">-p</span> <span class="pre">1053</span> <span class="pre">axfr</span> <span class="pre">lxd.example.net</span>
</code></span></div>
<div class="terminal-code highlight-text notranslate"><div class="highlight"><pre><span></span>lxd.example.net. 3600 IN SOA lxd.example.net. ns1.lxd.example.net. 1669736788 120 60 86400 30
lxd.example.net. 300 IN NS ns1.lxd.example.net.
lxdtest.gw.lxd.example.net. 300 IN A 192.0.2.1
lxdtest.gw.lxd.example.net. 300 IN AAAA fd42:4131:a53c:7211::1
default-ovntest.uplink.lxd.example.net. 300 IN A 192.0.2.20
default-ovntest.uplink.lxd.example.net. 300 IN AAAA fd42:4131:a53c:7211:216:3eff:fe4e:b794
c1.lxd.example.net. 300 IN AAAA fd42:4131:a53c:7211:216:3eff:fe19:6ede
c1.lxd.example.net. 300 IN A 192.0.2.125
manualtest.lxd.example.net. 300 IN A 8.8.8.8
lxd.example.net. 3600 IN SOA lxd.example.net. ns1.lxd.example.net. 1669736788 120 60 86400 30
</pre></div>
</div>
</div>
</section>
<section id="reverse-records">
<h3>Reverse records<a class="headerlink" href="#reverse-records" title="Link to this heading">¶</a></h3>
<p>If you configure a zone for IPv4 reverse DNS records for <code class="docutils literal notranslate"><span class="pre">2.0.192.in-addr.arpa</span></code> for a network using <code class="docutils literal notranslate"><span class="pre">192.0.2.0/24</span></code>, it generates reverse <code class="docutils literal notranslate"><span class="pre">PTR</span></code> DNS records for addresses from all projects that are referencing that network via one of their forward zones.</p>
<p>For example, running <code class="docutils literal notranslate"><span class="pre">dig</span> <span class="pre">@<DNS_server_IP></span> <span class="pre">-p</span> <span class="pre"><DNS_server_PORT></span> <span class="pre">axfr</span> <span class="pre">2.0.192.in-addr.arpa</span></code> might give the following output:</p>
<div class="terminal docutils container">
<div class="input docutils container">
<div class="prompt docutils container">
<code class="docutils literal notranslate"><span class="pre">user@host:~$</span> </code></div>
<span class="command"><code class="docutils literal notranslate"><span class="pre">dig</span> <span class="pre">@192.0.2.200</span> <span class="pre">-p</span> <span class="pre">1053</span> <span class="pre">axfr</span> <span class="pre">2.0.192.in-addr.arpa</span>
</code></span></div>
<div class="terminal-code highlight-text notranslate"><div class="highlight"><pre><span></span>2.0.192.in-addr.arpa. 3600 IN SOA 2.0.192.in-addr.arpa. ns1.2.0.192.in-addr.arpa. 1669736828 120 60 86400 30
2.0.192.in-addr.arpa. 300 IN NS ns1.2.0.192.in-addr.arpa.
1.2.0.192.in-addr.arpa. 300 IN PTR lxdtest.gw.lxd.example.net.
20.2.0.192.in-addr.arpa. 300 IN PTR default-ovntest.uplink.lxd.example.net.
125.2.0.192.in-addr.arpa. 300 IN PTR c1.lxd.example.net.
2.0.192.in-addr.arpa. 3600 IN SOA 2.0.192.in-addr.arpa. ns1.2.0.192.in-addr.arpa. 1669736828 120 60 86400 30
</pre></div>
</div>
</div>
</section>
</section>
<section id="enable-the-built-in-dns-server">
<span id="network-dns-server"></span><h2>Enable the built-in DNS server<a class="headerlink" href="#enable-the-built-in-dns-server" title="Link to this heading">¶</a></h2>
<p>To make use of network zones, you must enable the built-in DNS server.</p>
<p>To do so, set the <a class="configref reference internal" href="../../server/#server-core:core.dns_address"><code class="docutils literal notranslate"><span class="pre">core.dns_address</span></code></a> configuration option to a local address on the LXD server.
To avoid conflicts with an existing DNS we suggest not using the port 53.
This is the address on which the DNS server will listen.
Note that in a LXD cluster, the address may be different on each cluster member.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>The built-in DNS server supports only zone transfers through AXFR.
It cannot be directly queried for DNS records.
Therefore, the built-in DNS server must be used in combination with an external DNS server (<code class="docutils literal notranslate"><span class="pre">bind9</span></code>, <code class="docutils literal notranslate"><span class="pre">nsd</span></code>, …), which will transfer the entire zone from LXD, refresh it upon expiry and provide authoritative answers to DNS requests.</p>
<p>Authentication for zone transfers is configured on a per-zone basis, with peers defined in the zone configuration and a combination of IP address matching and TSIG-key based authentication.</p>
</div>
</section>
<section id="create-and-configure-a-network-zone">
<h2>Create and configure a network zone<a class="headerlink" href="#create-and-configure-a-network-zone" title="Link to this heading">¶</a></h2>
<p>Use the following command to create a network zone:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>lxc<span class="w"> </span>network<span class="w"> </span>zone<span class="w"> </span>create<span class="w"> </span><network_zone><span class="w"> </span><span class="o">[</span>configuration_options...<span class="o">]</span>
</pre></div>
</div>
<p>The following examples show how to configure a zone for forward DNS records, one for IPv4 reverse DNS records and one for IPv6 reverse DNS records, respectively:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>lxc<span class="w"> </span>network<span class="w"> </span>zone<span class="w"> </span>create<span class="w"> </span>lxd.example.net
lxc<span class="w"> </span>network<span class="w"> </span>zone<span class="w"> </span>create<span class="w"> </span><span class="m">2</span>.0.192.in-addr.arpa
lxc<span class="w"> </span>network<span class="w"> </span>zone<span class="w"> </span>create<span class="w"> </span><span class="m">1</span>.0.0.0.1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa
</pre></div>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Zones must be globally unique, even across projects.
If you get a creation error, it might be due to the zone already existing in another project.</p>
</div>
<p>You can either specify the configuration options when you create the network or configure them afterwards with the following command:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>lxc<span class="w"> </span>network<span class="w"> </span>zone<span class="w"> </span><span class="nb">set</span><span class="w"> </span><network_zone><span class="w"> </span><key><span class="o">=</span><value>
</pre></div>
</div>
<p>Use the following command to edit a network zone in YAML format:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>lxc<span class="w"> </span>network<span class="w"> </span>zone<span class="w"> </span>edit<span class="w"> </span><network_zone>
</pre></div>
</div>
<section id="configuration-options">
<h3>Configuration options<a class="headerlink" href="#configuration-options" title="Link to this heading">¶</a></h3>
<p>The following configuration options are available for network zones:</p>
<div class="configoption docutils container" id="network-zone-config-options:dns.nameservers">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">dns.nameservers</span></code></span><span class="shortdesc"><p>Comma-separated list of DNS server FQDNs (for NS records)</p>
</span><span class="anchor"><a class="reference external" href="#network-zone-config-options:dns.nameservers"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">dns.nameservers</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string set</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Required: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="network-zone-config-options:network.nat">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">network.nat</span></code></span><span class="shortdesc"><p>Whether to generate records for NAT-ed subnets</p>
</span><span class="anchor"><a class="reference external" href="#network-zone-config-options:network.nat"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">network.nat</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>bool</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Default: </strong></td>
<td><span class="ignoreP"><p>true</p>
</span></td>
</tr>
<tr class="row-even"><td><strong>Required: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="network-zone-config-options:peers.NAME.address">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">peers.NAME.address</span></code></span><span class="shortdesc"><p>IP address of a DNS server</p>
</span><span class="anchor"><a class="reference external" href="#network-zone-config-options:peers.NAME.address"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">peers.NAME.address</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Required: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="network-zone-config-options:peers.NAME.key">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">peers.NAME.key</span></code></span><span class="shortdesc"><p>TSIG key for the server</p>
</span><span class="anchor"><a class="reference external" href="#network-zone-config-options:peers.NAME.key"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">peers.NAME.key</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Required: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="network-zone-config-options:user.*">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">user.*</span></code></span><span class="shortdesc"><p>User-provided free-form key/value pairs</p>
</span><span class="anchor"><a class="reference external" href="#network-zone-config-options:user.*"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">user.*</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Required: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>When generating the TSIG key using <code class="docutils literal notranslate"><span class="pre">tsig-keygen</span></code>, the key name must follow the format <code class="docutils literal notranslate"><span class="pre"><zone_name>_<peer_name>.</span></code>.
For example, if your zone name is <code class="docutils literal notranslate"><span class="pre">lxd.example.net</span></code> and the peer name is <code class="docutils literal notranslate"><span class="pre">bind9</span></code>, then the key name must be <code class="docutils literal notranslate"><span class="pre">lxd.example.net_bind9.</span></code>.
If this format is not followed, zone transfer might fail.</p>
</div>
</section>
</section>
<section id="add-a-network-zone-to-a-network">
<h2>Add a network zone to a network<a class="headerlink" href="#add-a-network-zone-to-a-network" title="Link to this heading">¶</a></h2>
<p>To add a zone to a network, set the corresponding configuration option in the network configuration:</p>
<ul class="simple">
<li><p>For forward DNS records: <code class="docutils literal notranslate"><span class="pre">dns.zone.forward</span></code></p></li>
<li><p>For IPv4 reverse DNS records: <code class="docutils literal notranslate"><span class="pre">dns.zone.reverse.ipv4</span></code></p></li>
<li><p>For IPv6 reverse DNS records: <code class="docutils literal notranslate"><span class="pre">dns.zone.reverse.ipv6</span></code></p></li>
</ul>
<p>For example:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>lxc<span class="w"> </span>network<span class="w"> </span><span class="nb">set</span><span class="w"> </span><network_name><span class="w"> </span>dns.zone.forward<span class="o">=</span><span class="s2">"lxd.example.net"</span>
</pre></div>
</div>
<p>Zones belong to projects and are tied to the <code class="docutils literal notranslate"><span class="pre">networks</span></code> features of projects.
You can restrict projects to specific domains and sub-domains through the <a class="configref reference internal" href="../../reference/projects/#project-restricted:restricted.networks.zones"><code class="docutils literal notranslate"><span class="pre">restricted.networks.zones</span></code></a> project configuration key.</p>
</section>
<section id="add-custom-records">
<h2>Add custom records<a class="headerlink" href="#add-custom-records" title="Link to this heading">¶</a></h2>
<p>A network zone automatically generates forward and reverse records for all instances, network gateways and downstream network ports.
If required, you can manually add custom records to a zone.</p>
<p>To do so, use the <a class="reference internal" href="../../reference/manpages/lxc/network/zone/record/#lxc-network-zone-record-md"><span class="std std-ref"><code class="docutils literal notranslate"><span class="pre">lxc</span> <span class="pre">network</span> <span class="pre">zone</span> <span class="pre">record</span></code></span></a> command.</p>
<section id="create-a-record">
<h3>Create a record<a class="headerlink" href="#create-a-record" title="Link to this heading">¶</a></h3>
<p>Use the following command to create a record:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>lxc<span class="w"> </span>network<span class="w"> </span>zone<span class="w"> </span>record<span class="w"> </span>create<span class="w"> </span><network_zone><span class="w"> </span><record_name>
</pre></div>
</div>
<p>This command creates an empty record without entries and adds it to a network zone.</p>
<section id="record-properties">
<h4>Record properties<a class="headerlink" href="#record-properties" title="Link to this heading">¶</a></h4>
<p>Records have the following properties:</p>
<div class="configoption docutils container" id="network-zone-record-properties:config">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">config</span></code></span><span class="shortdesc"><p>User-provided free-form key/value pairs</p>
</span><span class="anchor"><a class="reference external" href="#network-zone-record-properties:config"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">config</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string set</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Required: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
<p>The only supported keys are <code class="docutils literal notranslate"><span class="pre">user.*</span></code> custom keys.</p>
</div>
</div>
<div class="configoption docutils container" id="network-zone-record-properties:description">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">description</span></code></span><span class="shortdesc"><p>Description of the record</p>
</span><span class="anchor"><a class="reference external" href="#network-zone-record-properties:description"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">description</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Required: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="network-zone-record-properties:entries">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">entries</span></code></span><span class="shortdesc"><p>List of DNS entries</p>
</span><span class="anchor"><a class="reference external" href="#network-zone-record-properties:entries"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">entries</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>entry list</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Required: </strong></td>
<td><span class="ignoreP"><p>no</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="configoption docutils container" id="network-zone-record-properties:name">
<div class="basicinfo docutils container">
<span class="key"><code class="docutils literal notranslate"><span class="pre">name</span></code></span><span class="shortdesc"><p>Unique name of the record</p>
</span><span class="anchor"><a class="reference external" href="#network-zone-record-properties:name"><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></a></span></div>
<div class="details docutils container">
<div class="table-wrapper fields docutils container">
<table class="fields docutils align-default">
<tbody>
<tr class="row-odd"><td><strong>Key: </strong></td>
<td><code class="docutils literal notranslate"><span class="pre">name</span></code></td>
</tr>
<tr class="row-even"><td><strong>Type: </strong></td>
<td><span class="ignoreP"><p>string</p>
</span></td>
</tr>
<tr class="row-odd"><td><strong>Required: </strong></td>
<td><span class="ignoreP"><p>yes</p>
</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</section>
</section>
<section id="add-or-remove-entries">
<h3>Add or remove entries<a class="headerlink" href="#add-or-remove-entries" title="Link to this heading">¶</a></h3>
<p>To add an entry to the record, use the following command:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>lxc<span class="w"> </span>network<span class="w"> </span>zone<span class="w"> </span>record<span class="w"> </span>entry<span class="w"> </span>add<span class="w"> </span><network_zone><span class="w"> </span><record_name><span class="w"> </span><type><span class="w"> </span><value><span class="w"> </span><span class="o">[</span>--ttl<span class="w"> </span><TTL><span class="o">]</span>
</pre></div>
</div>
<p>This command adds a DNS entry with the specified type and value to the record.</p>
<p>For example, to create a dual-stack web server, add a record with two entries similar to the following:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>lxc<span class="w"> </span>network<span class="w"> </span>zone<span class="w"> </span>record<span class="w"> </span>entry<span class="w"> </span>add<span class="w"> </span><network_zone><span class="w"> </span><record_name><span class="w"> </span>A<span class="w"> </span><span class="m">1</span>.2.3.4
lxc<span class="w"> </span>network<span class="w"> </span>zone<span class="w"> </span>record<span class="w"> </span>entry<span class="w"> </span>add<span class="w"> </span><network_zone><span class="w"> </span><record_name><span class="w"> </span>AAAA<span class="w"> </span><span class="m">1234</span>::1234
</pre></div>
</div>
<p>You can use the <code class="docutils literal notranslate"><span class="pre">--ttl</span></code> flag to set a custom time-to-live (in seconds) for the entry.
Otherwise, the default of 300 seconds is used.</p>
<p>You cannot edit an entry (except if you edit the full record with <a class="reference internal" href="../../reference/manpages/lxc/network/zone/record/edit/#lxc-network-zone-record-edit-md"><span class="std std-ref"><code class="docutils literal notranslate"><span class="pre">lxc</span> <span class="pre">network</span> <span class="pre">zone</span> <span class="pre">record</span> <span class="pre">edit</span></code></span></a>), but you can delete entries with the following command:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>lxc<span class="w"> </span>network<span class="w"> </span>zone<span class="w"> </span>record<span class="w"> </span>entry<span class="w"> </span>remove<span class="w"> </span><network_zone><span class="w"> </span><record_name><span class="w"> </span><type><span class="w"> </span><value>
</pre></div>
</div>
</section>
</section>
</section>
</article>
</div>
<footer>
<div class="related-pages">
<a class="next-page" href="../network_bridge_firewalld/">
<div class="page-info">
<div class="context">
<span>Next</span>
</div>
<div class="title">How to configure your firewall</div>
</div>
<svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg>
</a>
<a class="prev-page" href="../network_forwards/">
<svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg>
<div class="page-info">
<div class="context">
<span>Previous</span>
</div>
<div class="title">How to configure network forwards</div>
</div>
</a>
</div>
<div class="bottom-of-page">
<div class="left-details">
<div class="copyright">
© 2014-2026 AGPL-3.0, LXD contributors
</div><div class="last-updated">
Last updated on Feb 13, 2026</div>
</div>
<div class="right-details">
<a href="" class="js-revoke-cookie-manager muted-link">Manage your tracker settings</a>
</div>
</footer>
</div>
<aside class="toc-drawer">
<div class="toc-sticky toc-scroll">
<div class="toc-title-container">
<span class="toc-title">
Contents
</span>
</div>
<div class="toc-tree-container">
<div class="toc-tree">
<ul>
<li><a class="reference internal" href="#">How to configure network zones</a><ul>
<li><a class="reference internal" href="#project-views">Project views</a></li>
<li><a class="reference internal" href="#generated-records">Generated records</a><ul>
<li><a class="reference internal" href="#forward-records">Forward records</a></li>
<li><a class="reference internal" href="#reverse-records">Reverse records</a></li>
</ul>
</li>
<li><a class="reference internal" href="#enable-the-built-in-dns-server">Enable the built-in DNS server</a></li>
<li><a class="reference internal" href="#create-and-configure-a-network-zone">Create and configure a network zone</a><ul>
<li><a class="reference internal" href="#configuration-options">Configuration options</a></li>
</ul>
</li>
<li><a class="reference internal" href="#add-a-network-zone-to-a-network">Add a network zone to a network</a></li>
<li><a class="reference internal" href="#add-custom-records">Add custom records</a><ul>
<li><a class="reference internal" href="#create-a-record">Create a record</a><ul>
<li><a class="reference internal" href="#record-properties">Record properties</a></li>
</ul>
</li>
<li><a class="reference internal" href="#add-or-remove-entries">Add or remove entries</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
</div>
<div class="relatedlinks-title-container">
<span class="relatedlinks-title">
Related links
</span>
</div>
<div class="relatedlinks-container">
<div class="relatedlinks">
<ul><li><a href="https://discuss.linuxcontainers.org/t/12033" target="_blank">Built-in DNS server</a></li><li><a href="https://discuss.linuxcontainers.org/t/13128" target="_blank">Custom DNS records in network zones</a></li></ul>
</div>
</div>
</div>
</aside>
</div>
</div><script src="../../_static/jquery.js?v=5d32c60e"></script>
<script src="../../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
<script src="../../_static/documentation_options.js?v=a5603611"></script>
<script src="../../_static/doctools.js?v=9a2dae69"></script>
<script src="../../_static/sphinx_highlight.js?v=dc90522c"></script>
<script src="../../_static/scripts/furo.js?v=46bd48cc"></script>
<script src="../../_static/clipboard.min.js?v=a7894cd8"></script>
<script src="../../_static/copybutton.js?v=b01cb6f2"></script>
<script src="../../_static/config-options.js"></script>
<script src="../../_static/design-tabs.js?v=f930bc37"></script>
<script src="../../_static/js/bundle.js?v=a4d88309"></script>
<script src="../../_static/header-nav.js?v=e117ad08"></script>
<script src="../../_static/github_issue_links.js?v=32bb732f"></script>
<script>
const github_url = "https://github.com/canonical/lxd";
</script>
</body>
</html>