Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Bulk-Create Secondary DNS Zones in F5 Distributed Cloud (via API)

Stop clicking, start scripting — onboard hundreds of secondary DNS zones in F5 XC with one command.

If you’ve ever had to onboard dozens (or hundreds) of domains as secondary DNS zones in F5 Distributed Cloud (XC), you know the drill: click through the console, fill in the domain, add the primary server IP, save, repeat. It works - but it doesn’t scale.

I ran into exactly this situation recently and figured a quick shell script would save me (and maybe you) a lot of clicking.

 

What it does

The script reads a simple text file - one domain per line, comma-separated with its primary DNS server IPs - and creates the corresponding secondary DNS zones via the F5 XC API.

The input file looks like this:

example.com, 10.0.0.1, 10.0.0.2
example.org, 192.168.1.1
internal.example.net, 172.16.0.1, 172.16.0.2, 172.16.0.3

 

Run the script, and it works through the list one by one:

$ ./create_secondary_dns.sh



Starting secondary DNS zone creation...

Tenant : acmecorp

---

[line 1] Creating secondary zone: example.com (primaries: 10.0.0.1 10.0.0.2)

[line 1] OK - example.com created (HTTP 200)

[line 2] Creating secondary zone: example.org (primaries: 192.168.1.1)

[line 2] OK - example.org created (HTTP 200)

---

Done. Success: 2, Failed: 0, Total lines: 2

 

That’s it. No Python, no Terraform, no extra frameworks - just bash, curl, and jq.

 

TSIG support

If your primary DNS servers require TSIG authentication for zone transfers, the script handles that too. Set the TSIG key name, algorithm, and secret in the configuration block, and the script will encrypt the secret locally using vesctl (the F5 XC CLI) before sending it to the API. If vesctl isn’t installed yet, the script downloads it automatically.

 

If you don’t need TSIG, just leave the TSIG variables empty and the script skips that part entirely.

 

Getting started

1. Clone the repo and navigate to the tool:

git clone https://github.com/de1chk1nd/resources-and-tools.git

cd resources-and-tools/tools/dns-secondary

 

2. Create your domain list:

cp domains.txt.example domains.txt

 

3. Open the script and fill in your tenant name and API token:

vi create_secondary_dns.sh

 

4. Run it:

chmod +x create_secondary_dns.sh

./create_secondary_dns.sh

 

The full README in the repository covers all configuration options, dependencies, and common error messages.

 

 

What happens when something goes wrong?

The script validates every line before hitting the API - domain names are checked for valid DNS characters, IP addresses are checked for valid IPv4 format. If a line is malformed, it’s skipped with a clear message and the script moves on to the next one.

If a zone already exists in XC, the API returns a 409 and the script logs it as a failure but keeps going. At the end, you get a summary: how many succeeded, how many failed.

 

A note on the repository

This is a personal project, not an official F5 tool. It’s not supported by F5 and comes with no warranty. That said, it works well for my use cases and I hope it’s useful for yours too.

  • If you run into issues or have suggestions, please open an issue on GitHub: GIT Repo
  • The script lives here: DNS Tool
Published Mar 20, 2026
Version 1.0
API
Automation
BULK Operation
Distributed Cloud
DNS
DNS Migration
DNS Onboarding
Script
Secondary DNS
Zone Trasnsfer
No CommentsBe the first to comment