DNS Administration
DNS Administration is accessed through the Admin area of ProVision. The DNS Admin tab contains four different functional areas: Manage DNS Server, DNS Zone Transfers, DNS Defaults and Tools, and DNS Export Functions.
Manage DNS Servers
This is where you configure DNS servers to transfer zones to from the ProVision platform. ProVision currently supports the following DNS server types: BIND, PowerDNS (using a bind backend), DynECT, and Secure64. The fields available for configuring servers are as follows:
- Server - The name of the server.
- Display Name - Name you want the server to display.
- FQDN or IP - The FQDN or ip address of the DNS server.
- Default - Specify if the server should be added to new zones by default or not.
- Transfer Type - SCP, Secure64, Secure64 Signer, and DynECT. Note that the SCP method should be used for PowerDNS with a Bind backend.
- Server Type - Specify if the server is a master or slave. Different configuration files are created master vs. slave on the Bind, PowerDNS/Bind, and Secure64 platforms.
- SOA - Start of Authority, should be in the format "SRI-NIC.ARPA. HOSTMASTER.SRI-NIC.ARPA.". For more information, see the RFC: http://tools.ietf.org/html/rfc1033
- Username - Login/username for the target DNS server. The specified account needs to be valid, and have write permission to the remote directory and execute permission for any pre/post commands.
- Password - Password for the target account. All passwords are stored encrypted in the database.
- Port - Port to contact the target server on. This is port used for SSH on Bind and Secure64 server types.
- Remote Directory - The target directory to transfer zone files to on the DNS system.
- Named Conf Path - The path to other zones on the Bind systems.
- Pre Command - Any valid system command on the target DNS system. This command will be run before any files are transferred.
- Post Command - Any valid system command on the target DNS system. This command will be run after any files are transferred. For example, on a Bind system you would need to run "rndc reload" to reload the zones.
- Enable Views - Select Yes or No to enable / disable views.
The "Test Config" button will attempt to login to the target system and write to the target directory. If any failures are encountered, an error will be written with some detail. If the test is successful, the word "Success!" will show verifying that files can be transferred. This does not test if the user can execute pre/post commands. This needs to be checked manually.
Views
Enable Views - Select Yes to enable views on a particular server. You must click "Update Server" to show the view options.
To enable your Bind server to use zones transferred from 6connect, you must add the following to your named.conf.
include "/var/named/zones/6connect_named.conf";
When views are enabled on a server, all zones/records attached to a server are immediately put into the default view 6connectGeneric that contains a match any rule. For example, here is a sample of the named.conf include generated by ProVision:
view "6connectGeneric" in {
match-clients { any; };
zone ...
zone ...
};
All views attached to a server are displayed under the "Views" label. When you enable views on a Bind server, you must wrap all other zones in named.conf or any includes in view statements. The include line for the 6connect conf file should also be move above any other view statements. An example is below:
include "/var/named/zones/6connect_named.conf";
view "hints" {
match-clients { any; };
zone "." {type hint; file "named.root";};
};
view "zones-outside-of-6connect" {
match-clients { some-acl; };
zone ....
};
Adding a View
To add a view just type in the view name, and a description (for reference only), then click "Add new view". The config files transferred to the server will automatically be built according to the server type.
Adding ACLs to Views
You can select an existing IP List to create a view ACL. For a Bind server, this creates a corresponding line in the config: match-clients { 6connect_Internal; }; The 6connect_ is prefixed to all IP lists inserted by ProVision.
"Add Key" and "Val" are fields to provide additional options for DNS Views.
For additional information on working with views, see Configuring Split Horizon / Views.
DNS Zone Transfers
This section lists every server configured in the platform, along with how many zones are assigned to the server.
How to transfer zones:
- Check the boxes and click the 'Push' button to transfer zones to the target server.
DNS Defaults and Tools
This section provides a collection of links for other useful DNS functions including setting Global DNS defaults, PTR Auto Generation Management, DNS Record Types, DNS View ACL Management, and Bulk DNS Change Tools.
Global DNS Zone Defaults
DNS Global Defaults / Default SOA Values
Provides default configuration settings options.
Default TTL: in seconds, default value is 3600
Default Refresh: in seconds, default value is 14400
Default Retry: in seconds, default value is 3600
Default Expire: in seconds, default value is 604800
Default Minimum: in seconds, default value is 3600
Default SOA: Server Of Authority and hostmaster contact. E.g. ns1.domain.com. hostmaster.domain.com.
Default Nameservers
This function controls the list of DNS servers used for pre populating DNS records with NS records.
The checked servers are automatically added to any new zone files created.
To remove a server from default status, uncheck the box under "Add to New Zone". Servers with "0" Uses may be deleted by hitting the red delete icon.
DNS PTR Auto Generation Management
ProVision can be configured auto-generate missing IPv4 PTR records in reverse zones based on the template provided on this page. This feature is limited to zones which cover /24 sized blocks (no RFC 2317 support yet).
The variables '$oct1', '$oct2', '$oct3', '$oct4' are used to specify the first through fourth octet's of the PTR IPv4 address.
DNS Record Types
Edit DNS Record Types
The "Edit DNS Record Types" will allow you to manage what types of DNS records can be added in the system. The default values are:
- A, AAAA, MX, PTR, CNAME, NS, DIRECTIVE, DNAME, DNSKEY, DS, INCLUDE, IPSECKEY, COMMENT, TXT, KEY, SOA, and SRV
- The complete list of valid record types can be found the RFCs. Wikipedia provides a nice reference: http://en.wikipedia.org/wiki/List_of_DNS_record_types
DNS View ACL Management
DNS View ACL Management
- Manage ACLs for use in DNS Views.
Bulk DNS Change Tools
Bulk Zone Assignment
The Bulk Zone Assignment function allows you to assign multiple zones to a resource in one step. The system will perform a wild card style match for any text in the search box and return all matching zones and display them in a list. You can then assign all the zones found to a resource as either a master or slave.
Bulk Record Changes
The Bulk DNS Editor allows an Admin to perform "find and replace" functions across all DNS zones. Enter Record Host, Record Type, and/or Record Value information and select "Search Records". It will match the host and/or record type and/or record value across the entire zone database. Unless the "Strict Comparison" box is checked, it will use wildcard style matches for the host and record values. You can then replace the data for the results by using the fields below.
Global DNS Settings (Local Installation Only)
The "Global DNS Settings" link is only viewable with the local installation version of ProVision.
DNS Global Settings
- Checkzone path: Path to checkzone
- rndc path: Path to rndc
- dig path: Path to dig
- zonesigner path: Path to zonesigner
- dnssec-dsfromkey path: Path to dnssec-dsfromkey
- DNSSEC validation server: Address of DNSSEC validation server, required to be a non-authoritative name server.
DNS Export Functions
This section provides links for export functions.
Generate all DS records for DNSSEC
- This link will generate and output all DS records in the database. This is provided to easily bulk upload all DS keys to your domain registrar.
Generate zip file of all zones
- This link generates a single .zip file containing all zones for download. Once a zip file has been generated, a quick link is provided at the bottom of this section with datestamp to be downloaded later if needed.
Additional Information:
Importing DNS Zones
ProVision offers three DNS zone import options, available under the Data Import tab in the Admin section. For more information on importing DNS zones, see Importing your Data and Import DNS Zones.
BIND Zone Import
- Imports using the named.conf configuration file tied to the zones you are uploading, a .zip or .tar file of the zones themselves, and an optional .csv file mapping zones to customers and DNS Servers.
DynECT Zone Import
- Imports and syncs ALL zones on the system with those in your DnyECT instance. This means any zones in ProVision not present in your DynECT instance will be removed and any changes lost.
PowerDNS Zone Import
- Option is available after configuring a PowerDNS server with a MySQL backend. Connects to the selected server and imports all zones.
System Information for Local Installations
Zones are stored in the 6connect web root under /zones.
DS keys are stored in the 6connect web root under /keys.
Additional Sections:
For more information on DNS and configurations, see the following sections: