ProVision's DNSv3 combines server management, group organization, and zone management under the DNS tab.
The DNS tab contains four sub-tabs: DNS Groups, DNS Servers, DNS Zones, and DNS Records.
The DNS Groups tab is where DNS Groups, zones, ACL's, and default SOA values are managed. The DNS tab Groups List allows you to create, view, and manage groups of DNS Servers and Zones. Using groups, you can configure and push selected combinations of zones at one time.
The DNS Servers tab is only accessible to Admin users, and contains functions for adding, updating, and managing DNS servers as well as scheduling server tasks. For Admin-level DNS tasks, see DNS Administration and Working with DNS Servers.
The DNS Zones tab lists all the zones in ProVision able to be viewed by the user, in the same format as on the DNS Groups page, but without the Group organization. The Zone List allows you to view, add, delete, and push individual DNS Zones.
The DNS Records tab list all records in ProVision, in a filterable list to expedite search, editing, and managing records. New records may also be added from this page.
DNSv3 organizes ProVision's DNS system into a more unified and accessible interface, combining both admin and non-admin DNS tasks together under the DNS tab.
In DNSv3, zones are gathered under DNS Groups, servers are attached to those Groups, and Nameservers, Default SOA values, and ACLs are managed at a per-Group level. Users can then view and manage Groups, individual zones, default SOA values, ACLs, attach servers, and perform pushes all on the same page.
DNSv3 incorporates DNS zones and Groups into ProVision's Resource System. Zones and Groups are Resources just like Customers, Servers, Routers, or Contacts (See The Resource System for a more detailed explanation of Resources in ProVision).
This allows for DNS zones and Group permissions to be managed similarly to other ProVision resources, where users with Resource permissions (Create / Read / Update / Delete) on the parent resource of the DNS Group can create groups and zones, manage those groups and zones, push (if a server is attached), and delete.
A user with full Resource permissions on a DNS Server, as well as the parent resource of a Group, may view and attach that server to a Group.
Users with Admin permissions can access the DNS Servers area under the DNS tab manage DNS server creation, edits, and deletion.
For more information on setting up permissions groups in ProVision, see Users & Permissions.
Permission Shortcut Button ("Perms")
Throughout DNS, a shortcut permissions button ("Perms") is available on a per-item level, accessible only to Admin users.
This permissions button allows for direct, point-of-use permissions adjustments to DNS Groups, Servers, Zones, and Records. It uses the same CRUD permissions and groups available in the Admin Users tab, but removes the need to remember and search for the DNS item name.
To open the Change Resource Permissions module, click on the "Perms" Button for any DNS item.
Edit the CRUD permissions for any ProVision user group by clicking the checkbox for the desired group and permission type. When done, click "Save Changes". The permission changes will be also be reflected in the Admin User tab Group settings.
The Approvals module stores and queues DNS actions made by selected User Groups, and sends those actions to a Pending Changes list for administrative review. Later, an administrator (or combination of administrators) can approve or reject these stored actions.
Approvals is primarily set up and managed via the Admin Approvals Tab. See the ProVision Admin Guide - Approvals Tab for details on setting up and using Approvals from the Administrative viewpoint.
In the DNS Tab, a "Resources Awaiting Approval" module will display near the top of DNS Groups, DNS Zone Lists, and DNS Servers pages, if a change has been submitted on that page that is pending approval.
Users who submitted a change for approval will see the details of their change request in this module.
Admin users with permissions to approve or reject the request will have the option to Approve or Deny the change.
DNSv3 revolves around Groups. Zones are gathered under Groups, servers attached to Groups, and pushes may be done on a per Group level. Thus, the first workflow step in DNSv3 is to set up one or more DNS Groups. A "Default Group" is automatically provided in ProVision, but other Groups may be desired to organize zones and default values.
To create a new DNS Group, click the "Add Group" button from the DNS Groups tab. Enter the desired default values for the Group, and save. If only using the Default Group, ensure the default parameter values are set as needed. For more information, see Working with DNS Groups.
After Groups have been set up, DNS servers should be added or settings verified. Admin users may add DNS servers from the DNS Servers tab "Add Server" button. Input the server information and save. Existing servers may be reviewed and edited by clicking on the server name in the DNS Server List. Once a server is created in ProVision, it may be attached to any DNS Group under the Group's "Attached Servers" module. Attaching a server to a Group will allow for zones in that group to be pushed to the attached server(s). See Working with DNS Servers.
Next, add zones to your groups. Zones may be manually added under each group by clicking the "Add Zone" button in the DNS Groups or DNS Zones tabs, or it may be imported via DNS Importers into a selected Group. Add the zone and record information, and save. See Working with DNS Zones for additional information.
Zones may only exist once per Group, but may be duplicated under multiple Groups. Zones may also be moved from Group to Group as needed.
At this point, all major components of the ProVision DNS system have been added - from here management tasks take over. Zones may be updated and moved to or from Groups; Groups may be edited with different default values or servers, and pushes maybe be performed for an individual zone, a full Group, or for an entire server. Pushes may be manual or scheduled for a future time through the Scheduler.