DNS Servers
ProVision's DNSv3 combines server management, group organization, and zone management under the DNS tab.
The DNS Servers tab is viewable by users with Resource read permissions, though only Admin users or those specifically granted server permissions may perform management actions. The Sever List contains functions for adding, updating, and managing DNS servers as well as scheduling server tasks.
DNS Server List Interface
1) Add Server Button: Opens a dialog for creating a DNS server.
2) Server List:
3) Server Name: Name of the DNS server. Click to open server details.
4) Server Backend: The DNS Service backend type for the server.
5) Server Type: Whether the server is a master or slave type.
6) Server Status: Currently a placeholder column for future display of server error and connection status messages.
7) Actions: The actions that may be performed on each server:
8) Delete: Deletes the server from ProVision.
9) Push: Pushes all zones associated with the selected server.
10) Perms: Opens a shortcut to edit permissions for the selected server (Admin only).
Working with DNS Servers
Add a Server
To create a new server, start from the DNS Tab, select the DNS Servers sub menu. Then, click the "Add Server" button next to "DNS Server List".
This will open the "Server Settings" page.
Server Settings
1) Set Server Common Settings
In the "Common Settings" section of Server Settings, enter the new server's Display Name (the name that will appear on the ProVision interface), the FQDN / IP, server type, service type, and desired parent Resource (may be left at the default Top Level Resource).
Display Name: Name you want the server to display.
FQDN or IP: The FQDN or ip address of the DNS server.
Default: Specify if the server should be added to new zones by default or not.
Server Type: Specify if the server is a master or slave. Different configuration files are created master vs. slave on the Bind, PowerDNS/Bind, and Secure64 platforms.
DNS Service: Select the DNS service type (ISC Bind, Secure64, KnotDNS, etc).
Parent Resource: Select the ProVision resource to be the "parent" of the server - typically TLR (Top Level Resource), but may be a lower level resource such as a Customer or Location. The parent resource selection is the basis of access permissions for the server.
2) Set Server Specific Settings
The next section is entering server service-type specific settings. The options visible in this section will depend on the "DNS Service" type chosen under "Common Settings".
Here, we see the fields for ISC BIND server settings. Enter the server Username, Password, Port, Remote Director, Named Conf. Path, and Pre/Post Command (if desired). Your fields may vary for other server types.
For SSH Public Key Authentication, DNSSEC, and Dynamic Option updates, click on the ON / OFF toggle to select "ON" or "OFF" for each as needed.
SHH Public Key Authentication: If applicable, toggle "On" or "Off"
Username: Login/username for the target DNS server. The specified account needs to be valid, and have write permission to the remote directory and execute permission for any pre/post commands.
Password: Password for the target account. All passwords are stored encrypted in the database.
Port: Port to contact the target server on. This is port used for SSH on Bind and Secure64 server types.
Remote Directory: The target directory to transfer zone files to on the DNS system.
Named Conf Path: The path to other zones on the Bind systems.
Pre Command: Any valid system command on the target DNS system. This command will be run before any files are transferred.
Post Command: Any valid system command on the target DNS system. This command will be run after any files are transferred. For example, on a Bind system you would need to run "rndc reload" to reload the zones.
Enable DNSSEC: If available for the server type, toggle to "On" or "Off". See Configuring DNSSEC for additional information.
Enable Dynamic Updates: Toggle to "On" or "Off", if the server allows dynamic updates.
Some DNS Server types use subscription services or outside accounts, in which case you may instead be prompted to provide account credentials, API keys, API secret, or other vendor-specific fields to connect to the service.
After entering the server-specific settings in this section, you can click the "Test Connection" button at the bottom right of the page to test the server connection and authentication.
The "Test Connection" button will attempt to login to the target system and write to the target directory.
A window will pop up showing a success or failure response.
If any failures are encountered, an error will be written with some detail. If the test is successful, the word "Success!" will show verifying that files can be transferred. This does not test if the user can execute pre/post commands. This needs to be checked manually.
3) Set DNS Group Settings for Server
In the last section, select whether to enable Multiple Groups Support for exporting Groups as View (click to toggles ON / OFF), and select a default Group, if desired, to be associated with the server. Zones assigned to the selected Group will automatically be attached to the server.
4) Save Changes
Save your changes when done! Just click the "Save Changes" button at the bottom right of the page.
The new server will now be added to the DNS Servers list. These settings may be changed at any time by selecting the server from the server list and editing the information.
Edit Servers
Edit an existing server by clicking once on the server name in the DNS Servers list.
The "Server Settings" page will open.
Click inside the field that you want to change, type your changes, and then click "Save Changes" at the bottom of the page.
Review Zones Connected to a Server
There are two ways that zones may be connected to a DNS server:
1) Directly connected, by attaching the zone to a server from the View Zone page.
or,
2) Connected by a Group that has been set as the default DNS Group for the server, selected under "DNS Group Settings".
Both are able to be viewed on the DNS Server Settings page.
To view either, open the Server Settings page for the server by clicking on the server name in the DNS Servers list.
Edit an existing server by clicking once on the server name in the DNS Servers list.
The "Server Settings" page will open.
Zones Directly Connected to the Server
Scroll to the bottom of the page, and open the module titled "Zones directly connected to the server" by clicking on the expansion arrow.
A zone list will show the zone(s) that have been directly connected to this server.
Here, you may browse through forward and reverse zones by selecting the "Forward Zones" or "Reverse Zones" tabs, sort the list by Zone Name or Last Modified, open the zone's page by clicking on the name, or check the zone's status by clicking the "Check" button.
Zones may be exported by clicking the "Export Zones" button.
Zones Connected via a Group
If a default Group has been selected under "DNS Group Settings" for the server, Zones under that Group will be connected to the server and able to be viewed on the Server Settings page.
Scroll to the bottom of the page, and open the module titled "Zones connected to Group '(Group Name)' " by clicking on the expansion arrow.
A zone list will show the zone(s) that connected to this server via a selected Group.
Here, you may browse through forward and reverse zones in that Group by selecting the "Forward Zones" or "Reverse Zones" tabs, sort the list by Zone Name or Last Modified, open the zone's page by clicking on the name, or check the zone's status by clicking the "Check" button.
Pushing a Server
Manual Push
Manually pushing all zones on a server may be done directly from the DNS Server list. Under the "Actions" section of the Server List, click the "Push" button for the desired server.
Pushing may also be done while in the Server Settings page. While in the Server Settings page, click the "Push Zones" button at the top right of the page.
A "DNS Push Status" box will appear, showing the status of each zone as it is pushed. Once all zones have been pushed successfully, a green status message of "Finished DNS Pushing Request" will appear. At this point, the push is complete and the window may be closed.
Scheduled Push
DNS server pushes may be scheduled from either the Admin Area Scheduler Tab, or from within the DNSv3 Server Settings page. Scheduled pushes require Admin access.
For information on scheduling a push from the Scheduler Tab, see Scheduler Tab documentation.
To schedule a push from a server's Settings page, open the Server Settings page for the desired server, and click on the "Schedule Push" button.
The Push Scheduler dialog will open. Click on the calendar on the left to select a date for the push, set the desired push time on the right, enter a notification email address, and then click "Save Changes".
Once a schedule push has been created, a "Scheduled Tasks" module will appear at the top of the Server Settings page.
Click on the expansion arrow for the module to open and view the tasks.
Scheduled pushes for the server will be listed in the "Scheduled Tasks" module, and may be viewed or deleted (by clicking the "Delete" button under "Actions").
If necessary, the Scheduled Push may be edited from the Scheduler Tab in the Admin area of ProVision. See the Scheduler Tab for information on editing scheduled tasks.
Delete a Server
Delete a server by clicking the "Delete" button under the "Actions" section of the Server List for the desired server.
Additional Information
For additional information on working in DNS, see the following sections:
- Configuring ISC BIND Support
- Configuring PowerDNS Support
- Configuring Secure64 Support
- Configuring Split Horizon and Views
- Configuring DNSSEC
- Import DNS Zones
- DNS Tab