Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from this space and version 8.3.0

DNS Administration 

Image RemovedImage Added

DNS Administration in DNSv3 is primarily handled under the DNS tab DNS Servers sub-tab, with DNS Administrative settings available under the Admin Settings page.


Additional DNS Admin tasks occur in other ProVision areas, and not all management tasks require Admin-level permissions - some only require appropriate resource permissions on the DNS Groups, Zones, and servers involved. See additional sections on this page for more detailed information:


DNSv3 incorporates DNS zones and Groups into the Resource System. Zones and Groups are Resources just like Customers, Servers, Routers, or Contacts (See Resource Concepts 1 and Resource Concepts for for a more detailed explanation of Resources in ProVision).

This allows for DNS zones and Group permissions to be managed similarly to other resources, where users with Resource permissions (Create / Read / Update / Delete) on the parent resource of the DNS Group can create groups and zones, manage those groups and zones, push (if a server is attached), and delete.


For more information on setting up permissions groups in ProVision, see Users & Permissions.


Edit the CRUD permissions for any ProVision user any user group by clicking the checkbox for the desired group and permission type.


In the DNS Tab, a "Resources Awaiting Approval" module will display near the top of DNS Groups, DNS Zone Lists, and DNS Servers pages, if a change has been submitted on that page that is pending approval. 

Image RemovedImage Added

Users who submitted a change for approval will see the details of their change request in this module.



Tasks such as working with zones, DNS Groups, adding ACLs, attaching servers to Groups, and manually pushing zones do not require ProVision Admin require Admin permissions. 

Instead, these tasks simply require that the user be included in a User Group that has appropriate permissions (either direct, or inherited) on the DNS zones, Groups, and servers involved.


  • Secure 64 (Authority, x86 Authority, KNOT Authority, Cache, Signer)
  • PowerDNS (BIND and MySQL)
  • InfoBlox
  • Knot DNS
  • NSD
  • NS ONE
  • DynDNS (Beta)
  • DNSMadeEasy
  • Cloudflare
  • AWS Route53 (Beta)
  • 6connect AnyCast
  • Dummy (a fake server entry used for servers outside of ProVision access, in order to manage master / slave configurations)


Manual pushes may be performed from the following locations in ProVision

  • Single Zone: From the DNS Groups Zone list "Push" button.
  • Single Zone: From the DNS View Zone page "Push Zone Now" button. 
  • Group: From the DNS Groups Zone list "Push Group" button. 
  • Server: From the DNS Servers list "Push" button. 
  • Server: From the DNS Server Settings page "Push Zones" button.


Scheduled pushes may be performed from the following locations in ProVision:

DNS Record Types

DNSv3 Record Types are a static list comprised of: 


Any user with appropriate resource permissions on the DNS Zone / DNS Group may add, edit, or delete DNS Records.

See Working with DNS Zones - Common Tasks for detailed information on managing DNS Records. 

ProVision supports 18 standard record types, as well as the ability to add a custom/arbitrary record type manually.

Available record types include the following:

  • A
  • A6
  • AAAA
  • CAA
  • DS
  • MX
  • NS
  • PTR
  • RP
  • SRV
  • TLSA
  • SPF
  • TXT
  • Other

titleOTHER Record Types

When working with DNS Zones and Records, additional record types may be manually added by selecting "Other" when adding a new record.

S64 DNS users can use record type "Other" to add "SYNTH"  or "TYPE65464" type records similar to the format below:

$ORIGIN 30 IN TYPE65464 ${p4} PTR ${a4}
$ORIGIN 600 IN TYPE65464 ${a4} A ${a4}
$ORIGIN TYPE65464 ${p6} PTR user${a6}
$ORIGIN 5 IN SYNTH user${a6} AAAA ${a6}
$ORIGIN IN SYNTH nptr-${u} NAPTR 10 20 "A" "" "" srv-${u}
$ORIGIN IN SYNTH srv-${u} SRV 10 20 1234 srv-addr-${u}

However, arbitrary / other record types are unable to be validated, so use with care!

Any user with appropriate resource permissions on the DNS Zone / DNS Group may add, edit, or delete DNS Records.

See Working with DNS Zones - Common Tasks for detailed information on managing DNS Records. 

Global DNS Settings (Local Installation Only)

DNS Global Settings is accessible from the Admin Settings page by users with Admin level permissions. 

DNSSEC Settings


Image RemovedImage Added

If using DNSSEC, select whether to enabled DNSSEC local signing, or sign zones by dnssec-tools, then enter the following information:


following information:

Sign zones by ISC BIND Utilities: Select whether to use ISC BIND utilities to sign zones.


titleAdditional Entropy

If delays occur due to lack of available entropy on servers, see the following article on how to set up additional entropy using haveged here: 

DNS Dynamic Update Settings



DNS Dynamic Update Settings

Image Added

Dynamic Update Timeout: Timeout for DDNS (the default is 5 seconds).

Increase SOA Zone Serial on update: Toggle to "On" if you wish the zone serial to be increased automatically.

Force TCP Update: If enabled all DDNS requests will be over TCP.

Dynamic Update via nsupdate: Toggle to "On" if you wish to use Dynamic Updates via nsupdate, instead of ProVision's internal implementation.


Clear DDNS Failure Queue: Clears the current failure queue.

DNS Backup Settings

Image RemovedImage Added

Records Limit : The limit for the number of records a zone may have for a zone to process a backup. If the records count exceed this number, zone backups will be omitted at zone push.

DNS Import Settings

Image RemovedImage Added

Keep Import File: Saves DNS zone import files to the zone's "Zone Backups and Attached Files" area, for later download. Optional.

Push Settings


Image Added

Continue Push on Error: If enabled, if there is an error on push with a subset of the servers, ProVision will continue to push the remaining non-erroring servers.

Enable DNS Push Lock: If enabled, on push ProVision will check whether there is an ongoing push. An error will be thrown unless Enable DNS Push Queue is also selected.


Enable Lock on Dynamic Updates:If enabled on DDNS operation, ProVision will lock the servers for a regular pushProVision will lock the servers for a regular push.

Maximum Timeout for Pre/Post Command: Enter the number of seconds for maximum timeout.

Clear Server Locks: Clears the lock state of the servers. You can use this action in case of failure, and a server is stuck in a locked state.

Clear Push Queue: Clears the current push queue.

DNS Cache Settings

Image RemovedImage Added

Enable DNS Cache for Modules and and Group: If enabled, on push ProVision will cache the Servers and Views in advance. Improves push performance, if you do not have many servers directly attached to the zones.

Enable DNS Cache for Zones per Group: If enabled,  on push ProVision will cache the Servers and Zones Views in advanceLinkage. Improves push performance, if you do not have many servers directly attached to the zones.

Enable DNS Cache for Zones per Group: If enabled,  on push ProVision will cache the Zones Views Linkage. Improves push performance, if you have many zones.

DNS Server Statistics

Image Removed

have many zones.

DNS Server Statistics

Image Added

If enabled, it will gather information about zone pushes for each server managed by ProVision.

Catalog Zone Settings

Image Added

The default value for the Masters List Metadata on creating a new zone record.

If enabled, it will gather information about zone pushes for each server managed by ProVision

DNS Export Functions

Exporting Zones


Expand the module by clicking the (>) arrow, and then click the "Export Zones" button.


Importing DNS Zones:

ProVision offers six There are six DNS zone import options, available under the Data Import tab in the Admin section. For more information on importing DNS zones, see Importing your Data and Import DNS Zones


DNS Zone Import: This tool is available on a zone's "View Zone" page, and allows the user to import additional zone/record information into an existing ProVision zone by uploading a zone file (.zone). 


For more information on DNS and configurations, see the following sections: 

Children Display