Versions Compared

Old Version 13

changes.mady.by.user The Force

Saved on

compared with

New Version 14

changes.mady.by.user The Force

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from this space and version 5.1.0

DNS Administration 

Image RemovedImage Added

DNS Administration is accessed through the Admin area of ProVision. The DNS Admin tab contains four different functional areas: Manage DNS Server, DNS Zone Transfers, DNS Defaults and Tools, and DNS Export Functions. The DNS Admin dropdown menu provides shortcuts to many of the DNS Tools as well as DNS templates. 

Image Added

Table of Contents

Manage DNS Servers 

This is where you configure DNS servers to transfer zones to from the ProVision platform.  ProVision currently supports the following DNS server types: BIND, PowerDNS (using a bind backend), DynECT, and Secure64.  The fields available for configuring servers are as follows:

Image RemovedImage Added

Server

...

:  The name of the server.

Display Name

...

: Name you want the server to display.

FQDN or IP

...

: The FQDN or ip address of the DNS server.

Default

...

: Specify if the server should be added to new zones by default or not.

Transfer Type

...

: SCP, Secure64, Secure64 Signer, and DynECT.  Note that the SCP method should be used for PowerDNS with a Bind backend.

Server Type

...

: Specify if the server is a master or slave.  Different configuration files are created master vs. slave on the Bind, PowerDNS/Bind, and Secure64 platforms.

SOA

...

: Start of Authority, should be in the format "SRI-NIC.ARPA. HOSTMASTER.SRI-NIC.ARPA.".  For more information, see the RFC: http://tools.ietf.org/html/rfc1033

Username

...

: Login/username for the target DNS server.  The specified account needs to be valid, and have write permission to the remote directory and execute permission for any pre/post commands.

Password

...

: Password for the target account.  All passwords are stored encrypted in the database.

Port

...

: Port to contact the target server on.  This is port used for SSH on Bind and Secure64 server types.

Remote Directory

...

: The target directory to transfer zone files to on the DNS system.

Named Conf Path

...

: The path to other zones on the Bind systems.

Pre Command

...

: Any valid system command on the target DNS system.  This command will be run before any files are transferred.

Post Command

...

: Any valid system command on the target DNS system.  This command will be run after any files are transferred.  For example, on a Bind system you would need to run "rndc reload" to reload the zones.

Enable Views

...

: Select Yes or No to enable / disable views. You must click "Update Server" to show the view options.

The "Test Config" button will attempt to login to the target system and write to the target directory.  If any failures are encountered, an error will be written with some detail.  If the test is successful, the word "Success!" will show verifying that files can be transferred.  This does not test if the user can execute pre/post commands.  This needs to be checked manually. 

Views

ViewsImage Added

Enable Views - : Select Yes to enable views on a particular server.  You must click "Update Server" to show the view options.

...

match-clients { some-acl; };

zone ....

};

 

Adding a View

To add a view just type in the view name, and a description (for reference only), then click "Add new view".  The config files transferred to the server will automatically be built according to the server type.

Image RemovedImage Added

 

Adding ACLs to Views

You can select an existing IP List to create a view ACL.  For a Bind server, this creates a corresponding line in the config: match-clients { 6connect_Internal; };  The 6connect_ is prefixed to all IP lists inserted by ProVision.

...

For additional information on working with views, see Configuring Split Horizon / Views.

DNS Zone Transfers

This section lists every server configured in the platform, along with how many zones are assigned to the server.

How to transfer zones:

Check the boxes and click the 'Push' button to transfer zones to the target server. 

Image Added

DNS Defaults and Tools

Image Added

This section provides a collection of links for other useful DNS functions including setting Global DNS defaults, PTR DNS Tags,  PTR Auto Generation Management, DNS Record Types, DNS View ACL Management, and Bulk DNS Change Tools. Many of the tools are also accessible from the DNS Admin dropdown menu

Image Added

Global DNS Zone Defaults  

DNS Settings

Provides DNS settings options.

Allow Duplicate Reverse Zones: Check to enable / disable allowing duplicate reverse DNS zones. If duplicate reverse zones already exist, those zones must be removed before disabling duplicates. If a zone has duplicates, a link appears in the top right corner of that zone's ViewZone page. 

Image Added

 

DNS Global Defaults / Default SOA Values

Provides default configuration settings options. 

Default TTL: in seconds, default value is 3600 

Default Refresh: in seconds, default value is 14400

Default Retry: in seconds, default value is 3600

Default Expire: in seconds, default value is 604800

Default Minimum:

...

 in seconds, default value is 3600

Default SOA: Server Of Authority and hostmaster contact. E.g. ns1.domain.com. hostmaster.domain.com.     

Default Nameservers

This function controls the list of DNS servers used for pre populating DNS records with NS records. 

The checked servers are automatically added to any new zone files created. 

Image RemovedImage Added

To remove a server from default status, uncheck the box under "Add to New Zone". Servers with "0" Uses may be deleted by hitting the red delete icon.

DNS Tags

Under DNS Tags (Or "Edit Tags" from the DNS Admin dropdown), you can manage the tag list that is available to apply to DNS zones. See Working with DNS Zones for detailed information on managing DNS Tags. 

DNS PTR Auto Generation Management 

...

The variables '$oct1', '$oct2', '$oct3', '$oct4' are used to specify the first through fourth octet's of the PTR IPv4 address.

Image RemovedImage Added

DNS Record Types

...

    • A, AAAA, MX, PTR, CNAME, NS, DIRECTIVE, DNAME, DNSKEY, DS, INCLUDE,  IPSECKEY, COMMENT,  TXT, KEY, SOA, and SRV
    • The complete list of valid record types can be found the RFCs.  Wikipedia provides a nice reference: http://en.wikipedia.org/wiki/List_of_DNS_record_types 

See Working with DNS Zones for detailed information on managing DNS Record Types. 

DNS View ACL Management 

DNS View ACL Management 

  • Manage ACLs for use in DNS Views. 

See Configuring Split Horizon / Views for detailed information on using DNS View ACL Management. 

Bulk DNS Change Tools Tools 

Bulk Zone Assignment 

The Bulk Zone Assignment function allows you to assign multiple zones to a resource in one step.  The system will perform a wild card style match for any text in the search box and return all matching zones and display them in a list.  You can then assign all the zones found to a resource as either a master or slave. 

Image AddedImage Removed

Bulk Record Changes 

The Bulk DNS Editor allows an Admin to perform "find and replace" functions across all DNS zones. Enter Record Host, Record Type, and/or Record Value information and select "Search Records".  It will match the host and/or record type and/or record value across the entire zone database.  Unless the "Strict Comparison" box is checked, it will use wildcard style matches for the host and record values. You can then replace the data for the results by using the fields below. 

Image RemovedImage Added

Global DNS Settings (Local Installation Only)

The "Global DNS Settings" link is only viewable with the local installation version of ProVision.

Image RemovedImage Added

DNS Global Settings

Checkzone path: Path to checkzone

rndc path: Path to rndc

dig path: Path to dig

zonesigner path: Path to zonesigner

dnssec-dsfromkey path: Path to dnssec-dsfromkey

DNSSEC validation server: Address of DNSSEC validation server, required to be a non-authoritative name server.  

DNS Export Functions

This section provides links for export functions. 

...

Generate/ Show all DS records for

...

DNSSEC 

  • This link will generate and /show output all DS records in the database.  This is provided to easily bulk upload all DS keys to your domain registrar.

Generate zip file of all zones 

  • This link generates a single .zip file containing all zones for download.  Once a zip file has been generated, a quick link is provided at the bottom of this section with datestamp to be downloaded later if needed. 

Additional Information:

Importing DNS Zones 

ProVision offers three DNS zone import options, available under the Data Import tab in the Admin section. For more information on importing DNS zones, see Importing your Data and Import DNS Zones

...

DS keys are stored in the 6connect web root under /keys.

Additional Sections:

For more information on DNS and configurations, see the following sections: 

...