You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 15 Next »

DNS Administration 

DNS Administration is accessed through the Admin area of ProVision. The DNS Admin tab contains four different functional areas: Manage DNS Server, DNS Zone Transfers, DNS Defaults and Tools, and DNS Export Functions. The DNS Admin dropdown menu provides shortcuts to many of the DNS Tools as well as DNS templates. 

Manage DNS Servers 

This is where you configure DNS servers to transfer zones to from the ProVision platform.  ProVision currently supports the following DNS server types: BIND, PowerDNS (using a bind backend), DynECT, and Secure64.  The fields available for configuring servers are as follows:

Server:  The name of the server.

Display Name: Name you want the server to display.

FQDN or IP: The FQDN or ip address of the DNS server.

Default: Specify if the server should be added to new zones by default or not.

Transfer Type: SCP, Secure64, Secure64 Signer, and DynECT.  Note that the SCP method should be used for PowerDNS with a Bind backend.

Server Type: Specify if the server is a master or slave.  Different configuration files are created master vs. slave on the Bind, PowerDNS/Bind, and Secure64 platforms.

SOA: Start of Authority, should be in the format "SRI-NIC.ARPA. HOSTMASTER.SRI-NIC.ARPA.".  For more information, see the RFC: http://tools.ietf.org/html/rfc1033

Username: Login/username for the target DNS server.  The specified account needs to be valid, and have write permission to the remote directory and execute permission for any pre/post commands.

Password: Password for the target account.  All passwords are stored encrypted in the database.

Port: Port to contact the target server on.  This is port used for SSH on Bind and Secure64 server types.

Remote Directory: The target directory to transfer zone files to on the DNS system.

Named Conf Path: The path to other zones on the Bind systems.

Pre Command: Any valid system command on the target DNS system.  This command will be run before any files are transferred.

Post Command: Any valid system command on the target DNS system.  This command will be run after any files are transferred.  For example, on a Bind system you would need to run "rndc reload" to reload the zones.

Enable Views: Select Yes or No to enable / disable views. You must click "Update Server" to show the view options.

The "Test Config" button will attempt to login to the target system and write to the target directory.  If any failures are encountered, an error will be written with some detail.  If the test is successful, the word "Success!" will show verifying that files can be transferred.  This does not test if the user can execute pre/post commands.  This needs to be checked manually.

Views


Enable Views: Select Yes to enable views on a particular server.  You must click "Update Server" to show the view options.

To enable your Bind server to use zones transferred from 6connect, you must add the following to your named.conf.

 include "/var/named/zones/6connect_named.conf";

When views are enabled on a server, all zones/records attached to a server are immediately put into the default view 6connectGeneric that contains a match any rule.  For example, here is a sample of the named.conf include generated by ProVision:

view "6connectGeneric" in {

        match-clients { any; };

        zone ...

        zone ...

};

All views attached to a server are displayed under the "Views" label.  When you enable views on a Bind server, you must wrap all other zones in named.conf or any includes in view statements. The include line for the 6connect conf file should also be move above any other view statements.  An example is below:

include "/var/named/zones/6connect_named.conf";

view "hints" {

      match-clients { any; };

      zone "." {type hint; file "named.root";};

};

view "zones-outside-of-6connect" {

match-clients { some-acl; };

zone ....

};

 

Adding a View

To add a view just type in the view name, and a description (for reference only), then click "Add new view".  The config files transferred to the server will automatically be built according to the server type.

Adding ACLs to Views

You can select an existing IP List to create a view ACL.  For a Bind server, this creates a corresponding line in the config: match-clients { 6connect_Internal; };  The 6connect_ is prefixed to all IP lists inserted by ProVision.

"Add Key" and "Val" are fields to provide additional options for DNS Views.

For additional information on working with views, see Configuring Split Horizon / Views.

DNS Zone Transfers

This section lists every server configured in the platform, along with how many zones are assigned to the server.

How to transfer zones:

Check the boxes and click the 'Push' button to transfer zones to the target server. 


DNS Defaults and Tools

This section provides a collection of links for other useful DNS functions including setting Global DNS defaults, DNS Tags,  PTR Auto Generation Management, DNS Record Types, DNS View ACL Management, and Bulk DNS Change Tools. Many of the tools are also accessible from the DNS Admin dropdown menu. 

Global DNS Zone Defaults  

DNS Settings

Provides DNS settings options.

Allow Duplicate Reverse Zones: Check to enable / disable allowing duplicate reverse DNS zones. If duplicate reverse zones already exist, those zones must be removed before disabling duplicates. If a zone has duplicates, a link appears in the top right corner of that zone's ViewZone page. 

 

DNS Global Defaults / Default SOA Values

Provides default configuration settings options. 

Default TTL: in seconds, default value is 3600 

Default Refresh: in seconds, default value is 14400

Default Retry: in seconds, default value is 3600

Default Expire: in seconds, default value is 604800

Default Minimum: in seconds, default value is 3600

Default SOA: Server Of Authority and hostmaster contact. E.g. ns1.domain.com. hostmaster.domain.com.     

Default Nameservers

This function controls the list of DNS servers used for pre populating DNS records with NS records. 

The checked servers are automatically added to any new zone files created. 

To remove a server from default status, uncheck the box under "Add to New Zone". Servers with "0" Uses may be deleted by hitting the red delete icon.

DNS Tags

Under DNS Tags (Or "Edit Tags" from the DNS Admin dropdown), you can manage the tag list that is available to apply to DNS zones. See Working with DNS Zones - List Management for detailed information on managing DNS Tags. 

DNS PTR Auto Generation Management 

ProVision can be configured auto-generate missing IPv4 PTR records in reverse zones based on the template provided on this page. This feature is limited to zones which cover /24 sized blocks (no RFC 2317 support yet).

The variables '$oct1', '$oct2', '$oct3', '$oct4' are used to specify the first through fourth octet's of the PTR IPv4 address.

DNS Record Types

Edit DNS Record Types 

The "Edit DNS Record Types" will allow you to manage what types of DNS records can be added in the system.  The default values are:  

    • A, AAAA, MX, PTR, CNAME, NS, DIRECTIVE, DNAME, DNSKEY, DS, INCLUDE,  IPSECKEY, COMMENT,  TXT, KEY, SOA, and SRV
    • The complete list of valid record types can be found the RFCs.  Wikipedia provides a nice reference: http://en.wikipedia.org/wiki/List_of_DNS_record_types 

See Working with DNS Zones - List Management for detailed information on managing DNS Record Types. 

DNS View ACL Management 

DNS View ACL Management 

  • Manage ACLs for use in DNS Views. 

See Configuring Split Horizon / Views for detailed information on using DNS View ACL Management. 

Bulk DNS Change Tools 

Bulk Zone Assignment 

The Bulk Zone Assignment function allows you to assign multiple zones to a resource in one step.  The system will perform a wild card style match for any text in the search box and return all matching zones and display them in a list.  You can then assign all the zones found to a resource as either a master or slave. 


Bulk Record Changes 

The Bulk DNS Editor allows an Admin to perform "find and replace" functions across all DNS zones. Enter Record Host, Record Type, and/or Record Value information and select "Search Records".  It will match the host and/or record type and/or record value across the entire zone database.  Unless the "Strict Comparison" box is checked, it will use wildcard style matches for the host and record values. You can then replace the data for the results by using the fields below. 

Global DNS Settings (Local Installation Only)

The "Global DNS Settings" link is only viewable with the local installation version of ProVision.

Checkzone path: Path to checkzone

rndc path: Path to rndc

dig path: Path to dig

zonesigner path: Path to zonesigner

dnssec-dsfromkey path: Path to dnssec-dsfromkey

DNSSEC validation server: Address of DNSSEC validation server, required to be a non-authoritative name server.  

DNS Export Functions

This section provides links for export functions. 

Generate/ Show all DS records for DNSSEC 

  • This link will generate/show output all DS records in the database.  This is provided to easily bulk upload all DS keys to your domain registrar.

Generate zip file of all zones 

  • This link generates a single .zip file containing all zones for download.  Once a zip file has been generated, a quick link is provided at the bottom of this section with datestamp to be downloaded later if needed. 

Additional Information:

Importing DNS Zones 

ProVision offers three DNS zone import options, available under the Data Import tab in the Admin section. For more information on importing DNS zones, see Importing your Data and Import DNS Zones

BIND Zone Import

  • Imports using the named.conf configuration file tied to the zones you are uploading, a .zip or .tar file of the zones themselves, and an optional .csv file mapping zones to customers and DNS Servers.

DynECT Zone Import

  • Imports and syncs ALL zones on the system with those in your DnyECT instance.  This means any zones in ProVision not present in your DynECT instance will be removed and any changes lost. 

PowerDNS Zone Import 

  • Option is available after configuring a PowerDNS server with a MySQL backend.  Connects to the selected server and imports all zones.

System Information for Local Installations

Zones are stored in the 6connect web root under /zones.

DS keys are stored in the 6connect web root under /keys.

Additional Sections:

For more information on DNS and configurations, see the following sections: 


  • No labels