DNS Administration 

DNS Administration in DNSv3 is primarily handled under the DNS tab DNS Servers sub-tab, with DNS Administrative settings available under the Admin Settings page.

Users with resource "read" permissions may view DNS Server information, however only those with either Admin permissions or granted group-level server permissions can manage DNS server creation, edits, and deletion.

Additional DNS Admin tasks occur in other areas, and not all management tasks require Admin-level permissions - some only require appropriate resource permissions on the DNS Groups, Zones, and servers involved. See additional sections on this page for more detailed information:



DNSv3 Overview

DNSv3 reorganizes the DNS system into a more unified and accessible interface, combining both admin and non-admin DNS tasks together under the DNS tab.

In DNSv3, zones are gathered under DNS Groups, servers are attached to those Groups, and Nameservers, Default SOA values, and ACLs are managed at a per-Group level.

Users can then view and manage Groups, individual zones, default SOA values, ACLs, attach servers, and perform pushes all on the same page. 

 

Note: In DNSv3, zone name responses will enforce and return a trailing period (i.e., "example.com" will be converted and returned as "example.com.").

 

DNSv3 is designed to reflect RFC 1035 standards for valid data formats and will return error messaging for data not meeting those formats. 

DNSv3 Permissions

DNSv3 incorporates DNS zones and Groups into the Resource System. Zones and Groups are Resources just like Customers, Servers, Routers, or Contacts (See Resource Concepts 1 and Resource Concepts for a more detailed explanation of Resources).

This allows for DNS zones and Group permissions to be managed similarly to other resources, where users with Resource permissions (Create / Read / Update / Delete) on the parent resource of the DNS Group can create groups and zones, manage those groups and zones, push (if a server is attached), and delete.

A user with full Resource permissions on a DNS Server, as well as the parent resource of a Group, may view and attach that server to a Group. 

Users with resource "read" permissions may view DNS Server information, however only those with either Admin permissions or granted group-level server permissions can manage DNS server creation, edits, and deletion.

For more information on setting up permissions groups, see Users & Permissions.


Permission Shortcut Button ("Perms")

Throughout DNS, a shortcut permissions button ("Perms") is available on a per-item level, accessible only to Admin users.

This permissions button allows for direct, point-of-use permissions adjustments to individual DNS Groups, Servers, Zones, and Records. It uses the same CRUD permissions and groups available in the Admin Users tab, but removes the need to remember and search for the DNS item name. 

To open the Change Resource Permissions module, click on the "Perms" Button for any DNS item. 

Edit the CRUD permissions for any user group by clicking the checkbox for the desired group and permission type.

When done, click "Save Changes". The permission changes will be also be reflected in the Admin User tab Group settings. 


DNS Approvals

The Approvals module stores and queues DNS actions made by selected User Groups, and sends those actions to a Pending Changes list for administrative review.  Later, an administrator (or combination of administrators) can approve or reject these stored actions. 

Approvals is primarily set up and managed via the Admin Approvals Tab. See the Approvals for details on setting up and using Approvals from the Administrative viewpoint. 

In the DNS Tab, a "Resources Awaiting Approval" module will display near the top of DNS Groups, DNS Zone Lists, and DNS Servers pages, if a change has been submitted on that page that is pending approval. 

Users who submitted a change for approval will see the details of their change request in this module.

Admin users with permissions to approve or reject the request will have the option to Approve or Deny the change. 

DNSv3 Administrative Tasks

Admin-only tasks in DNSv3 include setting DNS Globals, importing zones, scheduling pushes, managing DNS Servers, and managing DNS Approvals. 

These tasks may be accessed in the following areas:

 

Tasks such as working with zones, DNS Groups, adding ACLs, attaching servers to Groups, and manually pushing zones do not require Admin permissions. 

Instead, these tasks simply require that the user be included in a User Group that has appropriate permissions (either direct, or inherited) on the DNS zones, Groups, and servers involved.

Manage DNS Servers 

Adding, configuring, and managing DNS Servers occurs in the Admin-only DNS Servers page under the DNS Tab.

Supported DNSv3 server types include:


Some server types may require outside subscriptions or accounts.

For detailed information on adding, editing, and deleting DNS Servers, see Working with DNS Servers.


ACLs / Views

In DNSv3, Views may be created by selecting the "Export Groups as Views" toggle and selecting a DNS Group under the server details sections "DNS Group Settings".

ACLs are managed on a per-DNS Group level, and may be added, edited, or removed by any user with appropriate resource permissions on the DNS Group. 

For details on working with ACLs, see Configuring ACLs-Split Horizon.

DNS Zone Transfers (Pushes)

In DNSv3, zones may be pushed manually or scheduled for a future time, and may be performed for a single zone, all zones in a DNS Group, or all zones on a server.

Scheduling DNS pushes requires administrative access, but manual pushes only require permissions on the DNS Group / DNS Zone, and the server(s) attached.

Manual DNS Pushes:

Manual pushes may be performed from the following locations: 

For details on performing pushes, see the following sections: 

Scheduled DNS Pushes: 

Scheduled pushes may be performed from the following locations:

DNS Record Types

ProVision supports 18 standard record types, as well as the ability to add a custom/arbitrary record type manually.

Available record types include the following:

  • A
  • A6
  • AAAA
  • CNAME
  • CAA
  • DNAME
  • DNSKEY
  • DS
  • MX
  • NAPTR
  • NS
  • PTR
  • RP
  • SRV
  • TLSA
  • SPF
  • HINFO
  • TXT
  • Other


When working with DNS Zones and Records, additional record types may be manually added by selecting "Other" when adding a new record.

S64 DNS users can use record type "Other" to add "SYNTH"  or "TYPE65464" type records similar to the format below:


$ORIGIN 30 IN TYPE65464 ${p4} PTR ${a4}.pool.example.com.
$ORIGIN 600 IN TYPE65464 ${a4} A ${a4}
$ORIGIN TYPE65464 ${p6} PTR user${a6}.my.example.com.
$ORIGIN 5 IN SYNTH user${a6} AAAA ${a6}
$ORIGIN IN SYNTH nptr-${u} NAPTR 10 20 "A" "" "" srv-${u}
$ORIGIN IN SYNTH srv-${u} SRV 10 20 1234 srv-addr-${u}


However, arbitrary / other record types are unable to be validated, so use with care!

Any user with appropriate resource permissions on the DNS Zone / DNS Group may add, edit, or delete DNS Records.

See Working with DNS Zones - Common Tasks for detailed information on managing DNS Records. 

Global DNS Settings (Local Installation Only)

DNS Global Settings is accessible from the Admin Settings page by users with Admin level permissions. 

To see all options available under DNS Global Settings, see DNS Settings.

DNS Export Functions

Exporting Zones

The are three zone export methods available:


 

Importing DNS Zones:

There are six DNS zone import options, available under the Data Import tab in the Admin section. For more information on importing DNS zones, see Importing your Data and Import DNS Zones


Additional DNS import options may be available on a per-zone or per-server level, accessed from the DNS Tab:

Additional Information:

System Information for Local Installations

Important DNS locations for local installation reference:

Additional Sections:

For more information on DNS and configurations, see the following sections: