DNS Administration

The DNS Admin tab contains 5 different functional areas: managing DNS server, performing bulk zone assignments to a resource, performing bulk record changes over all zones, managing default name server, transfering zones, and a collection of links for other useful DNS functions.

DNS Functions

Defaults and Options

• Default TTL: in seconds, default value is 3600 

• Default Refresh: in seconds, default value is 14400

• Default Retry: in seconds, default value is 3600

• Default Expire: in seconds, default value is 604800

• Default Minimum: in seconds, default value is 3600

• Default SOA: Server Of Authority and hostmaster contact. E.g. ns1.domain.com. hostmaster.domain.com.

• $GENERATE IPv4 by default: Set to '1' to generate reverse IPv4 DNS hostnames for non specific PTRs. This is similar to $GENERATE in standard bind.

• $GENERATE IPv4 Suffix: Set to forward suffix to append to PTR for $GENERATE Example: .available.domain.com.

• DNS Server for DNSSEC validation: required to be a non-authoritative name server. 
  
  

Edit DNS Record Types

The "Edit DNS Record Types" will allow you to manage what types of DNS records can be added in the system.  The default values are:

• • A, AAAA, MX, PTR, CNAME, NS, DIRECTIVE, DNAME, DNSKEY, DS, INCLUDE,  IPSECKEY, COMMENT,  TXT, KEY, SOA, and SRV
  • The complete list of valid record types can be found the RFCs.  Wikipedia provides a nice reference: http://en.wikipedia.org/wiki/List_of_DNS_record_types

Edit DNS Delegations

Generate all DS records for DNSSEC

• This link will generate and output all DS records in the database.  This is provided to easily bulk upload all DS keys to your domain registrar.

Generate zip file of all zones

• This link generates a single .zip file containing all zones for download.  Once a zip file has been generated, a quick link is provided at the bottom of this section with datestamp to be downloaded later if needed.

Increment All Serials

• Increment all zone serial numbers by one.  All zone serials are automatically incremented on a zone push, but if there is ever any other requirement for an increment, it can be performed here.

DynECT Zone Import

• Imports and syncs ALL zones on the system with those in your DnyECT instance.  This means any zones in ProVision not present in your DynECT instance will be removed and any changes lost.

PowerDNS Zone Import

• Option is available after configuring a PowerDNS server with a MySQL backend.  Connects to the selected server and imports all zones.

DNS View ACL Management

• Manage ACLs for use in DNS Views.

DNS Zone Transfers

This section lists every server configured in the platform, along with how many zones are assigned to the server.

How to transfer zones:
 

• Check the boxes and click the Push the button to transfer zones to the target server.

Manage DNS Servers

This is where you configure DNS servers to transfer zones to from the ProVision platform.  ProVision currently supports the following DNS server types: BIND, PowerDNS (using a bind backend), DynECT, and Secure64.  The fields available for configuring servers are as follows:

• Server - The FQDN or ip address of the DNS server.

• Default - Specify if the server should be added to new zones by default or not.
• Transfer Type - SCP, Secure64, Secure64 Signer, and DynECT.  Note that the SCP method should be used for PowerDNS with a Bind backend.
• Server Type - Specify if the server is a master or slave.  Different configuration files are created master vs. slave on the Bind, PowerDNS/Bind, and Secure64 platforms.
• SOA - Start of Authority, should be in the format "SRI-NIC.ARPA. HOSTMASTER.SRI-NIC.ARPA.".  For more information, see the RFC: http://tools.ietf.org/html/rfc1033
• Username - Login/username for the target DNS server.  The specified account needs to be valid, and have write permission to the remote directory and execute permission for any pre/post commans.
• Password - Password for the target account.  All passwords are stored encrypted in the database.
• Port - Port to contact the target server on.  This is port used for SSH on Bind and Secure64 server types.
• Remote Directory - The target directory to transfer zone files to on the DNS system.
• Named Conf Path - The path to other zones on the Bind systems.
• Pre Command - Any valid system command on the target DNS system.  This command will be run before any files are transferred.
• Post Command - Any valid system command on the target DNS system.  This command will be run after any files are transferred.  For example, on a Bind system you would need to run "rndc reload" to reload the zones.

The "Test Config" button will attempt to login to the target system and write to the target directory.  If any failures are encountered, an error will be written with some detail.  If the test is successful, the word "Success!" will show verifying that files can be transferred.  This does not test if the user can execute pre/post commands.  This needs to be checked manually.

Views

Enable Views - Select Yes to enable views on a particular server.  You must click "Update Server" to show the view options.

To enable your Bind server to use zones transferred from 6connect, you must add the following to your named.conf.

include "/var/named/zones/6connect_named.conf";

When views are enabled on a server, all zones/records attached to a server are immediately put into the default view 6connectGeneric that contains a match any rule.  For example, here is a sample of the named.conf include generated by ProVision:

view "6connectGeneric" in {

        match-clients { any; };

        zone ...

        zone ...

};

All views attached to a server are displayed under the "Views" label.  When you enable views on a Bind server, you must wrap all other zones in named.conf or any includes in view statements. The include line for the 6connect conf file should also be move above any other view statements.  An example is below:

include "/var/named/zones/6connect_named.conf";

view "hints" {

      match-clients { any; };

      zone "." {type hint; file "named.root";};

};

view "zones-outside-of-6connect" {

match-clients { some-acl; };

zone ....

};

Adding a View

To add a view just type in the view name, and a description (for reference only).  The config files transferred to the server will automatically be built according to the server type.

﹤insert image﹥

Adding Options to a View

Adding ACLs to Views

You can select an existing ﹤link to ip list creation﹥IP List﹤/link﹥ to create a view ACL.  For a Bind server, this creates a corresponding line in the config: match-clients { 6connect_Internal; };  The 6connect_ is prefixed to all IP lists inserted by ProVision.

Bulk Zone Assignments

The Bulk Zone Assignment function allows you to assign multiple zones to a resource in one step.  The system will perform a wild card style match for any text in the search box and return all matching zones and display them in a list.  You can then assign all the zones found to a resource as either a master or slave.

Bulk DNS Changes

The Bulk DNS Editor allows an Admin to perform "find and replace" functions across all DNS zones.  It will match the host and/or record type and/or record value across the entire zone database.  Unless the "Strict Comparison" box is checked, it will use wildcard style matches for the host and record values.

Nameserver Management

This function controls the list of DNS servers used for pre populating DNS records with NS records.

Notes

General DNS configuration information is located under the main Admin tab in the DNS section.  That is where you can set defaults for other SOA options, generated reverse DNS information, and a DNSSEC validation server.

System Information for Local Installations

Zones are stored in the 6connect web root under /zones.

DS keys are stored in the 6connect web root under /keys.

Additional Information:

For more information on DNS and configurations, see the following sections.