|
|
You can configure the Network Registrar DNS server and zones by accepting the system defaults or changing them through the Network Registrar graphical user interface or command-line tool.
This chapter assumes that you have already installed your software by following the instructions in Getting Started with Network Registrar. This chapter describes the Network Registrar DNS server and zone configuration in more detail.
This chapter discusses the following topics:
A zone is a point of delegation in the DNS tree. It contains all the names from a certain point downward, except those that have been further delegated to other zones. A zone delegation point has one or more Name Server (NS) records in the parent zone that should be matched by equivalent NS records at the root of the delegated zone.
The sample company, QuickExample, has registered the domain example.com. Because its parent zone is com., there is an NS record for example.com in the com zone as well as in the example.com zone (Figure 2-1).
Each zone has one primary server, which loads the zone's contents from a local configuration database. Each zone can also have any number of secondary servers, which load the zone contents by fetching the data from the primary server (Figure 2-2).
You can add a zone for which you configure primary or secondary servers. When you configure a name server as the primary server for the zone, you can enter zone data at that time or you can choose to import zone data from an existing BIND data file.
Programs that store information about the domain name space are called name servers. Name servers usually have complete information about some part of the domain name space, called the zone.
You need to configure two types of primary name servers: a primary zone name server and a reverse zone name server. You do not need to create a loopback zone because Network Registrar automatically creates one. A loopback zone is a reverse zone that enables a host to resolve the loopback address (127.0.0.1) to the name localhost. The loopback address is used by the host to enable it to direct network traffic to itself.
The procedure is the same for all primary name servers; they just differ in the zone name. For example, if your primary zone name server is example.com with the address of 192.168.1.1, then your reverse zone is 1.168.192.in-addr.arpa, and your loopback zone is 127.in-addr.arpa.
Step 1 From the Server Manager window (Figure 4-10), select the DNS server that you want to configure as a primary server for the zone.
Step 2 Click the Add toolbar button to display the Add Zone dialog box.
Step 3 Enter the primary server's zone name.
Step 4 Click the Primary button.
Step 5 Click OK.
Step 6 From the Adding Primary DNS Zone dialog box, enter the appropriate information on the associated tab. The minimum information you must supply is SOA, Name Servers, and Hosts.
Step 7 Reload the DNS server.
(a) From the Server Manager window (Figure 4-10), select the server you want to reload.
(b) Click the Control toolbar button.
(c) Click Reload in the Control dialog box.
Step 8 Click OK.
For more information about how to configure a primary server, see the "Configuring DNS Zones" section.
Step 1 From the Server Manager window (Figure 4-10), select the DNS server to configure as a primary server for the zone.
Step 2 Click the Add toolbar button to display the Add Zone dialog box.
Step 3 Enter the zone's name.
Step 4 Click the Primary button.
Step 5 Type the name of the BIND file or click the Browse button to locate the BIND file.
Step 6 Click OK.
Step 7 Reload the DNS server.
(a) From the Server Manager window (Figure 4-10), select the primary zone server you want to reload.
(b) Click the Control toolbar button to display the Control dialog box.
(c) Click Reload.
(d) Click OK.
Step 8 To view or edit the zone properties:
(a) Select the zone from the Server Manager window (Figure 4-10).
(b) Click the Show Properties toolbar button.
From the Server Manager window (Figure 4-10), double-click the primary zone.
Network Registrar displays the zone's SOA record. For more information about the SOA Record tab, see the "Setting Start of Authority" section.
When you initially configure a domain, you should choose a primary name server, and at least one secondary server. The secondary server should be geographically removed from the primary server. It should not be on the same network as the primary server. If it is important that the outside world can always reach you, then you should configure several secondary servers to ensure that at least one of them will be able to supply information about the domain at all times.
If you want to reduce the load on the primary server as it answers queries from machines within its domain, you should configure another secondary server. Because the secondary server is preloaded with all the same zone data that the primary server has, it contains all the local data. The local queries are usually for local data.
Step 1 From the Server Manager window (Figure 4-10), select the DNS server to configure as a secondary server for the zone.
Step 2 Click the Add toolbar button to display the Add Zone dialog box.
Step 3 Enter the zone's name.
Step 4 Click the Secondary button.
Step 5 Click OK.
Step 6 Click the Secondary Zone Configuration tab in the Add Secondary DNS Zone dialog box, and enter the address of the primary server (from which the data will be transferred).
Step 7 Click the Zone Transfers tab, and select to enable or restrict zone transfers.
If you want to restrict zone transfers, enter the IP addresses of those servers from which this secondary zone will accept transfers.
Step 8 Click OK.
Step 9 Reload the DNS server.
From the Server Manager window (Figure 4-10), double-click the secondary zone.
Network Registrar displays the primary name servers for zone transfers.
Step 1 From the Server Manager (Figure 4-10), select the secondary zone.
Step 2 Click the Remove toolbar button.
Step 3 Click Yes to remove the zone.
Step 4 Reload the DNS server.
Step 5 If the server is listed as authoritative in any other zones, you need to remove it, as follows:
(a) From the Server Manager (Figure 4-10), select the zone in which this secondary server is listed as authoritative.
(b) Click Show Properties.
(c) In the DNS Zone Properties dialog box, click the Name Servers tab (Figure 2-10).
(d) Select and delete the name of the secondary name server you want to remove.
(e) Click OK.
(f) Reload the DNS server.
When you first install Network Registrar on a system connected to the Internet, it automatically is a caching-only server. It can pose and answer DNS queries about information that it has cached, but is not authoritative, because you have not yet configured any zones.
Step 1 From the Server Manager (Figure 4-10), select the DNS server that you want to designate as a caching-only server.
Step 2 Click the Show Properties toolbar button to display the DNS Server Properties dialog box.
Step 3 Click the Options tab (Figure 2-7) and verify that the default, Enable recursive queries check box is selected.
Step 4 Click OK.
Step 5 Reload your server to save the changes.
Use the DNS Server Properties dialog box (Figure 2-3) to specify server-wide parameters such as the server's name, its forwarding servers, its root name servers, and a number of advanced options.
The General tab in the DNS Server Properties dialog box displays the cluster name, which is the name of the cluster or host machine to which this server belongs. It also displays the version number, which is the software release number of the Network Registrar DNS server software (Figure 2-3).
Sites that must limit their network traffic for security reasons, because they pay by the packet, or because the network connection is a slow link, can designate one or more servers to be forwarders for the current server. These servers handle all off-site requests before the local server searches for the answer through the Internet. Over time the forwarders build up a rich cache of data that can satisfy most requests.
Forwarders are useful in the following situations:
You may want to restrict the name server even more by stopping it from even attempting to contact an off-site server. Select the Slave mode check box to make the server a slave server (Figure 2-4).
In the DNS Server Properties dialog box, click the Forwarders tab (Figure 2-4).
You can specify multiple forwarders. If the first forwarder does not respond after eight seconds, Network Registrar asks each remaining forwarder in sequence until it receives an answer or until it exhausts the list.
If the DNS server receives no answer, the next step depends on whether you have slave mode on or off.
To add new forwarders:
Step 1 In the DNS Server Properties dialog box, click the Forwarders tab (Figure 2-4).
Step 2 Enter the address of the forwarder or forwarders.
Step 3 Click OK.
Step 1 In the DNS Server Properties dialog box, click the Forwarders tab (Figure 2-4).
Step 2 Select and delete the address of the forwarder you want to remove.
Step 3 Click OK.
Step 1 In the DNS Server Properties dialog box, click the Forwarders tab (Figure 2-4).
Step 2 Select the address of the forwarder you want to edit.
Step 3 Make changes to the address of the forwarder.
Step 4 Click OK.
The Root Name Servers tab of the DNS Server Properties dialog box contains a set of hints about root name servers (Figure 2-5). The root name servers know the addresses of the authoritative name servers for all the top-level domains. When you first start a newly installed Network Registrar DNS server, it uses a set of preconfigured hints (sometimes called root hints) as authorities to ask for the current root name servers.
When Network Registrar gets a response to this root-server query, it caches it just like other response records. Network Registrar uses these cached records as its root-server list. When the cached records expire, Network Registrar repeats the process. Because Network Registrar has a persistent cache, it does not need to requery this data when it restarts.
The Time To Live (TTL) on the official root-server records is currently six days, so Network Registrar will requery every six days, unless you have specified a lower Max. Cache TTL value in the Advanced tab of the DNS Server Properties dialog box. For more information about TTLs, see the Glossary.
Because the configured servers are only hints, they do not need to be a complete set. You should periodically (every month to six months) look up the root servers to see if the information needs to be altered or augmented. The best way to look up the root servers is to ask one of them directly. You can do this by running either the nslookup or the dig command.
Step 1 In the DNS Server Properties dialog box, click the Root Name Servers tab (Figure 2-5).
Step 2 Enter the name and address you want to add.
Step 3 Click OK.
Step 1 In the DNS Server Properties dialog box, click the Root Name Servers tab (Figure 2-5).
Step 2 Select and delete the name and address you want to remove.
Step 3 Click OK.
Step 1 In the DNS Server Properties dialog box, click the Root Name Servers tab (Figure 2-5).
Step 2 Select the name and address you want to edit.
Step 3 Change the name or address.
Step 4 Click OK.
You only need to use the DNS Server Properties dialog box Exception tab (Figure 2-6) to handle your corporation's internal name resolution if you do not want the DNS servers to use the standard resolution method of querying the root name server for certain particular names outside its domain.
Use the Exception tab to handle your corporation's internal name resolution by explicitly listing the domains and name servers you want each DNS server to use for specific queries. By specifying the name servers you want DNS to use, Network Registrar can resolve names without resorting to querying the standard root name servers.
For example, the sample company, QuickExample, has four subsidiaries: red, blue, yellow, and green. Each of them has its own domain under the .com domain. When users at red.com want to use resources at blue.com, their DNS server knows that it is not authoritative for blue.com, and attempts to locate blue.com by asking the root name servers.
These queries cause unnecessary traffic, and in some cases fail because internal resources are often barred from external queries or sites that use private networks that cannot be located because their network addresses are not unique. The Network Registrar exception handling solves these problems.
To use exception handling, the administrator at red.com. lists all the domains that users might want to access, and at least one corresponding name server. In this case, the administrator would list the three other domains for the QuickExample company.
Now when a user at red.com wants to access a server at blue.com, the red DNS server queries the specified blue.com's name server instead of querying the root name server.
Step 1 In the DNS Server Properties dialog box, click the Exception tab (Figure 2-6).
Step 2 Click Add domain name.
Step 3 Click OK.
Step 4 Enter the domain name of the subsidiary you want to access.
Step 5 Enter the address of a name server for that domain.
Step 6 Click OK.
Step 1 In the DNS Server Properties dialog box, click the Exception tab (Figure 2-6).
Step 2 Select the domain name you want to edit.
Step 3 Click Edit domain name.
Step 4 Make the appropriate edits.
Step 5 Click OK.
Step 1 In the DNS Server Properties dialog box, click the Exception tab (Figure 2-6).
Step 2 Select the domain name you want to remove.
Step 3 Click Remove domain name.
Step 1 In the DNS Server Properties dialog box, click the Exception tab (Figure 2-6).
Step 2 Select the domain whose address you want to add.
Step 3 Click Add address.
Step 4 Enter the address.
Note that you can specify multiple addresses (name servers) for each exception domain.
Step 5 Click OK.
Step 1 In the DNS Server Properties dialog box, click the Exception tab (Figure 2-6).
Step 2 Select the domain whose address you want to edit.
Step 3 Select the address you want to edit.
Step 4 Click Edit address.
Step 5 Change the address.
Step 6 Click OK.
Step 1 In the DNS Server Properties dialog box, click the Exception tab (Figure 2-6).
Step 2 Select the domain whose address you want to remove.
Step 3 Select the address you want to remove.
Step 4 Click Remove address.
Choose any of the options on the Options tab (Figure 2-7) by selecting the corresponding check box. These options (except IXFR) apply to all the zones for the server you are configuring.
There are two types of queries: recursive and iterative or nonrecursive. DNS clients typically generate recursive queries. When the query is recursive, the name server asks other DNS servers for any nonauthoritative data not in its own cache. When the query is nonrecursive, the name server either answers the query if it is authoritative for the zone, or has the answer in its cache, or tells the client which name server to ask next.
A query may result in multiple Resource Records of the same name and type being returned. In order to compensate for the fact that most DNS clients start with (and most limit their use to) the first record in the list, you can enable round-robin. This operation causes the Network Registrar DNS server to rearrange the order of the records each time it is queried.
If you enable both round-robin and subnet sorting, Network Registrar first applies round-robin sorting and then applies subnet sorting. The result is that if you have a local answer it will remain at the top of the list, and if you have multiple local A records, Network Registrar will cycle through them.
IXFR controls whether or not secondary zones can request incremental transfer from their primary zone.
NOTIFY, which enables the primary zone to inform its secondary zones when changes have been made, can be used in conjunction with IXFR. They they work well together and ensure more efficient zone updates. For more information about IXFR, see RFC 1995.
Because a master server for a zone does not know specifically which slaves transfer from it, Network Registrar notifies all registered name servers for the zone (name servers listed in the name server Resource Records) when the zone changes. The sole exception to this policy is that Network Registrar does not notify the server named in the SOA mname field (the primary master). For more information about NOTIFY, see RFC 1996.
Choose any of the options on the Advanced tab (Figure 2-8) by selecting the corresponding check box or entering the appropriate values. These options apply to all the zones for the server you are configuring.
The Prefetch glue records check box (Figure 2-8) tells Network Registrar to prefetch additional records that may be helpful when answering certain queries. Glue records are informational records that are included in a response to a query. For example, most answers include Name Server (NS) records, which then cause the inclusion of A records to resolve the NS record name into an address. These A records are the glue records. Selecting the Prefetch glue records option tells the server to find records it would not normally, so it can include them in answers to subsequent queries.
You can choose to enable relaxation of the RFC 2136 restriction on the dynamic update zone name record. This feature allows the name to be any name within an authoritative zone.
To ensure a quick response to repeated requests for the same information, the DNS server maintains a cache of information it has learned from other DNS servers on behalf of its DNS clients. It also remembers negative information, such as "no such name" or "no such data," that it has learned in the same way. It is important to discard this information at some point to accommodate changes that may occur at the authoritative source. The positive information the server learns is always accompanied by a Time To Live (TTL) parameter indicating how long it may be considered valid; negative information is not.
The value in the Negative cache time field (Figure 2-8) represents the length of time negative information will be considered valid. It should be a relatively short period in order to be responsive to the creation of new data at the authoritative source, yet long enough to serve some value to other clients looking for the same nonexistent information, or retries from a single client.
The default value is 600 seconds or 10 minutes.
The Max. cache TTL field (Figure 2-8) allows you to specify the maximum amount of time you want Network Registrar to retain cached information. TTL is the amount of time that any name server is allowed to cache data learned from other name servers. Each record that is added to the cache arrives with some TTL value. When the TTL period expires, the name server must discard the cached data and get new data from the authoritative name servers the next time information is queried. This parameter limits the lifetime of records in the cache whose TTL values are very large.
The Max. memory cache size field (Figure 2-8) allows you to specify how much memory space you want to reserve for the DNS name cache. The more memory allocated for the cache, the less frequently the server will access the disk cache. The default is 200 KB. One entry is approximately 100 bytes.
Clicking Flush now allows you to stop the disk cache file from growing, but the actual behavior depends on whether the DNS server is running or stopped.
If you click Flush now while the server is running, Network Registrar clears all expendable entries from the cache database file. Flushing the cache does not cause the file to shrink in size because of to the nature of the database, but does create free space within it. Because the memory cache is unaffected by this operation, recently in-use cache entries are not lost, and performance is not significantly affected.
If you click Flush now when the server is stopped, Network Registrar interprets the request to flush all entries, and removes the cache database file. Network Registrar will reinitialize the database when you restart the server.
To completely clear a cache that has grown too large, stop the server, and then click Flush now.
If you were experimenting with a new group of name servers, you might want to use nonstandard ports for answering requests and for asking for remote information. The local port and external port settings control which TCP and UDP port the server listens to for name resolution requests, and which port it connects to when making requests to other name servers. The standard values are 53.
In normal operation, if you change these values, the server will appear to be unavailable.
The Debug settings button lets you collect debug information about the DNS server. You should only need to set debug settings if you have been instructed by Technical Support.
Step 1 From the Server Manager (Figure 4-10), select the DNS server for which you want to set debug options.
Step 2 Click the Show Properties toolbar button.
Step 3 Click the Advanced tab on the DNS Server Properties dialog box (Figure 2-8).
Step 4 Click Debug settings.
Step 5 From the Debug Settings dialog box, click Enable Debug.
Step 6 Type in the category as supplied by Technical Support.
Step 7 Check the output destination:
Step 8 Click OK.
You may need to rebuild the Resource Records indexes if you observe resource or host list data that appears inconsistent or if data appears to be missing.
Rebuilding the Resource Records should correct any inconsistencies.
Step 1 From the Server Manager window (Figure 4-10), select the DNS server whose Resource Record indexes you want to refresh.
Step 2 Click the Show Properties toolbar button.
Step 3 Click the Advanced tab of the DNS Server Properties dialog box (Figure 2-8).
Step 4 Click Debug settings.
Step 5 From the Rebuild Resource Records dialog box, choose to rebuild indexes for all zones now.
Step 6 Click OK.
There are a number of Network Registrar features that you can only configure through the Command Line Interface. For more information, see the Network Registrar CLI User Guide and the Network Registrar CLI Reference Manual.
Table 2-1 describes the operation and its associated command or commands.
| Operation | Command |
|---|---|
Changing IXFR interval | nrcmd dns ixfr-expire-interval command |
Fine-tuning NOTIFY | nrcmd dns notify* commands |
nrcmd dns hide-subzones command | |
Limiting IXFR transfers | nrcmd dns remote-dns command |
Listing static and dynamic addresses | nrcmd zone listRR command |
Removing dynamic Resource Records | nrcmd zone removeDynRR command |
Removing zone records after zone deletion | nrcmd zone cleanRR command |
Use the DNS Zone Properties dialog box (Figure 2-9) to add or delete hosts from a zone, specify the authoritative servers for the zone, configure zones for dynamic DNS update, and edit individual Resource Records.
The Start of Authority (SOA) record (Figure 2-9) designates the top of the zone in the DNS inverted-tree namespace. There must be only one SOA record per zone.
The Name field (Figure 2-9) displays the name of the zone you specified when you created the zone. You cannot edit this field.
The TTL field (Figure 2-9) allows you to specify the Time To Live in seconds for this record. Enter the value that is appropriate for the zone. For more information about TTLs, see the Glossary.
The Contact email address field (Figure 2-9) allows you to specify the e-mail address for the person responsible for the name server. Remember to use a period instead of an @ sign.
You can use an actual person's e-mail name or use an alias such as hostmaster. In either case, it must be a valid e-mail address for someone who can handle potential problems.
The Name of primary server field (Figure 2-9) allows you to specify the name of the server you are configuring. You can specify the relative name and Network Registrar will add the rest of the domain specification, or you can use the fully qualified domain name that ends with a period.
A Primary server uses a serial number to indicate when its database has changed. Secondary servers check this serial number to determine whether they must update their zone data. You can only enter a serial number the first time you configure a zone. Thereafter, Network Registrar increments the serial number every time it makes a change to the database.
Enter a positive integer in the Serial number field (Figure 2-9).
The Secondary refresh time is how often a secondary name server checks the primary server for an update. A good value is from one hour to one day, depending on how often you expect to change zone data, and how quickly the secondary servers must notice.
Specify the amount of time in seconds in the Secondary refresh time field (Figure 2-9).
If you are using NOTIFY, you can set the refresh time to a larger value without causing long delays between transfers, because NOTIFY forces the secondary servers to notice when the primary data changes. For more information about NOTIFY, see the "Enabling NOTIFY" section.
The Network Registrar DNS server uses the Secondary retry time between successive failures to check for an update. If the refresh interval expires and an attempt to poll for an update fails, the server will continue to attempt to retry until it succeeds. A good value is one-third to one-tenth of the refresh time.
Specify the amount of time in seconds in the Secondary retry time field (Figure 2-9).
The Secondary expire time is the longest amount of time that a secondary name server can claim authority for zone data when responding to queries when it has failed to update a zone. Set this to a large number that provides enough time to survive extended failure of the primary server, such as a week or more.
Specify the amount of time in seconds in the Secondary expire time field (Figure 2-9).
The Minimum TTL field (Figure 2-9) allows you to specify the minimum TTL value to be used in all query operations that retrieve Resource Records from this zone. Whenever a Resource Record is sent in a response to a query (for which this server is authoritative), the TTL field is set to the maximum of the TTL field from the Resource Record and the minimum field specified here. Thus, the minimum value is a lower bound on the TTL field for all Resource Records in this zone. This value is also the zone default TTL for all records that you have configured with a TTL of "-".
A zone must have at least one name server. The name servers that you enter on the Name Servers tab (Figure 2-10) must match those specified in the parent domain's delegation for this zone. You can configure the servers to be authoritative for the zone as either primary or secondary servers.
The name servers you list on the Name Servers tab (Figure 2-10) should be the name server resolvers that you want people outside your organization to query when requesting resolution of names within the zone.
The TTL field shows the shortest Time To Live for all the Name Server (NS) records in the authoritative server list. If you change it, you change the TTL value for all the NS records in the authoritative server list.
Step 1 In the DNS Zone Properties dialog box, click the Name Servers tab (Figure 2-10).
Step 2 In the TTL field, enter the TTL value.
Step 3 Click OK.
Step 1 In the DNS Zone Properties dialog box, click the Name Servers tab (Figure 2-10).
Step 2 Click Add.
Step 3 Enter the name you want to add.
Step 4 Click OK.
In the DNS Zone Properties dialog box, click the Name Servers tab (Figure 2-10).
Step 1 In the DNS Zone Properties dialog box, click the Name Servers tab (Figure 2-10).
Step 2 Select the name you want to change.
Step 3 Click Edit.
Step 4 Make the changes in the Name field.
Step 5 Click OK.
Step 1 In the DNS Zone Properties dialog box, click the Name Servers tab (Figure 2-10).
Step 2 Select the name you want to remove.
Step 3 Click Remove.
From the DNS Zone Properties dialog box (Figure 2-9) you can add, edit, or remove hosts from a specific zone on a DNS server. This dialog box lets you establish or change the permanent name-to-IP-address associations for the zone.
Using this dialog box is a convenient way of automatically adding hosts to reverse zones, and keeping the host information up-to-date as you add and remove hosts. For more information about reverse zones, see the "Inverse Name Servers" section.
Step 1 From the Server Manager window (Figure 4-10), select the zone to which you want to add a host.
Step 2 Click the Show Properties toolbar button.
Step 3 In the DNS Zone Properties dialog box, click the Hosts tab (Figure 2-11).
Step 4 Click Add.
Step 5 In the Add Host dialog box, enter the required host name and addresses, optional aliases, MX records, and whether you want to have Network Registrar automatically generate reverse mapping records.
Step 6 Click OK to add this host, or click Apply to continue adding hosts.
After you click OK, Network Registrar returns to the Hosts tab of the DNS Zone Properties dialog box and displays the new host or hosts.
Step 1 From the Server Manager window (Figure 4-10), select the zone that contains the host you want to remove.
Step 2 Click the Show Properties toolbar button.
Step 3 In the DNS Zone Properties dialog box, click the Hosts tab (Figure 2-11).
Step 4 Select the host name you want to remove.
Step 5 Click Remove.
Network Registrar updates the host list to show the current hosts.
Step 1 From the Server Manager (Figure 4-10), select the zone that contains the host you want to edit.
Step 2 Click the Show Properties toolbar button.
Step 3 In the DNS Zone Properties dialog box, click the Hosts tab (Figure 2-11).
Step 4 Select the host name you want to edit.
Step 5 Click Edit.
Step 6 In the Edit Hosts dialog box, make the necessary changes to the host name, address, alias, or MX record.
Step 7 Click OK to make the changes effective and return to the Hosts tab of the DNS Zone Properties dialog box.
When you edit a host, the Generate reverse mapping records check box is selected if there is a reverse zone for any of the addresses associated with that host. In other words, if some addresses have corresponding reverse zones and others do not, the check box is selected.
If you click OK, Network Registrar displays a warning dialog box for each of the addresses that do not have a corresponding reverse zone. This is a normal result. Clicking OK to close these warning dialog boxes is not harmful and results in Network Registrar generating reverse mapping records only for those addresses for which corresponding reverse zones exist.
There are two types of DNS servers: primary name servers and secondary servers.
Use the options on the Zone Transfers tab (Figure 2-12) to allow zone transfers to any server that requests zone data, restrict the servers you will allow to perform zone transfers, or prevent all zone transfers.
Use the restrict zone transfers feature either for security reasons or to reduce the load on the primary name server by restricting the servers you will allow to request a copy of the zone data.
Step 1 In the DNS Zone Properties dialog box, click the Zone Transfers tab (Figure 2-12).
Step 2 Click Restrict zone transfers to the following addresses.
Step 3 Type the addresses of the servers that you have allowed to perform zone transfers.
You can use network numbers, such as 192.168.1.0, or host addresses, such as 192.168.1.100.
Step 4 Click OK.
Use the disable zone transfers feature either for security reasons or to reduce the load on your primary name server by preventing servers from requesting a copy of your zone data.
Step 1 In the Zone Properties dialog box, click the Zone Transfers tab.
Step 2 Click Restrict zone transfers to the following addresses.
Step 3 Leave the address list blank.
Step 4 Click OK.
Using DHCP and dynamic DNS update, a host is automatically configured for network access whenever it attaches to the IP network. The host can be located and accessed using its permanent, unique DNS host name. Mobile hosts, for example, can move freely around on a network without end-user or administrator intervention.
Step 1 In the DNS Zone Properties dialog box, click the DHCP tab (Figure 2-13).
Step 2 Select the Enable dynamic DNS updates check box.
Step 3 Specify the address of the DHCP servers from which DNS allows updates to this zone.
If you do not list a DHCP server, the update does not occur. You must do this for both the forward and reverse zones.
Step 4 Configure each DHCP server with the address of the appropriate DNS server.
Enter information about subzones in the Subzones tab (Figure 2-14).
Establish subzone delegation by performing the following tasks:
After you have decided to divide the zone into subzones, you must create names for them. You should involve the people responsible for the subzone in the naming, and you should try to maintain a consistent naming scheme that makes sense to people outside your organization.
The following are some suggestions for how to avoid naming problems:
In choosing a name, keep in mind how often people must remember the name, and how often they will use it. Select a name that is easy to remember and easy to spell.
After you have chosen a name for the subzone, you must specify the hosts that will serve as the subzone's name servers. The information you specify here is what the parent domain's name servers will use when they are queried about the subzone. If you want to ensure that the subzone is always reachable, you should specify two name servers.
The addresses that are required are ones that could not be learned without knowing the address, for example, any subzone's name servers whose names are in or below the subzone.
Whenever a name server for a subzone changes its name or IP address, its administrator must inform its parent domain so that the parent can change the name server and glue records for the subzone. If the subzone's administrator neglects to inform its parent, the glue records will be invalid.
The common symptom of an invalid glue record is the inability of a host to access a host in a different domain by its domain name while being able to access that host by its IP address.
If the name server is in the parent domain or some other domain, add a Name Server (NS) record. If the name server is within the subzone being delegated, you must add a NS record and a glue A record so that the domain can find the name server.
Step 1 From the Server Manager window (Figure 4-10), select the zone that you want to subdelegate and click Show Properties.
Step 2 From the DNS Zone Properties dialog box, click the Subzones tab (Figure 2-14).
Step 3 Click Add.
Step 4 In the Add Subzones dialog box, enter the name of the subzone, for example, enter north.example.com if the zone name is example.com.
Step 5 Click Add Name Server.
Step 6 From the Add Name Server dialog box, enter the fully qualified domain name (FQDN) of the name servers for this subzone.
Step 7 Click OK.
Step 8 If the name server is with the subzone, click Add glue record.
Step 9 From the Edit Glue Record dialog box, enter the IP address for the selected name server listed in step 6.
If you have specified several name servers that require glue records, select each one individually and then specify its corresponding glue record.
Step 10 Click OK.
Step 11 Click OK.
To see the delegation records for the subzone you have created, go to the Resource Records tab and look for the NS record for the subzone and the A record for the glue record.
Step 1 From the Server Manager window (Figure 4-10), select the zone that contains the delegation you want to delete and choose Properties.
Step 2 From the DNS Zone Properties dialog box, click the Subzones tab (Figure 2-14).
Step 3 Select the delegation you want to delete.
Step 4 Click Remove.
Step 5 Click OK to return to the Server Manager window.
Step 1 From the Server Manager window (Figure 4-10), select the zone that contains the delegation you want to edit and choose Properties.
Step 2 From the DNS Zone Properties dialog box, click the Subzones tab (Figure 2-14).
Step 3 From the Subzones list, select the delegation you want to edit.
Step 4 Click Edit.
Step 5 In the Edit Name Server dialog box, click any name server or glue record button and make the necessary changes.
Step 6 Click OK.
Step 7 Click OK.
To see the changes you have made, click the Resource Records tab (Figure 2-15).
Although most of the additions or changes to the host records should be made through the Hosts tab, you can use the Resource Records tab (Figure 2-15) to make specific changes to records by type.
For more information about the different types of Resource Records, see the "Resource Records" appendix.
Step 1 From the Server Manager window (Figure 4-10), select the zone to which you want to add records.
Step 2 Click the Show Properties toolbar button.
Step 3 From the DNS Zone Properties dialog box, click the Resource Records tab (Figure 2-15).
Step 4 Click Add.
Step 5 Click the appropriate Resource Record tab: Generic, A, MX, CNAME, NS, or PTR.
Step 6 Enter the appropriate information.
Step 7 Click Apply to continue to add Resource Records, or click OK to finish.
Step 1 From the Server Manager window (Figure 4-10), select the zone whose records you want to remove.
Step 2 Click the Show Properties toolbar button.
Step 3 From the DNS Zone Properties dialog box, click the Resource Records tab (Figure 2-15).
Step 4 Click in the Name field to select the zone record you want to remove.
Step 5 Click Remove.
Step 1 From the Server Manager window (Figure 4-10), select the zone you want to edit.
Step 2 Click the Show Properties toolbar button.
Step 3 From the DNS Zone Properties dialog box, click the Resource Records tab (Figure 2-15).
Step 4 Click in the Name field to select the zone record you want to edit.
Step 5 Click Edit.
Step 6 Enter the changes in the Edit Resource Record dialog box.
Step 7 Click OK.
Step 1 From the Server Manager window (Figure 4-10), select the zone whose records you want to display.
Step 2 Click the Show Properties toolbar button.
Step 3 From the DNS Zone Properties dialog box, click the Resource Record tab (Figure 2-15).
Step 4 Select the record type you want to display.
Step 5 Click Filter.
Posted: Thu Nov 18 12:13:33 PST 1999
Copyright 1989-1999©Cisco Systems Inc.