4PSA DNS Manager Administrator's User Guide

Transcription

1 4PSA DNS Manager Administrator's User Guide For more information about 4PSA DNS Manager, check: Copyrights Rack-Soft, Inc.

2 Administrator's User Guide Manual Version at 2010/04/19 18:10:20 For suggestions regarding this manual contact: All rights reserved Distribution of this work or derivative of this work is prohibited unless prior written permission is obtained from the copyright holder. 4PSA is a Registered Trademark of Rack-Soft, Inc. Plesk is a Registered Trademark of Parallels, Inc. Linux is a Registered Trademark of Linus Torvalds. RedHat is a Registered Trademark of Red Hat Software, Inc. FreeBSD is a Registered Trademark of FreeBSD, Inc. All other trademarks and copyrights are property of their respective owners.

3 Table of Contents Preface... 7 Who Should Read This Guide... 7 Chapter 1. About 4PSA DNS Manager Where to Use 4PSA DNS Manager PSA DNS Manager Features... 9 Chapter 2. Logging In to 4PSA DNS Manager Chapter 3. Performing Administrative Tasks Managing Administrator Accounts Creating a New Administrator Account Editing Administrator Information Removing Administrator Accounts Managing User Sessions Backing Up DNS Records Backing Up All DNS Zones on the Server Backing Up Client DNS Zones Backing Up a DNS Zone Chapter 4. Managing Client Accounts Creating a New Client Account Removing a Client Account Managing a Client Account Managing Client's DNS Zones Creating a New DNS Zone Editing DNS Zones Managing DNS Records Changing the owner of one or more DNS zones Global operations on DNS zones Glue Records SPF Rules Removing DNS Zones Managing Client Settings Zone SOA Settings Permissions... 59

4 Limits Group operations on client accounts Enabling / Disabling Client Accounts Editing Client Information Managing DNS Templates Creating a New DNS Template Managing a Template's DNS Records Managing a Template's IPs Editing DNS Templates Removing DNS Templates Managing DNS Zones Remote Update Locations Creating a New Remote Update Location Editing Settings of a Remote Update Location Removing a Remote Update Location Removing Client Accounts Managing Custom Buttons Available for a Client Adding Custom Buttons Editing Custom Buttons Removing Custom Buttons Client Group Operations DNS Zone Settings for a Client Group Permissions for a Client Group Limits for a Client Group Impersonate Chapter 5. Managing DNS Zones Adding a New DNS Zone Adding a Single or Multiple DNS zone names Editing DNS Zones Enabling/Disabling Zones Transfer IP Addresses Managing Round Robin Polls Setting SOA Parameters Checking the Nameservers Managing DNS Records Adding DNS Records Editing a DNS record Removing DNS Records Changing the Owner of One or More DNS Zones

5 Global operations on DNS zones Glue Records SPF Rules Removing DNS Zones Chapter 6. Setting Server Preferences Available options Setting Server-Wide DNS Templates Creating a New Sever Global DNS Template Editing Server Global DNS Templates Removing Server Global DNS Templates Manage Notifications Customize Content File Template Editing a file template Configuring DNS Manager settings Global Transfer IPs Setting Interface Preferences Manage Interface Languages View the Language List Add Interface Languages Delete Interface Languages Manage Interface Skins View the Skins List Add a New Skin Delete Skins Managing Login Preferences Managing the Access Policy Configure the Allow or Deny Policy Add Allowed or Denied Network Managing Notifications Managing Custom Buttons Adding Custom Buttons Editing Custom Buttons Removing Custom Buttons License Management

6 XML export XML import Chapter 7. Command Line Configuration Low Level Engine Configuration Monitoring script configuration file Chapter 8. Remote Update Location Configuration PSA DNS Manager as a Secondary Server PSA DNS Manager as a Primary Server Appendix A. Supported Dump File examples

7 Preface Who Should Read This Guide This User's Guide must be read by the administrator of the 4PSA DNS Manager server. The client will also find useful certain sections of this User's Guide. The manual is structured in such a way that needed information can easily be found in its sections Administrator's User Guide 7

8 Chapter 1 About 4PSA DNS Manager PSA DNS Manager is a server-level application that allows users to manage DNS Zones. With 4PSA DNS Manager you can create and manage DNS Zones and DNS Records, backup DNS Zones, manage DNS templates, gather DNS information from remote servers, etc. Thanks to its advanced features, 4PSA DNS Manager is the ideal tool for automatic DNS management. 4PSA DNS Manager can load DNS Zone names from remote servers, regardless of the control panel or operating system that runs on these servers. Where to Use 4PSA DNS Manager Unlike other DNS management applications, 4PSA DNS Manager offers superior automation features and a friendly client level interface. Clients who use hosting services will find 4PSA DNS Manager to be a very easy to use solution. Most DNS applications are frustrating; it is a known fact that even some administrators do not fully understand all DNS functions. With 4PSA DNS Manager these problems have become history. Below you can find several utilization scenarios: Administrator's User Guide 8

9 Centralize DNS information from multiple servers. You will be able to offer two name servers no matter how many hosting servers you have and what platform or control panel is used on these. The centralization process is automatic and you do not have to add DNS Zone information to the 4PSA DNS Manager server. Interface scripts for most popular hosting panels like Plesk, Cpanel, Ensim, InterWorx Control Panel and Helm are included. Offer DNS redundancy. 4PSA DNS Manager can act as a secondary DNS server, gathering Zone names from all the participant servers and automatically updating DNS Zone information. Offer DNS hosting. Hosting companies can use your services for DNS redundancy. Because no work is actually required to update the list of DNS Zones, DNS hosting becomes a very simple task. Clients will love the nice interface and the Zone validation. 4PSA DNS Manager Features 4PSA DNS Manager offers the following features: Administrator and client management levels System designed for automatic DNS hosting Client permissions and limits Command line creation utilities Supports both RFC1912 and timestamp SOA Serial number formats SOAP API third party integration DNS Zone Management: Advanced Reverse DNS Zones management Create DNS Zones in interface (single Zones or from file) Master/Slave Zones supported A, AAAA, CNAME, NAPTR, NS, MX, PTR, SRV, TXT Records supported Advanced Record management with owned and wide server level and client level DNS templates support Update DNS Zone information from remote servers (can retrieve the list of DNS Zones added in any control panel interface) Per server or per client Start of Authority (SOA) Records: refresh time, retry time, expire time, minimum TTL, default TTL Automatic query of reverse DNS Administrator's User Guide 9

10 Supports E 164 zones Remote update locations management: Remote Zone types / Update interval Remote update statistics Advanced parallelism and QoS settings for maximum performance Backup DNS Zones in CSV format: Server level backup (backups for all DNS Zones on the server) Client level backup (backups for all DNS Zones owned by a client) Backups for separate DNS Zones Runs on Red Hat servers. It can be installed on servers running Plesk (the Plesk server will be the centralized DNS server) Automatic import scripts for Plesk, Ensim, InterWorx Control Panel, Helm and Cobalt are included in the package Create and manage client DNS templates DNS Server monitoring with administrator alerting notifications triggered by the actions of clients, administrators or other events Custom buttons support (that allow users to link and interact with other systems) Users sessions management with advanced options Foreign and new.net domain names support Skin-able interface Language packs capabilities Administrator's User Guide 10

11 Chapter 2 Logging In to 4PSA DNS Manager You can log in to the 4PSA DNS Manager interface at <installation_url>:8550/ using an Administrator account. A default Administrator account is set up during 4PSA DNS Manager installation. The default administrator username is admin and the password must be chosen during installation. The 4PSA DNS Manager navigation menu is available on the left side of your screen. The navigation menu makes it easy for the administrator to manage client and administrator accounts, DNS Zones and Records and server-wide settings Administrator's User Guide 11

12 Chapter 3 Performing Administrative Tasks The administrator can perform various administrative tasks: Manage administrators' accounts Manage user's sessions Backing up DNS records In order to access this area, the administrator must click the Settings link available in the navigation menu. Managing Administrator Accounts 4PSA DNS Manager allows multiple accounts with administrative rights. In order to manage Administrator accounts, the administrator must click the Admin accounts button located in the Options area of the Server settings page Administrator's User Guide 12

13 In the Administrator accounts management page the administrator can add new accounts, view a list of existing accounts, search and delete a chosen account. The following details are available in the Administrator accounts list: Administrator name The name of the person who owns the account with administrative rights Company name The name of the administrator's company Created The date when the Administrator account was created on the system The information can be sorted by administrator name, company, or creation date by clicking the table header links. When you are looking for a specific administrator account, you can use the available text box and the two additional links: Search - By clicking this link, all the administrator names matching the text filled in the text box will be displayed. Show all - After the administrators' list was filtered, you may click this link to discard the filter and display all the administrator accounts. If you want to hide/reveal the search options, click the Toggle search link. Creating a New Administrator Account To create a new account with administrative rights, the administrator must click the Add Admin account button. In order to create the new Administrator account the administrator must enter all the required details: Company name This is the administrator's company name Contact Name This is used by the 4PSA DNS Manager to identify the administrator Login This is the username that the administrator must provide in order to log in the 4PSA DNS Manager interface The Login name must be unique in the system Administrator's User Guide 13

14 Password This is the password that the administrator must provide in order to log in the 4PSA DNS Manager interface The Password should be 6 to 14 characters long and should not contain quotes, spaces or national alphabet characters. For security reasons the Password cannot be the same as the Login name. Confirm Password This is required to make sure the correct password is entered Phone This is the administrator's phone number Fax This is the administrator's fax number This is the administrator's address, which is used as the default bounce address for the administrator's domains Address This is the administrator's postal address City This is the administrator's city Postal/ZIP code This is the administrator's ZIP or postal code State - This is the administrator's state Country This is the administrator's country Language - The language of the administrator's interface Admin s - s can be added here The required fields are marked with an asterisk. Click OK to create the new Administrator account. Click Cancel, if you want to return to the previous page without creating the account. Editing Administrator Information The administrator can modify the details of existing Administrator accounts. In order to edit an existing account, click the chosen administrator name in the list. The details of the chosen account can be modified. The required fields are marked with an asterisk. Click OK to save the changes you have made. Click Cancel, if you want to return to the previous page without saving these changes Administrator's User Guide 14

15 Removing Administrator Accounts To remove one or more administrator accounts from the system, follow these steps: 1. Choose the administrator accounts you want to delete by selecting their corresponding check boxes. 2. Click the Remove selected link. 3. Review the list. If you want to proceed with the removal, select the Confirm the removal check box and click OK. Otherwise, click Cancel to return to the previous page without deleting anything. The currently logged in administrator cannot be removed and therefore its corresponding check box from the Administrator accounts list is disabled. Managing User Sessions 4PSA DNS Manager allows the administrators to view a list of sessions established by the users who have logged in to the system. In order to manage user sessions, the administrator must click the the Options area of the Server Settings page. Sessions button located in In the Sessions management page, the administrator can view a list of all sessions, search and terminate sessions. The following information is available: T This column displays the account type of the user who generated the corresponding session: Administrator account or Client account. Login The username used to login Client Name The name of the corresponding user Login time The date and time when the session was started Expire time The time left to the end of the user session IP Address - The IP address the user logged in from To terminate an existing session, enable its corresponding check box and click the Remove selected link. 4PSA DNS Manager will ask for your confirmation before terminating sessions. You can terminate one or more sessions at the same time Administrator's User Guide 15

16 Backing Up DNS Records The administrator can create a CSV file backup of the DNS Records available on the server. The backup can be performed for all DNS Zones available on the server, for all DNS Zones that belong to a client, or for a chosen DNS Zone. Backing Up All DNS Zones on the Server In order to create a local backup containing complete information for all DNS Zones available on the server, the administrator must follow the DNS Zones link available in the navigation menu. Click the Backup DNS Zones button available in the Tools area. A file download dialog box opens. Select the name of the file and the path on your local machine where you want to save the file. The file contains the list of the DNS Records for all the DNS Zones available on the server. Backing Up Client DNS Zones In order to create a local backup containing complete information for all DNS Zones that belong to a client, the administrator must click the Clients link available in the navigation menu. The list of clients is available in the Clients area. The administrator must click the chosen client name, then on the available in the Tools area. Backup DNS Zones button A file download dialog box opens. Select the name of the file and the path on your local machine where you want to save the file. The file contains a list of the DNS Records for all the domains that belong to the chosen client. Backing Up a DNS Zone In order to create a local backup for a chosen DNS Zone available on the server, the administrator must follow the DNS Zones link available in the navigation menu Administrator's User Guide 16

17 In the DNS Zones area the administrator can view a list of DNS Zones available on the server. Click the chosen DNS Zone name and next on the Backup DNS Zone button. A file download dialog box opens. Select the name of the file and the path on your local machine where you want to save the file. The file contains a list of the DNS Records for the chosen domain Administrator's User Guide 17

18 Chapter 4 Managing Client Accounts The server administrator can manage client accounts. The following actions are available: Create new accounts Set client permissions and limits Create and manage client DNS templates Edit client information Manage DNS Zone remote update locations Delete existing client accounts In order to access this area, the administrator must click the Clients link available in the navigation menu. In the Clients management page, the administrator can view a list of all the system clients, search and remove clients. The following details are available in columns: Administrator's User Guide 18

19 or S This column displays the status of the corresponding client: inactive. Click the icon to change the status. active A The icon in this column shows if the client can access the control panel. - the client is allowed to access the control panel. - the client is not allowed to access the control panel. Click the icon in this column to allow/deny the client to access the control panel. Client name The name of the client. Click the link to enter the client's management page. Company name The name of the client's company. Created The date when the Client account was created. DNS Zones The number of DNS Zones the client has in 4PSA DNS Manager. The information can be sorted by status, client name, company name, creation date, and DNS Zone number by clicking the table header links. When you are looking for a specific client, you can use the available text box and the two additional links: Search - By clicking this link, all the clients' names matching the text filled in the text box will be displayed. Show all - After the clients' list was filtered, you may click this link to discard the filter and display all the client accounts. If you want to hide/reveal the search options, click the Toggle search link. Other operations can be performed by using the following action links: Show columns - You can filter the columns displayed in the table by clicking this link. Group operations Choose the desired clients from the list by selecting their corresponding check boxes and click this link to make group changes to all the selected clients Administrator's User Guide 19

20 Creating a New Client Account In order to create a new Client account the administrator must click the Add Client account button in the Tools area of the Clients management page, and enter the information required to create a new account. The Login name must be unique in the system. The Password should be 6 to 14 characters long and should not contain quotes, spaces or national alphabet characters. For security reasons, the Password cannot be the same as the Login name. The required fields are marked with an asterisk. Click OK to create the new Client account. Click Cancel, if you want to return to the previous page without creating the account. Removing a Client Account To remove one or more client accounts from the system, follow these steps: 1. Choose the client accounts you want to delete by selecting their corresponding check boxes. 2. Click the Remove selected link. 3. Review the list. If you want to proceed with the removal, select the Confirm the removal check box and click OK. Otherwise, click Cancel to return to the previous page without deleting anything. Managing a Client Account The administrator can manage DNS zone settings, permissions and limits, DNS Templates, backups of the dns zones, remote update locations and custom buttons for a client account. The Client's management page is divided in three sections: Tools - This sections contains the following buttons: Administrator's User Guide 20

21 - Switch client off OR - Switch client on Edit account details - Click this button to edit the respective client account's details Client settings - Click this button to edit the Zone SOA Settings, Permissions and Limits for the respective client account. For more information, please read the Managing Client Settings section. DNS Templates - Click this button to edit the DNS Templates of the respective client account. For more information, please read the Managing DNS Templates section. Add DNS Zones - Click this button to add a DNS zone for the respective client account. For more information, please read the Managing Client's Zones sections. Remote updates - Click this button to manage the remote update locations of the respective client account. For more information, please read the Remote Update Locations section. Backup DNS Zones - Click this button to backup the DNS zones of the respective client account. Custom buttons - Click this button to manage the custom buttons of the respective client account. For more information, please read the Managing Custom Buttons Available for a Client section. Impersonate - Click this button to impersonate the respective client account. For more information, please read the Impersonate section Administrator's User Guide 21

22 XML export - Click this button to export all client's data into XML format. Custom Buttons - This section displays all the available custom buttons of the respective client account. For more information on custom buttons, please read the Managing Custom Buttons Available for a Client section. DNS Zones - This sections displays all the DNS zones of the respective client account. For more information on DNS Zones, please read the Managing client's DNS Zones section. Managing Client's DNS Zones The administrator can add new DNS Zones to a client account and manage the DNS Records for a Zone. To access a client's DNS Zones Management page, the administrator must click the respective client's name in the clients list. The DNS Zones Management page displays a list of the available DNS zones for the respective client account. The following details are available: or S This column displays the status of the corresponding zone: inactive. Click the icon to change the status. active Master or T This column displays the type of the corresponding DNS Zones: Slave. DNS zone name The name of the DNS Zone. First name server The host name of the first name server registered on this DNS Zone. The first name server of slave zones is not displayed. Created The date when the zone was created on the system. The information can be sorted by type, DNS Zone name, client name, and creation date by clicking the table header links. When you are searching for specific DNS Zone, you can use one or more of the available filters: Administrator's User Guide 22

23 Show {name} and include [] records also, where: {name} - Use the available text box to specify the name of the DNS Zones you are looking for. [] - Select this check box if you want the search to be performed through the Value field from the DNS records. Search - By clicking this link, all the DNS Zones matching the chosen search criteria will be displayed. Show all - After the DNS Zones list was filtered, you may click this link to discard the filter and display all the DNS Zones. If you want to hide/reveal the search options, click the Toggle search link. Other operations can be performed by using the following action links: Show columns - You can filter the columns displayed in the table by clicking this link. Change owner - If you want to change the client a zone belongs to, select its corresponding check box and click this link. SPF rules - You can add Server Policy Framework (SPF) rules to your DNS zones. To do so, choose the zones by selecting their corresponding check boxes and click this link. For more details about the SPF, see this section. SPF rules are available only for forward master zones. Glue records - For more information, see this section. Group operations Choose the desired zones from the list by selecting their corresponding check boxes and click this link to make group changes to all the selected DNS zones. For more information, see this section. Creating a New DNS Zone In order to add a new DNS Zone, the administrator must click the Add DNS Zone button located in the Tools area Administrator's User Guide 23

24 In this page, the administrator can add a single DNS Zone to the Client account, multiple DNS Zone names from a local file or multiple DNS Zones with complete DNS Records. 4PSA DNS Manager also accepts internationalized domain names (IDN) - Internet domain names that contain non-ascii characters. Adding a Single DNS Zone Name In order to add a single DNS Zone name, the administrator must enter all the information required in the Add DNS Zone name section of the page. DNS Zone name Enter a valid DNS Zone name that is unique in the system. You can add a Forward Zone, a Reverse Zone or an E.164 Zone. The name must be unique in the system. Here are some typical examples: For forward zones, one must use the following format: <lower level domain(s)>.<top level domain>. For instance: racksoft.com wikipedia.org amazon.co.uk For reverse zones, one must use the following format: <lower level domain(s)>.in-addr.arpa. For instance: IN-ADDR.ARPA IN-ADDR.ARPA For E.164 zone, one must use the following format <lower level domain(s)>.e164.arpa. For instance: E164.ARPA E164.ARPA For reverse zones, 4PSA DNS Manager accepts the following Zone Name types: Class A (/8) - 1.IN-ADDR.ARPA Class B (/16) IN-ADDR.ARPA Class C(/24) IN-ADDR.ARPA Administrator's User Guide 24

25 Zone Names with a mask lower than 24 (having a numeric value higher than 24) - 192/ IN-ADDR.ARPA that covers IPs between and ; or IN-ADDR.ARPA for a complete /32 delegation. Prior to RFC 2181 '/' was not a legal character for a domain name or label so an alternate construct using '-' could be used instead, that's why 4PSA DNS Manager supports both characters. DNS Zone template The administrator can use the DNS Zone templates available or can choose not to use any template at all. Template IP This field is available when a DNS Zone template is selected. All occurrences of [ip] in the DNS Zone template will be replaced by this IP. DNS Zone type The type of the DNS Zone can be master or slave. A slave zone will acquire it's zone data only after receiving the notification from the respective master zone, or after it is manually reloaded on the server. 4PSA DNS Manager does not reload slave zones due to the extra overhead involved on busy environments, therefore is recommended to setup notifications on master zones. When the chosen type is master, the Allow DNS Zone transfer option becomes available and the Slave DNS servers IP addresses option is disabled. When the chosen type is slave, the Transfer DNS Zone from master servers option is enforced and the Master DNS servers IP addresses option becomes available. Forward Zone - When this option is enabled, this is considered to be a regular zone. Reverse Zone When this option is enabled, this is considered to be a zone used for reverse DNS lookup (i.e. a zone in the in-addr.arpa domain). E.164 Zone - When this option is enabled, this is considered to be an E.164 zone used for mapping telephone numbers into DNS (i.e. a zone in the e164.arpa domain). Allow DNS Zone transfer When this option is enabled, allowed slave servers will be able to retrieve the Zone information from the master server (in this case the 4PSA DNS Manager system). Slave DNS servers IP addresses When the Allow DNS Zone transfer option is enabled, you can enter the IP addresses of the slave DNS servers in this Administrator's User Guide 25

26 text box. Click the plus/minus icons to add/remove slave IP addresses. The DNS Zone will be transferred only to these IP addresses. When the chosen type of the DNS Zone is slave, the following options MUST BE enabled: Transfer DNS Zone from master servers The DNS Zone information will be transferred from the master DNS servers with the IP addresses set in the field below. Master DNS servers IP addresses Use this text box to specify the IP addresses of the master DNS servers. The required fields are marked with an asterisk. Click OK to create the new DNS Zone. Click Cancel, if you want to return to the previous page without creating the DNS Zone. Adding Multiple DNS Zones with Complete DNS Records In order to add multiple DNS Zones with complete DNS Records, the administrator must click the Add DNS Zone button, then the Full zones from file button available in the Tools area. The following fields will be displayed: Select file Enter the name of the file that contains the DNS Zone names or click the Browse button to locate the desired file. The uploaded file MUST be in dump format (identical to the file generated by backing up DNS zones in 4PSA DNS Manager). For more information on the dump file format, please read the Supported Dump File examples appendix. A slave zone will acquire it's zone data only after receiving the notification from the respective master zone, or after it is manually reloaded on the server. 4PSA DNS Manager does not reload slave zones due to the extra overhead involved on busy environments, therefore is recommended to setup notifications on master zones. Allow DNS Zone transfer When this option is enabled, allowed slave servers will be able to retrieve the Zone information from the master server (in this case the 4PSA DNS Manager system) Administrator's User Guide 26

27 Add the following allow transfer IPs to master zones - The IP addresses specified in this field will be recorded in the allow transfer clauses of the named.conf file for MASTER DNS zones Add the following master IPs to slave zones - The IP addresses specified in this field will be recorded in the masters clauses of the named.conf file for SLAVE DNS zones Click OK to create the new DNS Zone. Click Cancel, if you want to return to the previous page without creating the DNS zone. This may take some time depending on the size of the file you have specified. Editing DNS Zones In order to edit a DNS Zone, the administrator must click the chosen DNS Zone name and enter the DNS Zone management page. Warning Records of zones that have been added from a remote location cannot be modified from interface. For zones added from remote locations, 4PSA DNS Manager displays the following warning message: This zone is managed by Remote Update and can not be edited in the interface. In the Custom Buttons area the administrator can access the custom buttons available for the selected DNS Zone. In the DNS Zone management page, the administrator can view several details: DNS Zone type This field displays the type of the DNS Zone, which can be Master or Slave. It also displays the number of Transfer IPs for Master zones and the number of Master IPs for Slave zones respectively. Hosts in this zone - Displays the first and last available IP (these parameters depend on the reverse zone ip class). Hosts in this zone is displayed only for reverse DNS zones. Last DNS Zone update This field displays the date when the DNS Zone was last updated by the user or from the remote update location Administrator's User Guide 27

28 Last DNS Zone update source The source of the last update. The DNS Zone can be updated from the interface or from a remote update location. If the zone was update from a remote location, the icon is displayed. Click this icon to access the configuration page of the respective remote update location. For zones that have been added from interface the administrator can add new DNS Records and delete existing Records. Click the DNS Zone name to manage the Zone Records. For Slave DNS Zones you cannot add Records and the current Records are not displayed because the actual DNS Records are transferred from the master server(s). In the list of existing DNS Records, the following details are available: S - Indicates whether the record is enabled or disabled. The icon indicates that the record is enabled. Click it to disable the corresponding record. The icon indicates that the record is disabled. Click it to enable the corresponding record. The icon indicates that the record has been temporarily disabled by Round Robin who hasn't been able to access it. Warning The records status can be modified only for zones added from the 4PSA DNS Manager control panel. P - Indicates whether there are any Round Robin polls monitoring the record. The icon indicates there are Round Robin polls set up for the corresponding record. Clicking it will open the Round Robin polls management page for the record. The icon indicates there are no Round Robin polls set up for the corresponding record Administrator's User Guide 28

29 Warning This column is available only for forward zones added from the 4PSA DNS Manager control panel. Host This field displays the host name or IP address of every DNS Record Record type This is the type of the DNS Record. Based on the DNS Zone type it can be: For Forward DNS Zones IP Address (A) - Maps a hostname to a 32-bit IPv4 address. Type A rules have the following format: hostname. IN A XXX.XXX.XXX.XXX where: XXX.XXX.XXX.XXX is the IP address for the hostname. hostname. is the zone name or one of its subdomains. For example: domain.com. IN A subdomain.domain.com. IN A For more information about this type of record, go to html/rfc1035. AAAA Record (AAAA) - Maps a hostname to a 128-bit IPv6 address. AAAA rules have the following format: hostname. IN AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA where: AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA is the IPv6 address for the hostname. hostname. is the zone name or one of its subdomains. For example: domain.com. IN AAAA abcd:1234:ffff:0:12:3:ab1:aa subdomain.domain.com. IN AAAA abcd:1234:ffff:0:12:3:ab1:aa For more information about this type of record, go to html/rfc3596. Alias for record (CNAME) - Canonical name record is an alias (or nickname) of one name to another. The A record to which the alias points Administrator's User Guide 29

30 can be either local or remote - on a foreign name server. This is useful when running multiple services (like an FTP and a webserver) from a single IP address. Each service can then have its own entry in DNS (like ftp.example.com. and It is also used when running multiple HTTP servers, with different names, on the same physical host. CNAME rules have the following format: hostname. IN CNAME servername. where: hostname. is the zone name or one of its subdomains servername. is a fully qualified domain name (FQDN) either inside or outside the zone. For example: ftp.domain.com. IN CNAME inside.domain.com. ftp1.domain.com IN CNAME outside.zone.com. Rfc 1034 states: If a CNAME record is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different. In order for these requirements to be met in 4PSA DNS Manager, the value specified in the Zone alias name field of the CNAME record cannot be set for the DNS Zone name filed in NS, A, AAAA, SRV, CNAME and TXT records or for the Zone field in an MX record. For more information about this type of record, go to html/rfc1035. Nameserver (NS) - Maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records. NS rules have the following format: hostname. IN NS servername. where: hostname. is the zone name or one of its subdomains servername. is a domain name which specifies an authoritative host for the specified hostname. For example: domain.com. IN NS ns1.example.com Administrator's User Guide 30

31 domain.com. IN NS ns2.example.com. The NS records of $ORIGIN are displayed in bold characters. 4PSA DNS Manager allows to choose in the interface which is the primary nameserver on a zone (required for some local TLDs). In order to setup an NS record as primary check Make primary when you add/edit the desired NS record. Caution For BIND to take a DNS zone into consideration, at least one NS record must be defined for $ORIGIN in the respective zone. For best practice, it is recommended to have at least two NS records defined for each public domain. For more information about this type of record, go to html/rfc1035. Mail exchanger (MX) - Maps a domain name to a list of mail exchange servers for that domain. MX rules have the following format: hostname. IN MX preference servername. where: hostname. is the zone name or one of its subdomains preference indicates the hostname's priority. The lower the preference, the higher the priority. This parameter accepts values between 0 and 50. servername. is a fully qualified domain name (FQDN) inside the zone For example: mail.domain.com. IN MX 10 domain.com. webmail.domain.com. IN MX 5 domain.com. For more information about this type of record, go to html/rfc1035. Text record (TXT) - Allows an administrator to insert arbitrary text into a DNS record. This has been used to implement new functions with DNS support without allocating new record types. For example, this record Administrator's User Guide 31

32 is used to implement the Sender Policy Framework and DomainKeys specifications. TXT rules have the following format: hostname. IN TXT "Text information" where: hostname. is the zone name or one of its subdomains "Text information" can be any type of string including strings generated by SPF Rules For example: domain.com. IN TXT "k=rsa; p=mewwdqyerwqewwe" subdomain.domain.com. IN TXT "this is a test" For more information about this type of record, go to html/rfc1035. Service Record (SRV) - Specifies the location of the server(s) for a specific protocol and domain. SRV rules have the following format: _Service._Protocol.Hostname. IN SRV TTL Priority Weight Port Target where: Service is the symbolic name of the desired service. You can find a list of the available services at Protocol is the protocol of the desired service. This is usually TCP or UDP, but 4PSA DNS Manager supports all the protocols listed here Hostname. is the domain name for which the record is valid. TTL is the standard DNS time to live field. If there is no TTL specified for the record, the TTL value for the zone will be employed. Priority is the priority of the target host. The lower the value, the higher the priority level. Weight indicates a relative weight between records with the same priority. Port is the port on which the service is to be found. Target is the domain name of the target host. The Target parameter can not be an alias (CNAME) Administrator's User Guide 32

33 For example: When Target is set to. the service is unavailable. _service._tcp.domain.com. IN SRV subdomain.domain.com. *._tcp.domain.com. IN SRV ; no other service is available on tcp protocol For more information about this type of record, go to html/rfc2782. For Reverse DNS Zones Nameserver (NS) - Specifies a host which should be authoritative for the specified class. For class C reverse zones, 4PSA DNS Manager accepts NS records for $ORIGIN and supports classless delegation records, as described in RFC 2317, chapter 4. The NS records of $ORIGIN are displayed in bold characters. 4PSA DNS Manager allows to choose in the interface which is the primary nameserver on a zone (required for some local TLDs). In order to setup an NS record as primary check Make primary when you add/edit the desired NS record. Caution For BIND to take a DNS zone into consideration, at least one NS record must be defined for $ORIGIN in the respective zone. For best practice, it is recommended to have at least two NS records defined for each public domain. Class A and B zones support NS records for $ORIGIN and inferior class zones and do not support classless delegation records. For class C reverse zones, 4PSA DNS Manager automatically generates CNAME records that correspond to the NS records created for classless delegation records. If the Automatically generate CNAME records for delegated subnets check box is enabled, the CNAME records will be automatically generated. This check box is available only for NS records with a subnet mask lower than 24 (having a numeric value higher than 24). NS rules have the following format: Administrator's User Guide 33

34 ip_part.host_ip_addr.in-addr.arpa. IN NS servername. where: host_ip_addr.in-addr.arpa. is the zone name ip_part is the IP section that completes the IP address when prepended to host_ip_addr (for class A, B and D zones, and for class C $ORIGIN NS) for classless delegation records, ip_part is the IP section that completes the IP address when prepended to host_ip_addr including the subnet mask servername. is a domain name which specifies an authoritative host for the specified zone. For example: in-addr.arpa. IN NS ns2.server.com in-addr.arpa. IN NS ns3.server.com. 0/ in-addr.arpa. IN NS example.com. For more information about this type of record, go to html/rfc1035. Reverse record (PTR) - Maps an IPv4 address to the canonical name for that host. Setting up a PTR record for a hostname in the in-addr.arpa. domain that corresponds to an IP address implements reverse DNS lookup for that address. PTR rules have the following format: IPaddress IN PTR hostname. where: IPaddress is the IPv4 address in the IN-ADDR.ARPA. domain hostname. is the corresponding location in the domain name space For example: in-addr.arpa. IN PTR test.com. For more information about this type of record, go to html/rfc1035. Alias for record (CNAME) - A canonical name record is an alias of one name to another. According to RFC 2317, CNAME records are only supported in C class reverse zones. CNAME rules have the following format: ip_part.network.host_ip_addr.in-addr.arpa. IN CNAME ip_part.host_ip_addr.in-addr.arpa Administrator's User Guide 34

35 where: ip_part is the IP section that completes the IP address when prepended to host_ip_addr network is the subnet mask host_ip_addr.in-addr.arpa. is the zone name For example: in-addr.arpa. IN CNAME 0.0/ in-addr.arpa in-addr.arpa. IN CNAME 1.0/ in-addr.arpa in-addr.arpa. IN CNAME 7.0/ in-addr.arpa. For more information about this type of record, go to html/rfc1035. Text record (TXT) - Allows an administrator to insert arbitrary text into a DNS record. This has been used to implement new functions with DNS support without allocating new record types. For example, this record is used to implement the Sender Policy Framework and DomainKeys specifications. TXT rules have the following format: ip_part.host_ip_addr.in-addr.arpa. IN TXT "Text information" where: ip_part is the IP section that completes the IP address when prepended to host_ip_addr host_ip_addr.in-addr.arpa. is the zone name "Text information" can be any type of string For example: in-addr.arpa. IN TXT "This is a test" For more information about this type of record, go to html/rfc1035. For E.164 Zones Nameserver (NS) - Maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records. NS rules have the following format: hostname. IN NS servername. where: hostname. is the zone name or one of its subdomains Administrator's User Guide 35

36 servername. is a domain name which specifies an authoritative host for the specified hostname. For example: 1.2.e164.arpa. IN NS ns1.example.com. 1.2.e164.arpa. IN NS ns2.example.com e164.arpa. IN NS ns1.example.com. The NS records of $ORIGIN are displayed in bold characters. 4PSA DNS Manager allows to choose in the interface which is the primary nameserver on a zone (required for some local TLDs). In order to setup an NS record as primary check Make primary when you add/edit the desired NS record. Caution For BIND to take a DNS zone into consideration, at least one NS record must be defined for $ORIGIN in the respective zone. For best practice, it is recommended to have at least two NS records defined for each public domain. For more information about this type of record, go to html/rfc1035. NAPTR record (NAPTR) - Naming Authority Pointers. NAPTR rules have the following format: order preference services flag regexp replacement where: order indicates the order in which records are to be processed when a query returns multiple NAPTR records preference indicates the processing order for multiple records with identical order services indicate the resolution protocol and resolution services employed when applying a rewrite according to the regexp or replacement field flag is a modifier that affects the next DNS lookup regexp is the primary field used for rewrite rules Administrator's User Guide 36

37 replacement is a secondary field used for rewrite rules For example: 1.2.e164.arpa. IN NAPTR "u" "sip+e2u" "!^.*$! sip:[email protected]!i". 1.2.e164.arpa. IN NAPTR "u" "smtp+e2u" "!^.*$! mailto:[email protected]!i". For more information about this type of record, go to html/rfc3403. Value Depending on the Record type, this field displays an IP address, an alias, a name server, a host name, or a text. Last update - The date when the record was last modified (from the web based interface, or by updateurl). M By clicking the Modify icon, the administrator can edit the details of the corresponding DNS Record. Warning Records can be modified only for zones added from the 4PSA DNS Manager control panel. In the Tools area the administrator can switch the Zone type from Master to Slave and vice-versa by clicking the Switch to Slave button. Switch to Master or the Warning The zone type can be modified only for zones added from the 4PSA DNS Manager control panel. Backup DNS zone - The administrator can backup the respective DNS zone by clicking the Backup DNS zone button. To add a Master/Slave DNS server IP address enter the IP address in the corresponding field and click Update. In order to configure the custom buttons that can be viewed in the chosen DNS Zone management page, the administrator must click Custom buttons Administrator's User Guide 37

38 Enabling/Disabling Zones You can enable or disable a zone whenever you choose to change its status: 1. When the zone is enabled, press the Zone is enabled button in the 2. Tools area. The zone will be disabled and the button will switch to Zone is disabled. When the zone is disabled, press the Zone is disabled button in the Tools area. The zone will be enabled and the button will switch to Zone is enabled. Transfer IP Addresses The Global Transfer IPs are DNS server IPs that are allowed to transfer (copy) the zone information from the server (master or slave for the zone). These IPs will be recorded in the named.conf file in the acl (Access Control Lists) clauses. Warning The Transfer IP addresses can be modified only for zones that have been added from the 4PSA DNS Manager control panel. The administrator can access the Zone Transfer page by clicking the Transfer IP addresses button. In this page there are several details available about the DNS Zone: DNS Zone type and Last DNS Zone update The administrator must specify the required IP addresses in the available text boxes. In order to add more slave IP addresses, the administrator must click the icon. Pay particular attention to the Last DNS Zone update. This is the time when the Zone was actually updated by the 4PSA DNS Manager low level program Administrator's User Guide 38

39 Managing Round Robin Polls Caution The DNS Round Robin button is available only for forward zones added from interface. If you are editing a forward zone and if the client is allowed Round Robin management, the DNS Round Robin button will be available in the Tools area. If the forward zone is not allowed Round Robin management, the icon will be grayed out like this DNS Round Robin. Press this button to open the Round Robin polls management page. This page will list all the polls that have been set up for the DNS Zone. The table comprises the following columns: S - Indicates the poll's state. Press the icon in this column to switch between the active and inactive state. Name - Indicates the poll's name. Click on it to edit the poll. Monitored records - Indicates the number of monitored records for each poll. Active records - Indicates how many of the monitored records are active. Last update - Indicates the date and time of the most recent update. The final column contains a check mark that allows you to select one or multiple polls in the list in case you wish to delete them. If you wish to add a new poll, click the Add new poll button in the New Round Robin poll area. In the new page that opens, fill in the following information: Name - Enter the poll's name Tested protocol - Select the protocol you wish to test. The available protocols are HTTP, IMAP, MySQL, PING, POP3, SIP and SMTP. Monitoring interval - Enter the number of minutes between two subsequent tests. Tested resource - Enter a resource pertaining to the protocol that is to be tested. You can type a particular IP address or hostname, or you can Administrator's User Guide 39

40 monitor the value set for the selected records. For the later, use the $RR variable. $RR is replaced by one of the entries in the Value column listed for the selected records. You can use expressions such as or test.php. Try resource for X seconds - Enter for how long Round Robin will attempt to access the resource before failing. Then, select the DNS records you wish to add to the poll from the table below. Click the the new poll. Apply changes button to associate the selected records with When you are done, press OK to save your settings and return to the previous page or Cancel to return to the previous page without applying your settings. Setting SOA Parameters The SOA (Start of Authority) Record defines global parameters for the DNS Zone. There is only one SOA Record allowed in a DNS Zone file. The default SOA parameters values for all the DNS Zones that belong to the client account can be modified. The administrator can edit the following options: Serial - The DNS Zone serial number that must be a natural value between 1 and (a 32 bit unsigned number). The value must increment when any resource record in the zone file is updated. A slave (secondary) DNS server will read the master's DNS SOA record periodically, either when refresh expires or when it receives a NOTIFY and will arithmetically compare the value of the serial number it currently stores with the one received from the master (primary) DNS. If the master's serial value is arithmetically higher than the one currently stored by the slave, then a zone transfer is initiated. If the value is the same or lower, then the zone transfer is not initiated and the slave DNS will not update. Serial example: This value represents the current date and time ( :20:21) using the UNIX time stamp. The serial is generated automatically - Select this check box if you want the serial number to be automatically generated Administrator's User Guide 40

41 Depending on if you enabled this option or not, the serial can behave in three ways: 1. If the check box is selected, than the serial number will be automatically generated. 2. If the check box is selected and the serial number is manually modified, than DNS Manager will use for the first time the modified serial and, after this, it will automatically generate new serial numbers. 3. If the check box is not selected, than the serial will not be automatically generated and the value entered in the Serial text box will be used. This method will force the serial to a certain value and the slave DNS server will never update the zone. Refresh time 32 bit time value in seconds. This is the period of time that the secondary name server should wait before checking with the primary server to see whether the data has been modified. Default value: seconds. RFC 1912 recommends 1200 to seconds, if your data is volatile or (12 hours) if it is not. Retry time Signed 32 bit value in seconds. When a secondary name server requests for a Zone refresh from the primary server and this fails to respond, the secondary name server waits for the refresh time before attempting another Zone refresh after the failed attempt. Default value: 3600 seconds. Expire time Signed 32 bit value in seconds. This setting indicates when the Zone is no longer authoritative and new interrogation of the root servers is required. It applies to Slaves only. Default value: seconds. RFC 1912 recommends to seconds (2 4 weeks). Minimum TTL This value is used as the default TTL for new Records created within the Zone. It is also used by other DNS servers to cache negative responses (for example when a Record does not exist). Default value: seconds. Default TTL Signed 32 bit value in seconds. This is the amount of time that Zone Records are kept in a remote host cache. It is recommended that this value be set large. A small value will force remote servers to query the DNS server again for unchanged data. Default value: seconds Administrator's User Guide 41

42 Checking the Nameservers You can verify the availability of the name servers for a zone by clicking the Check Name Servers button in the Tools area of the zone's management page. The page will be updated with a new area entitled Check Name Servers which lists all the name servers and displays their availability using the following indicators: Not available - The name server is unavailable. Timed out - The name server did not answer in due time. Available - The name server is available. Unknown - The name server could not be found. Managing DNS Records Warning Records can be modified only for zones added from the 4PSA DNS Manager control panel. In order to manage DNS Records for a DNS Zone, the administrator must click the chosen DNS Zone name. In the DNS Zone management page, the administrator can view several details: DNS Zone type This field displays the type of the DNS Zone, which can be Master or Slave. It also displays the number of Transfer IPs for Master zones and the number of Master IPs for Slave zones respectively. Hosts in this zone - Displays the first and last available IP (these parameters depend on the reverse zone ip class). Hosts in this zone is displayed only for reverse DNS zones. Last DNS Zone update This field displays the date when the DNS Zone was last updated by the user or from the remote update location Last DNS Zone update source The source of the last update. The DNS Zone can be updated from the interface or from a remote update location. If the zone was update from a remote location, the icon is displayed. Click this icon to access the configuration page of the respective remote update location Administrator's User Guide 42

43 The administrator can add new DNS Records, view and delete existing Records. Click the DNS Zone name to manage the Zone Records. For Slave DNS Zones you cannot add Records and the current Records are not displayed because the actual DNS Records are transferred from the master server(s). In the list of existing DNS Records, the following details are available: S - Indicates whether the record is enabled or disabled. The icon indicates that the record is enabled. Click it to disable the corresponding record. The icon indicates that the record is disabled. Click it to enable the corresponding record. The icon indicates that the record has been temporarily disabled by Round Robin who hasn't been able to access it. Warning The records status can be modified only for zones added from the 4PSA DNS Manager control panel. P - Indicates whether there are any Round Robin polls monitoring the record. The icon indicates there are Round Robin polls set up for the corresponding record. Clicking it will open the Round Robin polls management page for the record. The icon indicates there are no Round Robin polls set up for the corresponding record. Warning This column is available only for forward zones added from the 4PSA DNS Manager control panel. Host This field displays the host name or IP address of every DNS Record Record type This is the type of the DNS Record. Based on the DNS Zone type it can be: Administrator's User Guide 43

44 For Forward DNS Zones IP Address (A) - Maps a hostname to a 32-bit IPv4 address. Type A rules have the following format: hostname. IN A XXX.XXX.XXX.XXX where: XXX.XXX.XXX.XXX is the IP address for the hostname. hostname. is the zone name or one of its subdomains. For example: domain.com. IN A subdomain.domain.com. IN A For more information about this type of record, go to html/rfc1035. AAAA Record (AAAA) - Maps a hostname to a 128-bit IPv6 address. AAAA rules have the following format: hostname. IN AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA where: AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA is the IPv6 address for the hostname. hostname. is the zone name or one of its subdomains. For example: domain.com. IN AAAA abcd:1234:ffff:0:12:3:ab1:aa subdomain.domain.com. IN AAAA abcd:1234:ffff:0:12:3:ab1:aa For more information about this type of record, go to html/rfc3596. Alias for record (CNAME) - Canonical name record is an alias (or nickname) of one name to another. The A record to which the alias points can be either local or remote - on a foreign name server. This is useful when running multiple services (like an FTP and a webserver) from a single IP address. Each service can then have its own entry in DNS (like ftp.example.com. and It is also used when running multiple HTTP servers, with different names, on the same physical host. CNAME rules have the following format: hostname. IN CNAME servername. where: hostname. is the zone name or one of its subdomains Administrator's User Guide 44

45 servername. is a fully qualified domain name (FQDN) either inside or outside the zone. For example: ftp.domain.com. IN CNAME inside.domain.com. ftp1.domain.com IN CNAME outside.zone.com. Rfc 1034 states: If a CNAME record is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different. In order for these requirements to be met in 4PSA DNS Manager, the value specified in the Zone alias name field of the CNAME record cannot be set for the DNS Zone name filed in NS, A, AAAA, SRV, CNAME and TXT records or for the Zone field in an MX record. For more information about this type of record, go to html/rfc1035. Nameserver (NS) - Maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records. NS rules have the following format: hostname. IN NS servername. where: hostname. is the zone name or one of its subdomains servername. is a domain name which specifies an authoritative host for the specified hostname. For example: domain.com. IN NS ns1.example.com. domain.com. IN NS ns2.example.com. The NS records of $ORIGIN are displayed in bold characters. 4PSA DNS Manager allows to choose in the interface which is the primary nameserver on a zone (required for some local TLDs). In order to setup an NS record as primary check Make primary when you add/edit the desired NS record Administrator's User Guide 45

46 Caution For BIND to take a DNS zone into consideration, at least one NS record must be defined for $ORIGIN in the respective zone. For best practice, it is recommended to have at least two NS records defined for each public domain. For more information about this type of record, go to html/rfc1035. Mail exchanger (MX) - Maps a domain name to a list of mail exchange servers for that domain. MX rules have the following format: hostname. IN MX preference servername. where: hostname. is the zone name or one of its subdomains preference indicates the hostname's priority. The lower the preference, the higher the priority. This parameter accepts values between 0 and 50. servername. is a fully qualified domain name (FQDN) inside the zone For example: mail.domain.com. IN MX 10 domain.com. webmail.domain.com. IN MX 5 domain.com. For more information about this type of record, go to html/rfc1035. Text record (TXT) - Allows an administrator to insert arbitrary text into a DNS record. This has been used to implement new functions with DNS support without allocating new record types. For example, this record is used to implement the Sender Policy Framework and DomainKeys specifications. TXT rules have the following format: hostname. IN TXT "Text information" where: hostname. is the zone name or one of its subdomains "Text information" can be any type of string including strings generated by SPF Rules For example: domain.com. IN TXT "k=rsa; p=mewwdqyerwqewwe" Administrator's User Guide 46

47 subdomain.domain.com. IN TXT "this is a test" For more information about this type of record, go to html/rfc1035. Service Record (SRV) - Specifies the location of the server(s) for a specific protocol and domain. SRV rules have the following format: _Service._Protocol.Hostname. IN SRV TTL Priority Weight Port Target where: Service is the symbolic name of the desired service. You can find a list of the available services at Protocol is the protocol of the desired service. This is usually TCP or UDP, but 4PSA DNS Manager supports all the protocols listed here Hostname. is the domain name for which the record is valid. TTL is the standard DNS time to live field. If there is no TTL specified for the record, the TTL value for the zone will be employed. Priority is the priority of the target host. The lower the value, the higher the priority level. Weight indicates a relative weight between records with the same priority. Port is the port on which the service is to be found. Target is the domain name of the target host. For example: The Target parameter can not be an alias (CNAME). When Target is set to. the service is unavailable. _service._tcp.domain.com. IN SRV subdomain.domain.com. *._tcp.domain.com. IN SRV ; no other service is available on tcp protocol For more information about this type of record, go to html/rfc2782. For Reverse DNS Zones Administrator's User Guide 47

48 Nameserver (NS) - Specifies a host which should be authoritative for the specified class. For class C reverse zones, 4PSA DNS Manager accepts NS records for $ORIGIN and supports classless delegation records, as described in RFC 2317, chapter 4. The NS records of $ORIGIN are displayed in bold characters. 4PSA DNS Manager allows to choose in the interface which is the primary nameserver on a zone (required for some local TLDs). In order to setup an NS record as primary check Make primary when you add/edit the desired NS record. Caution For BIND to take a DNS zone into consideration, at least one NS record must be defined for $ORIGIN in the respective zone. For best practice, it is recommended to have at least two NS records defined for each public domain. Class A and B zones support NS records for $ORIGIN and inferior class zones and do not support classless delegation records. For class C reverse zones, 4PSA DNS Manager automatically generates CNAME records that correspond to the NS records created for classless delegation records. If the Automatically generate CNAME records for delegated subnets check box is enabled, the CNAME records will be automatically generated. This check box is available only for NS records with a subnet mask lower than 24 (having a numeric value higher than 24). NS rules have the following format: ip_part.host_ip_addr.in-addr.arpa. IN NS servername. where: host_ip_addr.in-addr.arpa. is the zone name ip_part is the IP section that completes the IP address when prepended to host_ip_addr (for class A, B and D zones, and for class C $ORIGIN NS) for classless delegation records, ip_part is the IP section that completes the IP address when prepended to host_ip_addr including the subnet mask Administrator's User Guide 48

49 servername. is a domain name which specifies an authoritative host for the specified zone. For example: in-addr.arpa. IN NS ns2.server.com in-addr.arpa. IN NS ns3.server.com. 0/ in-addr.arpa. IN NS example.com. For more information about this type of record, go to html/rfc1035. Reverse record (PTR) - Maps an IPv4 address to the canonical name for that host. Setting up a PTR record for a hostname in the in-addr.arpa. domain that corresponds to an IP address implements reverse DNS lookup for that address. PTR rules have the following format: IPaddress IN PTR hostname. where: IPaddress is the IPv4 address in the IN-ADDR.ARPA. domain hostname. is the corresponding location in the domain name space For example: in-addr.arpa. IN PTR test.com. For more information about this type of record, go to html/rfc1035. Alias for record (CNAME) - A canonical name record is an alias of one name to another. According to RFC 2317, CNAME records are only supported in C class reverse zones. CNAME rules have the following format: ip_part.network.host_ip_addr.in-addr.arpa. IN CNAME ip_part.host_ip_addr.in-addr.arpa. where: ip_part is the IP section that completes the IP address when prepended to host_ip_addr network is the subnet mask host_ip_addr.in-addr.arpa. is the zone name For example: in-addr.arpa. IN CNAME 0.0/ in-addr.arpa in-addr.arpa. IN CNAME 1.0/ in-addr.arpa Administrator's User Guide 49

50 in-addr.arpa. IN CNAME 7.0/ in-addr.arpa. For more information about this type of record, go to html/rfc1035. Text record (TXT) - Allows an administrator to insert arbitrary text into a DNS record. This has been used to implement new functions with DNS support without allocating new record types. For example, this record is used to implement the Sender Policy Framework and DomainKeys specifications. TXT rules have the following format: ip_part.host_ip_addr.in-addr.arpa. IN TXT "Text information" where: ip_part is the IP section that completes the IP address when prepended to host_ip_addr host_ip_addr.in-addr.arpa. is the zone name "Text information" can be any type of string For example: in-addr.arpa. IN TXT "This is a test" For more information about this type of record, go to html/rfc1035. For E.164 Zones Nameserver (NS) - Maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records. NS rules have the following format: hostname. IN NS servername. where: hostname. is the zone name or one of its subdomains servername. is a domain name which specifies an authoritative host for the specified hostname. For example: 1.2.e164.arpa. IN NS ns1.example.com. 1.2.e164.arpa. IN NS ns2.example.com e164.arpa. IN NS ns1.example.com Administrator's User Guide 50

51 The NS records of $ORIGIN are displayed in bold characters. 4PSA DNS Manager allows to choose in the interface which is the primary nameserver on a zone (required for some local TLDs). In order to setup an NS record as primary check Make primary when you add/edit the desired NS record. Caution For BIND to take a DNS zone into consideration, at least one NS record must be defined for $ORIGIN in the respective zone. For best practice, it is recommended to have at least two NS records defined for each public domain. For more information about this type of record, go to html/rfc1035. NAPTR record (NAPTR) - Naming Authority Pointers. NAPTR rules have the following format: order preference services flag regexp replacement where: order indicates the order in which records are to be processed when a query returns multiple NAPTR records preference indicates the processing order for multiple records with identical order services indicate the resolution protocol and resolution services employed when applying a rewrite according to the regexp or replacement field flag is a modifier that affects the next DNS lookup regexp is the primary field used for rewrite rules replacement is a secondary field used for rewrite rules For example: 1.2.e164.arpa. IN NAPTR "u" "sip+e2u" "!^.*$! sip:[email protected]!i". 1.2.e164.arpa. IN NAPTR "u" "smtp+e2u" "!^.*$! mailto:[email protected]!i" Administrator's User Guide 51

52 For more information about this type of record, go to html/rfc3403. Value Depending on the Record type, this field displays an IP address, an alias, a name server, a host name, or a text. Last update - The date when the record was last modified (from the web based interface, or by updateurl). M By clicking the Modify icon, the administrator can edit the details of the corresponding DNS Record. Warning Records can be modified only for zones added from the 4PSA DNS Manager control panel. Adding DNS Records Warning Records can be added only for zones added from the 4PSA DNS Manager control panel. In order to add a DNS Record, the administrator must access the management page of the respective zone and click the Add NEW Record to DNS Zone page opens. Add DNS Record button. The If the DNS zone is a reverse zone, 4PSA DNS Manager will display the value for Hosts in this zone (first and last available IP address; these parameters depend on the reverse zone ip class). In the next area, Record Type, the administrator must choose the record type. (For more information on the types of the DNS records, click here [43] ). You can also choose whether you would like the record to be enabled when you create it. The Record is enabled check box is checked by default. The domain name can be automatically replaced by the name of the newly created domain if [domain] is specified in the domain name field. In order to have an IP address automatically replaced the [ip] tag must be used Administrator's User Guide 52

53 Editing a DNS Record Warning Records can be modified only for zones added from the 4PSA DNS Manager control panel. To edit a DNS record, the administrator must click the records list. icon in the DNS You can change the record type by selecting the corresponding option from the Select Record type drop down box. You can also enable or disable a record by selecting or deselecting the Record is enabled check box. If the DNS zone is a reverse zone, 4PSA DNS Manager will display the value for Hosts in this zone (first and last available IP address; these parameters depend on the reverse zone ip class). The administrator can change the type of the DNS record and all the settings for each type of record. Removing DNS Records Warning Records can be deleted only for zones added from the 4PSA DNS Manager control panel. To remove DNS records, the administrator must follow the procedure: 1. Select the respective records by clicking the corresponding check boxes in the records list. 2. Click the Remove Selected link located above the table. 3. Confirm the deletion of the records by selecting the check box. 4. Click OK. Changing the owner of one or more DNS zones The administrator can change the owner for one or more of the DNS zones by following the procedure: 1. Select one or more of the DNS zones by selecting the corresponding check boxes Administrator's User Guide 53

54 2. Click the Change owner link located above the table containing the DNS zones list to open the page displaying the clients' list. 3. Select the client who will be the new owner of the DNS zones. When a zone is moved from one client to another, the ownership of the zone passed to the control panel. Global operations on DNS zones You can change records belonging to two or more DNS zones simultaneously. In order to access the Global operations page, select the respective DNS zones and click the table. Global operations link located above the This displays the Global operations page and, depending on the types of DNS zones you have selected, this page will contain one or more of the following sections: Forward zones, Reverse zones and E.164 zones. Each section contains fields that allow you to specify formulas for the respective type of zone. Each formula is defined by filling in three drop-down lists and two text boxes. In the first drop-down list, you must choose the type of records that will be modified. The available options are: NS, A, AAAA, CNAME, MX, TXT and SRV records for forward zones NS, PTR and TXT records for reverse zones NS and NAPTR records for E.164 zones In the second drop-down list, you must choose the matching algorithm: The available options are: equals when the value parameter of the records must be identical to the specified value contains when the value parameter of the records must contain the specified value In the first text box, you must specify the search criteria. The * character can be used to match any set of characters Administrator's User Guide 54

55 In the third drop-down list, you must select the action you would like to perform on the matching records. The available options are: replace with if you would like to modify the matching records drop record if you would like to erase them The last text box must contain the new value that will be used to modify the respective records. This text box is disabled if you selected drop record in the previous dropdown list. In order to have the domain name automatically completed, you must enter [domain] in the text box. By pressing the section. Use the button, you can add additional rules to a particular buttons to remove formulas. When you are done, click OK to apply the new values to the respective records. Glue Records Name servers in delegations appear listed by name, rather than by IP address. This means that a resolving name server must issue another DNS request to find out the IP address of the server to which it has been referred. Since this can introduce a circular dependency if the nameserver referred to is under the domain that it is authoritative of, it is occasionally necessary for the nameserver providing the delegation to also provide the IP address of the next nameserver. This record is called a glue record. In practice glue records are used for two purposes: To speed up queries - and consequently reduce DNS load - by providing the name and IP addresses (the glue) for all authoritative name servers, both within and external to the domain. To break the query deadlock for referrals which return name servers within the domain being queried Administrator's User Guide 55

56 Glue Records can only be defined for forward master DNS zones managed by interface. In order to create a Glue Record, there must exist a NS and an A record which meet the following requirements: The NS record must NOT have a corresponding A record. The A record MUST be defined on $ORIGIN or on a subdomain of $ORIGIN The following table displays an example of the records that are required in order to create a Glue Record Table 4.1. Required Records Host Record Type Value sub.example.com NS sub.example.com A ns.sub.example.com In order to create a Glue Record, the administrator must select the desired zone name from the zones list and click the Glue Records link located above the table. Table 4.2. Resulting Glue Record Host Record Type Value ns.sub.example.com A SPF Rules You can add Server Policy Framework (SPF) rules to your DNS zones. SPF allows the owner of an Internet domain to use special format DNS TXT rules to specify which machines are authorized to transmit for that domain. For this purpose, in the DNS zones page, select the desired zones and click the SPF Rules link. In the new page that opens, you can manage the SPF rules. SPF Rules can be defined only for zones added from the control panel. In order to create a SPF for one of the origin's subdomains, in the Host text box, enter the subdomain using the following format subodmain.[domain] Administrator's User Guide 56

57 Leaving this field empty, will generate the TXT record for $ORIGIN. Next, enter the actual rule. Each rule comprises three elements: 1. Use the first drop down box to select a qualifier. The following qualifiers are available: "+" Pass "-" Fail "~" SoftFail "?" Neutral 2. Use the second drop down box to select a mechanism or a modifier. The following mechanisms are available: all ip4 ip6 a mx ptr exists include And the following modifiers: redirect exp 3. Use the text box to enter the target URL. Use the button to add rules to the list and the button to remove rules from the list. When you are done, click OK to apply your changes and return to the DNS zones page. Click Cancel if you wish to return to the DNS zones page without applying your changes. Removing DNS Zones To remove one or more DNS Zones from the system, follow these steps: 1. Choose the zones you want to delete by selecting their corresponding check boxes Administrator's User Guide 57

58 2. Click the Remove selected link. 3. Review the list. If you want to proceed with the removal, select the Confirm the removal check box and click OK. Otherwise, click Cancel to return to the previous page without deleting anything. Warning When a zone managed from a Remote Update location is deleted, it is no longer possible to be imported from that Remote location. The respective zone can be imported only by pressing the Update now button. Managing Client Settings To manage a client's settings, click the Client settings button in the Tools area. The available settings are described below. Zone SOA Settings The administrator can change the following settings that apply to the domains belonging to the chosen client: Remove zones no longer present in update source When this option is enabled, DNS Zones that have been updated via a remote update location will be deleted if the file that was retrieved from the remote location NO LONGER CONTAINS the definition for the respective zones. This setting helps administrators keep the 4PSA DNS Manager server perfectly synchronized with the remote update locations. Lock zones to an update source When this option is enabled, a zone will be associated with a single update remote location (the first update location where the zone description is retrieved from). Any other update location that contains a duplicate description will be ignored. Warn if an update from a location fails more than X times - Enter the number of subsequent failed updates 4PSA DNS Manager will attempt before displaying a warning. This parameter is optional. You can enter a numeric value between 1 and 100. Refresh time 32 bit time value in seconds. This is the period of time that the secondary name server should wait before checking with the primary server to see whether the data has been modified. Default value: seconds Administrator's User Guide 58

59 RFC 1912 recommends 1200 to seconds, if your data is volatile or (12 hours) if it is not. Retry time Signed 32 bit value in seconds. When a secondary name server requests a Zone refresh from the primary server and this fails to respond, the secondary name server waits for the refresh time before attempting another Zone refresh after the failed attempt. Default value: seconds. Expire time Signed 32 bit value in seconds. This setting indicates when the Zone is no longer authoritative and new interrogation of the root servers is required. It applies to Slaves only. Default value: seconds. RFC 1912 recommends to seconds (2 4 weeks). Minimum TTL This value is used as the default TTL for new Records created within the Zone. It is also used by other DNS servers to cache negative responses (for example when a Record does not exist). Default TTL Signed 32 bit value in seconds. This is the amount of time that Zone Records are kept in a remote host cache. It is recommended that this value be set large. A small value will force remote servers to query the DNS server again for unchanged data. Default value: seconds. Permissions Allow to add/remove remote update locations When this option is enabled, the client is allowed to add new remote update locations. Allow to modify remote update locations When this option is enabled, the client is allowed to edit current remote update locations. Allow to add/remove DNS templates When this option is enabled, the client is allowed to add new DNS templates to the system and delete personal templates. Allow round robin management - When this option is enabled, the DNS Round Robin button will be visible in the client's Tools area when editing a forward DNS zone, regardless of the user being logged in with administrator or client credentials. Forward DNS Zones management - This section contains permissions regarding the management of forward DNS zones. The following options are available: Administrator's User Guide 59

60 Manage forward DNS zones and records - When this option is enabled, the client is allowed to add and remove forward DNS zones AND records. Manage forward DNS records only - When this option is enabled, the client is allowed to add and remove ONLY forward DNS records. View forward DNS zones and records - When this option is enabled, the client is allowed only to VIEW forward DNS zones and records. Reverse DNS Zones management - This section contains permissions regarding the management of reverse DNS zones. The following options are available: Manage reverse DNS zones and records - When this option is enabled, the client is allowed to add and remove reverse DNS zones AND records. Manage reverse DNS records only - When this option is enabled, the client is allowed to add and remove ONLY reverse DNS records. View reverse DNS zones and records - When this option is enabled, the client is allowed only to VIEW reverse DNS zones and records. Forbid access to reverse DNS zones - When this option is enabled, the client has no access to reverse DNS zones. E.164 DNS zones management - This section contains permissions regarding the management of E.164 DNS zones. The following options are available: Manage E.164 DNS zones and records - When this option is enabled, the client is allowed to add and remove E.164 DNS zones AND records. Manage E.164 DNS records only - When this option is enabled, the client is allowed to add and remove ONLY E.164 DNS records. View E.164 zones and records - When this option is enabled, the client is allowed only to VIEW E.164 DNS zones and records. Forbid access to E.164 DNS zones - When this option is enabled, the client has no access to E.164 DNS zones. These permission levels describe the 4PSA DNS Manager behavior when using zones added in the interface or from remote update locations. Changes in permissions become available for only updateurl by pressing the Update Now button Administrator's User Guide 60

61 Limits Maximum number of DNS Zones This is the maximum number of DNS Zones that the client can add to the system. Maximum number of remote update locations This is the maximum number of remote update locations the client is allowed to add to the system. Account expiration date The date when the client's account expired and he is no longer allowed to access the interface. If you do not want to limit a parameter, select the Unlimited check box. The currently used values are displayed next to these limits. You can not define limits below the currently used values. When you have finished setting up your preferences, click OK to save your settings and return to the previous page. Click Cancel to return to the previous page without applying your changes. If you would like to revert your settings to their default values, click the Default SOA button. Group operations on client accounts The administrator is able to change the DNS zone settings, permissions and limits for two or more client accounts in the same time. In order to modify two or more client accounts in the same time, the administrator must select the respective client accounts in the clients list and click the Group operations link located above the table. The Client group operations page opens, where the administrator is able to change the DNS zones settings, permissions and settings for the selected client accounts. Enabling / Disabling Client Accounts The administrator can turn Client accounts ON or OFF. There are two ways for an administrator to enable / disable a client account: 1. In the Clients management page, the administrator must click the respective client's name. In the Tools area of the client's settings page, Administrator's User Guide 61

62 the administrator must click the Switch Client OFF button to disable the client account, or account. Switch Client ON button to enable the client 2. The status of the client account can be modified by clicking the S column displayed in the Clients list in the Clients Management page (The icon can be if the client is active, or if the client is disabled). Editing Client Information The administrator can edit existing Client accounts. In the respective Client's management page click the the details of the chosen account. Edit account details button to modify The Login name must be unique on the system. The Password should be 6 to 14 characters long and should not contain quotes, spaces or national alphabet characters. For security reasons the Password cannot be the same as the Login name. The required fields are marked with an asterisk. Click OK to save the changes you have made. Click Cancel, if you want to return to the previous page without saving these changes. Managing DNS Templates The administrator can create and manage client DNS templates. DNS templates automate the creation of zones because they insert predefined, dynamically generated records. The client DNS templates are available only to the client account where the template was created. When no client specific template is available, the client can choose the server template in the DNS Zone creation step Administrator's User Guide 62

63 In the Clients management page, click the Client's name, then click the DNS templates button to manage DNS templates for the chosen client. The administrator can add new templates, edit and delete existing templates. 4PSA DNS Manager also accepts internationalized domain names (IDN) - Internet domain names that contain non-ascii characters. Creating a New DNS Template Templates can be created in the New DNS template area of the DNS Templates management page of the respective client. In order to add a DNS template, the administrator must follow the steps: 1. Enter a name in the Template name text box. 2. Choose the type of the template by clicking the respective radio box. The available options are: Forward - a template for forward DNS zones Reverse - a template for reverse DNS zones E a template for E.164 zones 3. Click the OK button. A new page opens. Here, the administrator can add dns records by pressing the Add DNS records button. The administrator can also add template IPs by pressing the Template IPs button. Managing a Template's DNS Records To access the Template management section, click the name of the template. In this area, the administrator can view the list of DNS Records included in the template. The following details are available: Host This field displays the host name or IP address of every DNS Record Administrator's User Guide 63

64 Record type This is the type of the DNS Record Value Depending on the Record type, this field displays an IP address, an alias, a name server, a host name, or a text. M By clicking the corresponding DNS Record. icon, the administrator can edit the details of the The administrator can also remove DNS Records from a template. Enable the corresponding check box and follow the Remove Selected link. 4PSA DNS Manager will ask for your confirmation before the Records will be permanently deleted. Multiple Records can be deleted at the same time. Adding a DNS record to the template To add a DNS record to the template, the administrator must click the Add DNS records button in the respective Template's management page. The Add new record page opens. The administrator must choose the record type and configure each record accordingly. The following types of DNS records are available: For Forward DNS Zones IP Address (A) - Maps a hostname to a 32-bit IPv4 address. Type A rules have the following format: hostname. IN A XXX.XXX.XXX.XXX where: XXX.XXX.XXX.XXX is the IP address for the hostname. hostname. is the zone name or one of its subdomains. For example: domain.com. IN A subdomain.domain.com. IN A For more information about this type of record, go to html/rfc1035. AAAA Record (AAAA) - Maps a hostname to a 128-bit IPv6 address. AAAA rules have the following format: hostname. IN AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA where: AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA is the IPv6 address for the hostname Administrator's User Guide 64

65 hostname. is the zone name or one of its subdomains. For example: domain.com. IN AAAA abcd:1234:ffff:0:12:3:ab1:aa subdomain.domain.com. IN AAAA abcd:1234:ffff:0:12:3:ab1:aa For more information about this type of record, go to html/rfc3596. Alias for record (CNAME) - Canonical name record is an alias (or nickname) of one name to another. The A record to which the alias points can be either local or remote - on a foreign name server. This is useful when running multiple services (like an FTP and a webserver) from a single IP address. Each service can then have its own entry in DNS (like ftp.example.com. and It is also used when running multiple HTTP servers, with different names, on the same physical host. CNAME rules have the following format: hostname. IN CNAME servername. where: hostname. is the zone name or one of its subdomains servername. is a fully qualified domain name (FQDN) either inside or outside the zone. For example: ftp.domain.com. IN CNAME inside.domain.com. ftp1.domain.com IN CNAME outside.zone.com. Rfc 1034 states: If a CNAME record is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different. In order for these requirements to be met in 4PSA DNS Manager, the value specified in the Zone alias name field of the CNAME record cannot be set for the DNS Zone name filed in NS, A, AAAA, SRV, CNAME and TXT records or for the Zone field in an MX record. For more information about this type of record, go to html/rfc Administrator's User Guide 65

66 Nameserver (NS) - Maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records. NS rules have the following format: hostname. IN NS servername. where: hostname. is the zone name or one of its subdomains servername. is a domain name which specifies an authoritative host for the specified hostname. For example: domain.com. IN NS ns1.example.com. domain.com. IN NS ns2.example.com. The NS records of $ORIGIN are displayed in bold characters. 4PSA DNS Manager allows to choose in the interface which is the primary nameserver on a zone (required for some local TLDs). In order to setup an NS record as primary check Make primary when you add/edit the desired NS record. Caution For BIND to take a DNS zone into consideration, at least one NS record must be defined for $ORIGIN in the respective zone. For best practice, it is recommended to have at least two NS records defined for each public domain. For more information about this type of record, go to html/rfc1035. Mail exchanger (MX) - Maps a domain name to a list of mail exchange servers for that domain. MX rules have the following format: hostname. IN MX preference servername. where: hostname. is the zone name or one of its subdomains preference indicates the hostname's priority. The lower the preference, the higher the priority. This parameter accepts values between 0 and Administrator's User Guide 66

67 servername. is a fully qualified domain name (FQDN) inside the zone For example: mail.domain.com. IN MX 10 domain.com. webmail.domain.com. IN MX 5 domain.com. For more information about this type of record, go to html/rfc1035. Text record (TXT) - Allows an administrator to insert arbitrary text into a DNS record. This has been used to implement new functions with DNS support without allocating new record types. For example, this record is used to implement the Sender Policy Framework and DomainKeys specifications. TXT rules have the following format: hostname. IN TXT "Text information" where: hostname. is the zone name or one of its subdomains "Text information" can be any type of string including strings generated by SPF Rules For example: domain.com. IN TXT "k=rsa; p=mewwdqyerwqewwe" subdomain.domain.com. IN TXT "this is a test" For more information about this type of record, go to html/rfc1035. Service Record (SRV) - Specifies the location of the server(s) for a specific protocol and domain. SRV rules have the following format: _Service._Protocol.Hostname. IN SRV TTL Priority Weight Port Target where: Service is the symbolic name of the desired service. You can find a list of the available services at Protocol is the protocol of the desired service. This is usually TCP or UDP, but 4PSA DNS Manager supports all the protocols listed here Hostname. is the domain name for which the record is valid. TTL is the standard DNS time to live field. If there is no TTL specified for the record, the TTL value for the zone will be employed Administrator's User Guide 67

68 Priority is the priority of the target host. The lower the value, the higher the priority level. Weight indicates a relative weight between records with the same priority. Port is the port on which the service is to be found. Target is the domain name of the target host. For example: The Target parameter can not be an alias (CNAME). When Target is set to. the service is unavailable. _service._tcp.domain.com. IN SRV subdomain.domain.com. *._tcp.domain.com. IN SRV ; no other service is available on tcp protocol For more information about this type of record, go to html/rfc2782. For Reverse DNS Zones Nameserver (NS) - Specifies a host which should be authoritative for the specified class. For class C reverse zones, 4PSA DNS Manager accepts NS records for $ORIGIN and supports classless delegation records, as described in RFC 2317, chapter 4. The NS records of $ORIGIN are displayed in bold characters. 4PSA DNS Manager allows to choose in the interface which is the primary nameserver on a zone (required for some local TLDs). In order to setup an NS record as primary check Make primary when you add/edit the desired NS record. Caution For BIND to take a DNS zone into consideration, at least one NS record must be defined for $ORIGIN in the respective zone Administrator's User Guide 68

69 For best practice, it is recommended to have at least two NS records defined for each public domain. Class A and B zones support NS records for $ORIGIN and inferior class zones and do not support classless delegation records. For class C reverse zones, 4PSA DNS Manager automatically generates CNAME records that correspond to the NS records created for classless delegation records. If the Automatically generate CNAME records for delegated subnets check box is selected, than the CNAME records will be automatically generated. This check box is available only for NS records with a subnet mask lower than 24 (having a numeric value higher than 24). NS rules have the following format: ip_part.host_ip_addr.in-addr.arpa. IN NS servername. where: host_ip_addr.in-addr.arpa. is the zone name. ip_part is the IP section that completes the IP address when prepended to host_ip_addr (for class A, B and D zones, and for class C $ORIGIN NS). for classless delegation records, ip_part is the IP section that completes the IP address when prepended to host_ip_addr including the subnet mask. servername. is a domain name which specifies an authoritative host for the specified zone. For example: in-addr.arpa. IN NS ns2.server.com in-addr.arpa. IN NS ns3.server.com. 0/ in-addr.arpa. IN NS example.com. For more information about this type of record, go to html/rfc1035. Reverse record (PTR) - Maps an IPv4 address to the canonical name for that host. Setting up a PTR record for a hostname in the in-addr.arpa. domain that corresponds to an IP address implements reverse DNS lookup for that address. PTR rules have the following format: IPaddress IN PTR hostname. where: IPaddress is the IPv4 address in the IN-ADDR.ARPA. domain Administrator's User Guide 69

70 hostname. is the corresponding location in the domain name space For example: in-addr.arpa. IN PTR test.com. For more information about this type of record, go to html/rfc1035. Alias for record (CNAME) - A canonical name record is an alias of one name to another. According to RFC 2317, CNAME records are only supported in C class reverse zones. CNAME rules have the following format: ip_part.network.host_ip_addr.in-addr.arpa. IN CNAME ip_part.host_ip_addr.in-addr.arpa. where: ip_part is the IP section that completes the IP address when prepended to host_ip_addr network is the subnet mask host_ip_addr.in-addr.arpa. is the zone name For example: in-addr.arpa. IN CNAME 0.0/ in-addr.arpa in-addr.arpa. IN CNAME 1.0/ in-addr.arpa in-addr.arpa. IN CNAME 7.0/ in-addr.arpa. For more information about this type of record, go to html/rfc1035. Text record (TXT) - Allows an administrator to insert arbitrary text into a DNS record. This has been used to implement new functions with DNS support without allocating new record types. For example, this record is used to implement the Sender Policy Framework and DomainKeys specifications. TXT rules have the following format: ip_part.host_ip_addr.in-addr.arpa. IN TXT "Text information" where: ip_part is the IP section that completes the IP address when prepended to host_ip_addr host_ip_addr.in-addr.arpa. is the zone name "Text information" can be any type of string Administrator's User Guide 70

71 For example: in-addr.arpa. IN TXT "This is a test" For more information about this type of record, go to html/rfc1035. For E.164 Zones Nameserver (NS) - Maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records. NS rules have the following format: hostname. IN NS servername. where: hostname. is the zone name or one of its subdomains servername. is a domain name which specifies an authoritative host for the specified hostname. For example: 1.2.e164.arpa. IN NS ns1.example.com. 1.2.e164.arpa. IN NS ns2.example.com e164.arpa. IN NS ns1.example.com. The NS records of $ORIGIN are displayed in bold characters. 4PSA DNS Manager allows to choose in the interface which is the primary nameserver on a zone (required for some local TLDs). In order to setup an NS record as primary check Make primary when you add/edit the desired NS record. Caution For BIND to take a DNS zone into consideration, at least one NS record must be defined for $ORIGIN in the respective zone. For best practice, it is recommended to have at least two NS records defined for each public domain. For more information about this type of record, go to html/rfc1035. NAPTR record (NAPTR) - Naming Authority Pointers. NAPTR rules have the following format: Administrator's User Guide 71

72 order preference services flag regexp replacement where: order indicates the order in which records are to be processed when a query returns multiple NAPTR records preference indicates the processing order for multiple records with identical order services indicate the resolution protocol and resolution services employed when applying a rewrite according to the regexp or replacement field flag is a modifier that affects the next DNS lookup regexp is the primary field used for rewrite rules replacement is a secondary field used for rewrite rules For example: 1.2.e164.arpa. IN NAPTR "u" "sip+e2u" "!^.*$! sip:[email protected]!i". 1.2.e164.arpa. IN NAPTR "u" "smtp+e2u" "!^.*$! mailto:[email protected]!i". For more information about this type of record, go to html/rfc3403. Table 4.3. DNS Template Example Host Record Type Value [domain]. NS ns.[domain]. [domain]. A [IP] [domain]. MX (10) mail.[domain]. ftp.[domain]. CNAME [domain]. mail.[domain]. A [IP] ns.[domain]. A [IP] webmail.[domain]. A [IP] Administrator's User Guide 72

73 Managing a Template's IPs To access the Template's IP Management page, the administrator must click the template's name in the templates list and then the Template IPs button. This page displays the list of the template's IPs and allows the administrator to add new IPs. The following details are available for the existing IPs: T - The icon in this column shows the type of the IP address. It can be - master or - allow transfer. The type of the IP can be changed by pressing the icon in this column. IP: IP address - The IP address When the IPs list is too long, the Search feature may be used to find specific The administrator can write the search criteria in the text box. By clicking the button or the Search label, the system will display only the IPs that match the search criteria. To display the entire list, the administrator must press the the Show all label. button or To add an IP to the template, the administrator must specify the respective IP in the appropriate field from the Add Template IPs section: Add the following master IPs to slave zones - for master IPs assigned to slave zones. Multiple IPs can be added by pressing the button. Add the following allow transfer IPs to master zones - for allow transfer IPs assigned to master zones. Multiple IPs can be added by pressing the button. After specifying the IPs, the administrator must click OK to add the respective IPs to the template. Editing DNS Templates In order to edit an existing server global DNS template, the administrator must click its name. In the DNS template management page he can add new DNS Records, edit and delete existing Records, as explained above Administrator's User Guide 73

74 Removing DNS Templates To remove a DNS template the administrator must enable the corresponding check box and follow the Remove Selected link. 4PSA DNS Manager will ask for your confirmation before the templates will be permanently deleted. Multiple templates can be deleted at the same time. Managing DNS Zones Remote Update Locations The remote update locations are files located on remote machines that contain DNS Zone information. 4PSA DNS Manager is able to automatically download these files using the HTTP, HTTPS and FTP protocol in order to load DNS Zone information from remote servers. The administrator can add new locations, view, search, edit, and remove existing remote update locations. For more details about remote update locations, including integration with a current infrastructure see section Remote Update Location Configuration. In the Client management page click the Client's name, then click the Remote Updates button to manage the remote update locations. Warning If the Remove zones no longer present in update source setting is activated for the respective client account, the DNS Zones that have been updated via a remote update location will be deleted if the file that was retrieved from the remote location NO LONGER CONTAINS the definition for the respective zones. If this option is activated, 4PSA DNS Manager displays the following warning message: Zones that are not found in the source update url will be removed from the system. Warning If the Lock zones to an update source setting is activated for the respective client account, a zone will be associated with a single update remote location (the first update location where the zone description is retrieved from). Any other update location that contains a duplicate description will be ignored. If this option is activated, 4PSA DNS Manager displays the following warning message: Administrator's User Guide 74

75 Zones will always be updated from the same URL source for each zone. The URL priorities will not change the update source for existing zone. enabled or The following details are available in the Remote Update Locations page: S This column displays the status of the remote update location: disabled Remote location The URL where the file that contains update information can be found Remote update locations can be also in IDN format. Caution When a remote location is updated, 4PSA DNS Manager clears the hash for all the owner's remote locations! Priority When one zone is defined in two files that can be found in two remote locations, the remote location with the highest priority will be taken into consideration. Update interval The time interval between two consecutive retrievals of the remote location (refresh interval) Last updated The date and time (in month, day, year, hh:mm:ss format) when the last DNS Zone update from the corresponding remote location was performed M Click the icon to edit the details of the remote update location The information can be sorted by the remote update location name, the update interval, and the date of the last update by clicking the corresponding table header links. To instantly update the DNS Zone information with data from the remote location you have just set up, click the Tools section of the page. Update Now button located in the Administrator's User Guide 75

76 Creating a New Remote Update Location In order to add a new remote update location to the system, the administrator must enter all the required details in the Remote Update Locations page, in the New remote update location section: Remote update location The URL of the file that contains the update information (HTTP, HTTPs and FTP protocols supported) Remote update locations can be also in IDN format. 4PSA DNS Manager does NOT support the following URL formats: ftp://username:[email protected] ftp://username:password@ Keep minimum [X] minutes between updates The time interval between two consecutive retrievals of the remote location Remote URL Priority The priority of the zone definitions downloaded from this URL over other (duplicate) zone definitions. If there are two or more update locations, having different priorities, that update the same zone(s), the location that last updates a zone, is called the Owner location. If the Lock zones to an update source setting is: disabled - the zones will be updated by the remote update URL with the highest priority. enabled - the zones will be updated by the remote update owner location, ignoring the priorities. Username - HTTP, HTTPs or FTP authentication username. Password - HTTP, HTTPs or FTP authentication password. Add the following master IPs to slave zones - The IP addresses specified in this field will be recorded in the masters clauses of the named.conf file for SLAVE DNS zones Administrator's User Guide 76

77 Add the following allow transfer IPs to master zones - The IP addresses specified in this field will be recorded in the allow transfer clauses of the named.conf file for MASTER DNS zones The required fields are marked with an asterisk. Click OK to create the new remote update location. Editing Settings of a Remote Update Location The administrator can edit existing remote update locations. In order to modify the settings of an existing remote location, click the corresponding Modify icon. The details of the chosen remote location can be modified in the new page. The required fields are marked with an asterisk. For more informations about these fields consult the Remote Update Location section. Creating a New If the remote location details are modified the application will force the update of the remote locations. A list of the Transfer IP Addresses is available in this page. The Administrator is able to delete one or more of these addresses by selecting the check boxes corresponding to the respective IP addresses and clicking the Remove selected link located above the table. If the list is long, the Search feature may be used to find specific IPs. The administrator can write the search criteria in the text box. By clicking the button or the Search label, the system will display only the IPs that match the search criteria. To display the entire list, the administrator must press the the Show all label. button or Click OK to save the changes you have made. Follow the Up Level link, if you want to return to the previous page without saving these changes. Enabling and disabling the remote update location The administrator is able to change to status of the remote update location by clicking the button located in the Tools area: Administrator's User Guide 77

78 Switch Off - To disable an active update location Switch On - To enable a disabled update location Remote logs The Remote update URL logs page displays a list of events that occurred during remote updates. The administrator is able to view the remote update logs by pressing the Remote Logs icon in the Remote Update Locations page. The following information is available: Date - The date and time when the event occurred. Level - The type of the event. Message - An explanatory message regarding the event. Log Data - Specific information regarding the event. The administrator is able to clear the remote update logs by pressing the Clear logs button. When the logs list is too long, the Search feature may be used to find specific logs: The administrator can write the search criteria in the text box. By clicking the button or the Search label, the system will display only the logs that match the search criteria. To display the entire list, the administrator must press the the Show all label. button or Removing a Remote Update Location In order to delete a remote update location, enable the corresponding check box and follow the Remove Selected link. 4PSA DNS Manager will ask for confirmation before the locations will be permanently deleted. Multiple locations can be deleted at the same time Administrator's User Guide 78

79 Removing Client Accounts The administrator can remove Client accounts. A list with all accounts is available in the Clients management page. To delete a Client account, enable the corresponding check box and follow the Remove Selected link. 4PSA DNS Manager will ask for your confirmation before the accounts will be permanently deleted. Multiple accounts can be deleted at the same time. Managing Custom Buttons Available for a Client Click the Custom buttons button in order to manage the custom buttons available for the selected client. In this area you can add new buttons, edit and delete the available buttons. In the custom buttons list the following details are available: S The status of the button displayed using an icon: Disabled. A The availability of the button Enabled or L The location of the button: means that the button is displayed in the left panel and means that the button is placed in the right panel. I The icon associated with the button If the button is associated with the default icon, 4PSA DNS Manager displays Label This is the label that will be displayed bellow the button URL This is the URL which will open in a pop-up window when you click the button Priority The value in this text box defines the order in which the custom buttons are displayed in the interface. The information can be sorted by button label, URL, and context help by clicking the table header links Administrator's User Guide 79

80 Adding Custom Buttons In order to add a new button, click Add custom button available in the Actions area. In this area the following fields are available: Label This is the label that will be displayed bellow the button. Title This is the tip that will be displayed when the mouse is positioned on the button's icon. Location Use this drop down list to choose where the button will be displayed: Default image for all skins When this option is enabled, 4PSA DNS Manager displays a default icon for the button. If you disable this check box, 4PSA DNS Manager displays additional controls that allow you to load custom icons for the button: Use the Browse button to locate a graphic file on your computer. Enable the check box corresponding to the skin where the icon will be used. Enable the All skins check box if you want to use the same icon for all the 4PSA DNS Manager skins installed on the server. You can use the time. buttons to add icons for different skins at the same Client ID When this option is selected, the ID of the currently selected client is appended to the URL linked with the button. E.g.: Priority The value in this text box defines the order in which the custom buttons are displayed in the interface. URL This is the URL which will open in a pop-up window, when you click the button. Context help This is the description of the button that will appear in the context help area on mouse-over. Inheritance level Use this drop down list to specify the visibility of the button: 0 The button is visible only to the client user. 1 The button is visible to multiple users Administrator's User Guide 80

81 Action Use this drop down list to choose if the URL will be opened in the: Current window or New window Click OK to update the button's details. Click Cancel, if you want to return to the previous page without saving the button. Editing Custom Buttons In order to edit the existing buttons click the button label link. You can modify the available fields, as presented in the Adding a Custom Button section. Click OK to update the button's details. Click Cancel, if you want to return to the previous page without saving the changes. Removing Custom Buttons To remove a custom button, enable the corresponding check box and follow the Remove Selected link. 4PSA DNS Manager will ask for your confirmation before the buttons will be permanently deleted. Multiple buttons can be deleted at the same time. Client Group Operations The administrator can manage the DNS Zone settings, the permissions and limits for selected clients. In the Clients page, enable the check boxes corresponding to the clients you want to select and click the Group Operations link. In the Clients Group Operations page, the administrator is able to perform the chosen operations which will apply to all the selected clients. DNS Zone Settings for a Client Group The administrator can manage the following DNS Zone settings for the selected clients: Refresh time 32 bit time value in seconds. This is the period of time that the secondary name server should wait before checking with the primary server to see whether the data has been modified. Default value: seconds Administrator's User Guide 81

82 RFC 1912 recommends 1200 to seconds, if your data is volatile or (12 hours) if it is not. Retry time Signed 32 bit value in seconds. When a secondary name server requests for a Zone refresh from the primary server and this fails to respond, the secondary name server waits for the refresh time before attempting another Zone refresh after the failed attempt. Default value: 3600 seconds. Expire time Signed 32 bit value in seconds. This setting indicates when the Zone is no longer authoritative and new interrogation of the root servers is required. It applies to Slaves only. Default value: seconds. RFC 1912 recommends to seconds (2 4 weeks). Minimum TTL This value is used as the default TTL for new Records created within the Zone. It is also used by other DNS servers to cache negative responses (for example when a Record does not exist). Default value: seconds. Default TTL Signed 32 bit value in seconds. This is the amount of time that Zone Records are kept in a remote host cache. It is recommended that this value be set large. A small value will force remote servers to query the DNS server again for unchanged data. Default value: seconds. Permissions for a Client Group In order to manage permissions for the selected clients, the administrator must enable the corresponding check boxes and click Update. He can choose not to change the existing settings, can enable and disable the available permissions. Remove zones no longer present in update source When this option is enabled, DNS Zones that have been updated via a remote update location will be deleted if the file that was retrieved from the remote location NO LONGER CONTAINS the definition for the respective zones. This setting helps administrators keep the 4PSA DNS Manager server perfectly synchronized with the remote update locations. The administrator can enable/disable this option, or he can allow the client to manage this option, by selecting the Client setting radio box. Lock zones to an update source When this option is enabled, a zone will be associated with a single update remote location (the first update location Administrator's User Guide 82

83 where the zone description is retrieved from). Any other update location that contains a duplicate description will be ignored. The administrator can enable/ disable this option, or he can allow the client to manage this option, by selecting the Client setting radio box. Allow to add/remove remote update locations When this option is enabled, the client is allowed to add new remote update locations. Allow to modify remote update locations When this option is enabled, the client is allowed to edit current remote update locations. Allow to add/remove DNS templates When this option is enabled, the client is allowed to add new DNS templates to the system and delete personal templates. Allow round robin management - When this option is enabled, the DNS Round Robin button will be visible in the client's Tools area when editing a forward DNS zone, regardless of the user being logged in with administrator or client credentials. Forward DNS Zones management - This section contains permissions regarding the management of forward DNS zones. The following options are available: Do not change - The settings for Forward DNS Zones Management will not be changed Manage forward DNS zones and records - When this option is enabled, the client is allowed to add and remove forward DNS zones AND records. Manage forward DNS records only - When this option is enabled, the client is allowed to add and remove ONLY forward DNS records. View forward DNS zones and records - When this option is enabled, the client is allowed only to VIEW forward DNS zones and records. Reverse DNS Zones Management - The following options are available for the management of the reverse DNS zones: Do not change - The settings for Reverse DNS Zones Management will not be changed Manage reverse DNS zones and records - The client is allowed to create and remove reverse zones and DNS records Manage reverse DNS records only - The client is allowed to add and remove only DNS records View reverse DNS zones and records - The client is allowed only to view the reverse zones and DNS records Administrator's User Guide 83

84 Forbid access to reverse DNS zones - The client cannot manage reverse DNS zones E.164 DNS Zones Management - The following options are available for the management of the E.164 DNS zones: Do not change - The settings for E.164 DNS Zones Management will not be changed Manage E.164 DNS zones and records - The client is allowed to create and remove E.164 zones and DNS records Manage E.164 DNS records only - The client is allowed to add and remove only DNS records View E.164 DNS zones and records - The client is allowed only to view the E.164 zones and DNS records Forbid access to E.164 DNS zones - The client cannot manage E.164 DNS zones Limits for a Client Group In order to manage the limits that apply to the selected clients, edit the corresponding fields and click Update. Maximum number of DNS Zones This is the maximum number of DNS Zones that the client can add to the system. Maximum number of remote update locations This is the maximum number of remote update locations the client is allowed to add to the system. If you do not want to limit a parameter, select the Unlimited option. The administrator can choose not to change the existing values, can change them and he can set the limits to unlimited for the selected clients. Impersonate The administrator is able to view the interface from a client's perspective. In order to do this, the administrator must click the respective client's name in the Clients Management page and then the Impersonate button located Administrator's User Guide 84

85 in the Tools area. To return to normal view mode, the administrator must click the Return to my account link located in the left panel navigation area Administrator's User Guide 85

86 Chapter 5 Managing DNS Zones The administrator can add new DNS Zones to the 4PSA DNS Manager system and manage the DNS Records for a Zone. To access the DNS Zones Management page, the administrator must click the DNS Zones link available in the navigation menu. This page displays a list of the available DNS zones. The following details are available: or S This column displays the status of the corresponding zone: inactive. Click the icon to change the status. active Master or T This column displays the type of the corresponding DNS Zones: Slave. DNS Zone name The name of the DNS Zone First name server The host name of the first name server registered on this DNS Zone Administrator's User Guide 86

87 The first name server of slave zones is not displayed. Created The date when the zone was created on the system The information can be sorted by type, DNS Zone name, client name, and creation date by clicking the table header links. If you are searching for a specific DNS Zone, you can use the following search features: Search Fill in the text you are looking for in the text box and include [ ] records also - Select the check box if you want to search through the Value field, from the DNS records. Adding a New DNS Zone In order to add a new DNS Zone, the administrator must click the Add DNS Zone button located in the Tools area. In the page that opens, the administrator must click the name of the client who will be the owner of the new DNS Zone. Adding a Single or Multiple DNS zone names In this page, the administrator can add a single DNS Zone to the Client account, multiple DNS Zone names from a local file or multiple DNS Zones with complete DNS Records. 4PSA DNS Manager also accepts internationalized domain names (IDN) - Internet domain names that contain non-ascii characters. Adding a Single DNS Zone Name In order to add a single DNS Zone name, the administrator must enter all the information required in the Add DNS Zone name section of the page. DNS Zone name Enter a valid DNS Zone name that is unique in the system. You can add a Forward Zone, a Reverse Zone or an E.164 Zone. The name must be unique in the system. Here are some typical examples: Administrator's User Guide 87

88 For forward zones, one must use the following format: <lower level domain(s)>.<top level domain>. For instance: racksoft.com wikipedia.org amazon.co.uk For reverse zones, one must use the following format: <lower level domain(s)>.in-addr.arpa. For instance: IN-ADDR.ARPA IN-ADDR.ARPA For E.164 zone, one must use the following format <lower level domain(s)>.e164.arpa. For instance: E164.ARPA E164.ARPA For reverse zones, 4PSA DNS Manager accepts the following Zone Name types: Class A (/8) - 1.IN-ADDR.ARPA Class B (/16) IN-ADDR.ARPA Class C(/24) IN-ADDR.ARPA Zone Names with a mask lower than 24 (having a numeric value higher than 24) - 192/ IN-ADDR.ARPA that covers IPs between and ; or IN-ADDR.ARPA for a complete /32 delegation. Prior to RFC 2181 '/' was not a legal character for a domain name or label so an alternate construct using '-' could be used instead, that's why 4PSA DNS Manager supports both characters. DNS Zone template The administrator can use the DNS Zone templates available or can choose not to use any template at all. Template IP This field is available when a DNS Zone template is selected. All occurrences of [ip] in the DNS Zone template will be replaced by this IP. DNS Zone type The type of the DNS Zone can be master or slave. A slave zone will acquire it's zone data only after receiving the notification from the respective master zone, or after it is manually reloaded on the server. 4PSA DNS Administrator's User Guide 88

89 Manager does not reload slave zones due to the extra overhead involved on busy environments, therefore is recommended to setup notifications on master zones. When the chosen type is master, the Allow DNS Zone transfer option becomes available and the Slave DNS servers IP addresses option is disabled. When the chosen type is slave, the Transfer DNS Zone from master servers option is enforced and the Master DNS servers IP addresses option becomes available. Forward Zone - When this option is enabled, this is considered to be a regular zone. Reverse Zone When this option is enabled, this is considered to be a zone used for reverse DNS lookup (i.e. a zone in the in-addr.arpa domain). E.164 Zone - When this option is enabled, this is considered to be an E.164 zone used for mapping telephone numbers into DNS (i.e. a zone in the e164.arpa domain). Allow DNS Zone transfer When this option is enabled, allowed slave servers will be able to retrieve the Zone information from the master server (in this case the 4PSA DNS Manager system). Slave DNS servers IP addresses When the Allow DNS Zone transfer option is enabled, you can enter the IP addresses of the slave DNS servers in this text box. Click the plus/minus icons to add/remove slave IP addresses. The DNS Zone will be transferred only to these IP addresses. When the chosen type of the DNS Zone is slave, the following options MUST BE enabled: Transfer DNS Zone from master servers The DNS Zone information will be transferred from the master DNS servers with the IP addresses set in the field below. Master DNS servers IP addresses Use this text box to specify the IP addresses of the master DNS servers. The required fields are marked with an asterisk. Click OK to create the new DNS Zone. Click Cancel, if you want to return to the previous page without creating the DNS Zone. Adding Multiple DNS Zones with Complete DNS Records In order to add multiple DNS Zones with complete DNS Records, the administrator must click the Add DNS Zone button. In the DNS Zone Administrator's User Guide 89

90 management page click the name of the client who will be the owner of the new DNS Zone, then click the Full zones from file button available in the Tools area. The following fields will be displayed: Select file Enter the name of the file that contains the DNS Zone names or click the Browse button to locate the desired file. The uploaded file MUST be in dump format (identical to the file generated by backing up DNS zones in 4PSA DNS Manager). For more information on the dump file format, please read the Supported Dump File examples appendix. A slave zone will acquire it's zone data only after receiving the notification from the respective master zone, or after it is manually reloaded on the server. 4PSA DNS Manager does not reload slave zones due to the extra overhead involved on busy environments, therefore is recommended to setup notifications on master zones. Allow DNS Zone transfer When this option is enabled, allowed slave servers will be able to retrieve the Zone information from the master server (in this case the 4PSA DNS Manager system). Add the following allow transfer IPs to master zones - The IP addresses specified in this field will be recorded in the allow transfer clauses of the named.conf file for MASTER DNS zones Add the following master IPs to slave zones - The IP addresses specified in this field will be recorded in the masters clauses of the named.conf file for SLAVE DNS zones Click OK to create the new DNS Zone. Click Cancel, if you want to return to the previous page without creating the DNS zone. This may take some time depending on the size of the file you have specified. Editing DNS Zones In order to edit a DNS Zone, the administrator must click the chosen DNS Zone name and enter the DNS Zone management page Administrator's User Guide 90

91 Warning Records of zones that have been added from a remote location cannot be modified from interface. For zones added from remote locations, 4PSA DNS Manager displays the following warning message: This zone is managed by Remote Update and can not be edited in the interface. In the DNS Zone management page, the administrator can view several details: DNS Zone type This field displays the type of the DNS Zone, which can be Master or Slave. It also displays the number of Transfer IPs for Master zones and the number of Master IPs for Slave zones respectively. A slave zone will acquire it's zone data only after receiving the notification from the respective master zone, or after it is manually reloaded on the server. 4PSA DNS Manager does not reload slave zones due to the extra overhead involved on busy environments, therefore is recommended to setup notifications on master zones. Hosts in this zone - Displays the first and last available IP (these parameters depend on the reverse zone ip class). Hosts in this zone is displayed only for reverse DNS zones. Last DNS Zone update This field displays the date when the DNS Zone was last updated by the user or from the remote update location Last DNS Zone update source The source of the last update. The DNS Zone can be updated from the interface or from a remote update location. If the zone was update from a remote location, the icon is displayed. Click this icon to access the configuration page of the respective remote update location. The administrator can add new DNS Records, view and delete existing Records. Click the DNS Zone name to manage the Zone Records Administrator's User Guide 91

92 For Slave DNS Zones you cannot add Records and the current Records are not displayed because the actual DNS Records are transferred from the master server(s). In the list of existing DNS Records, the following details are available: S - Indicates whether the record is enabled or disabled. The icon indicates that the record is enabled. Click it to disable the corresponding record. The icon indicates that the record is disabled. Click it to enable the corresponding record. The icon indicates that the record has been temporarily disabled by Round Robin who hasn't been able to access it. Warning The records status can be modified only for zones added from the 4PSA DNS Manager control panel. P - Indicates whether there are any Round Robin polls monitoring the record. The icon indicates there are Round Robin polls set up for the corresponding record. Clicking it will open the Round Robin polls management page for the record. The icon indicates there are no Round Robin polls set up for the corresponding record. Warning This column is available only for forward zones added from the 4PSA DNS Manager control panel. Host This field displays the host name or IP address of every DNS Record Record type This is the type of the DNS Record. Based on the DNS Zone type it can be: For Forward DNS Zones Administrator's User Guide 92

93 IP Address (A) - Maps a hostname to a 32-bit IPv4 address. Type A rules have the following format: hostname. IN A XXX.XXX.XXX.XXX where: XXX.XXX.XXX.XXX is the IP address for the hostname. hostname. is the zone name or one of its subdomains. For example: domain.com. IN A subdomain.domain.com. IN A For more information about this type of record, go to html/rfc1035. AAAA Record (AAAA) - Maps a hostname to a 128-bit IPv6 address. AAAA rules have the following format: hostname. IN AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA where: AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA is the IPv6 address for the hostname. hostname. is the zone name or one of its subdomains. For example: domain.com. IN AAAA abcd:1234:ffff:0:12:3:ab1:aa subdomain.domain.com. IN AAAA abcd:1234:ffff:0:12:3:ab1:aa For more information about this type of record, go to html/rfc3596. Alias for record (CNAME) - Canonical name record is an alias (or nickname) of one name to another. The A record to which the alias points can be either local or remote - on a foreign name server. This is useful when running multiple services (like an FTP and a webserver) from a single IP address. Each service can then have its own entry in DNS (like ftp.example.com. and It is also used when running multiple HTTP servers, with different names, on the same physical host. CNAME rules have the following format: hostname. IN CNAME servername. where: hostname. is the zone name or one of its subdomains Administrator's User Guide 93

94 servername. is a fully qualified domain name (FQDN) either inside or outside the zone. For example: ftp.domain.com. IN CNAME inside.domain.com. ftp1.domain.com IN CNAME outside.zone.com. Rfc 1034 states: If a CNAME record is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different. In order for these requirements to be met in 4PSA DNS Manager, the value specified in the Zone alias name field of the CNAME record cannot be set for the DNS Zone name filed in NS, A, AAAA, SRV, CNAME and TXT records or for the Zone field in an MX record. For more information about this type of record, go to html/rfc1035. Nameserver (NS) - Maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records. NS rules have the following format: hostname. IN NS servername. where: hostname. is the zone name or one of its subdomains servername. is a domain name which specifies an authoritative host for the specified hostname. For example: domain.com. IN NS ns1.example.com. domain.com. IN NS ns2.example.com. The NS records of $ORIGIN are displayed in bold characters. 4PSA DNS Manager allows to choose in the interface which is the primary nameserver on a zone (required for some local TLDs). In order to setup an NS record as primary check Make primary when you add/edit the desired NS record Administrator's User Guide 94

95 Caution For BIND to take a DNS zone into consideration, at least one NS record must be defined for $ORIGIN in the respective zone. For best practice, it is recommended to have at least two NS records defined for each public domain. For more information about this type of record, go to html/rfc1035. Mail exchanger (MX) - Maps a domain name to a list of mail exchange servers for that domain. MX rules have the following format: hostname. IN MX preference servername. where: hostname. is the zone name or one of its subdomains preference indicates the hostname's priority. The lower the preference, the higher the priority. This parameter accepts values between 0 and 50. servername. is a fully qualified domain name (FQDN) inside the zone For example: mail.domain.com. IN MX 10 domain.com. webmail.domain.com. IN MX 5 domain.com. For more information about this type of record, go to html/rfc1035. Text record (TXT) - Allows an administrator to insert arbitrary text into a DNS record. This has been used to implement new functions with DNS support without allocating new record types. For example, this record is used to implement the Sender Policy Framework and DomainKeys specifications. TXT rules have the following format: hostname. IN TXT "Text information" where: hostname. is the zone name or one of its subdomains "Text information" can be any type of string including strings generated by SPF Rules For example: domain.com. IN TXT "k=rsa; p=mewwdqyerwqewwe" Administrator's User Guide 95

96 subdomain.domain.com. IN TXT "this is a test" For more information about this type of record, go to html/rfc1035. Service Record (SRV) - Specifies the location of the server(s) for a specific protocol and domain. SRV rules have the following format: _Service._Protocol.Hostname. IN SRV TTL Priority Weight Port Target where: Service is the symbolic name of the desired service. You can find a list of the available services at Protocol is the protocol of the desired service. This is usually TCP or UDP, but 4PSA DNS Manager supports all the protocols listed here Hostname. is the domain name for which the record is valid. TTL is the standard DNS time to live field. If there is no TTL specified for the record, the TTL value for the zone will be employed. Priority is the priority of the target host. The lower the value, the higher the priority level. Weight indicates a relative weight between records with the same priority. Port is the port on which the service is to be found. Target is the domain name of the target host. For example: The Target parameter can not be an alias (CNAME). When Target is set to. the service is unavailable. _service._tcp.domain.com. IN SRV subdomain.domain.com. *._tcp.domain.com. IN SRV ; no other service is available on tcp protocol For more information about this type of record, go to html/rfc2782. For Reverse DNS Zones Administrator's User Guide 96

97 Nameserver (NS) - Specifies a host which should be authoritative for the specified class. For class C reverse zones, 4PSA DNS Manager accepts NS records for $ORIGIN and supports classless delegation records, as described in RFC 2317, chapter 4. The NS records of $ORIGIN are displayed in bold characters. 4PSA DNS Manager allows to choose in the interface which is the primary nameserver on a zone (required for some local TLDs). In order to setup an NS record as primary check Make primary when you add/edit the desired NS record. Caution For BIND to take a DNS zone into consideration, at least one NS record must be defined for $ORIGIN in the respective zone. For best practice, it is recommended to have at least two NS records defined for each public domain. Class A and B zones support NS records for $ORIGIN and inferior class zones and do not support classless delegation records. For class C reverse zones, 4PSA DNS Manager automatically generates CNAME records that correspond to the NS records created for classless delegation records. If the Automatically generate CNAME records for delegated subnets check box is selected, than the CNAME records will be automatically generated. This check box is available only for NS records with a subnet mask lower than 24 (having a numeric value higher than 24). NS rules have the following format: ip_part.host_ip_addr.in-addr.arpa. IN NS servername. where: host_ip_addr.in-addr.arpa. is the zone name ip_part is the IP section that completes the IP address when prepended to host_ip_addr (for class A, B and D zones, and for class C $ORIGIN NS) for classless delegation records, ip_part is the IP section that completes the IP address when prepended to host_ip_addr including the subnet mask Administrator's User Guide 97

98 servername. is a domain name which specifies an authoritative host for the specified zone. For example: in-addr.arpa. IN NS ns2.server.com in-addr.arpa. IN NS ns3.server.com. 0/ in-addr.arpa. IN NS example.com. For more information about this type of record, go to html/rfc1035. Reverse record (PTR) - Maps an IPv4 address to the canonical name for that host. Setting up a PTR record for a hostname in the in-addr.arpa. domain that corresponds to an IP address implements reverse DNS lookup for that address. PTR rules have the following format: IPaddress IN PTR hostname. where: IPaddress is the IPv4 address in the IN-ADDR.ARPA. domain hostname. is the corresponding location in the domain name space For example: in-addr.arpa. IN PTR test.com. For more information about this type of record, go to html/rfc1035. Alias for record (CNAME) - A canonical name record is an alias of one name to another. According to RFC 2317, CNAME records are only supported in C class reverse zones. CNAME rules have the following format: ip_part.network.host_ip_addr.in-addr.arpa. IN CNAME ip_part.host_ip_addr.in-addr.arpa. where: ip_part is the IP section that completes the IP address when prepended to host_ip_addr network is the subnet mask host_ip_addr.in-addr.arpa. is the zone name For example: in-addr.arpa. IN CNAME 0.0/ in-addr.arpa in-addr.arpa. IN CNAME 1.0/ in-addr.arpa Administrator's User Guide 98

99 in-addr.arpa. IN CNAME 7.0/ in-addr.arpa. For more information about this type of record, go to html/rfc1035. Text record (TXT) - Allows an administrator to insert arbitrary text into a DNS record. This has been used to implement new functions with DNS support without allocating new record types. For example, this record is used to implement the Sender Policy Framework and DomainKeys specifications. TXT rules have the following format: ip_part.host_ip_addr.in-addr.arpa. IN TXT "Text information" where: ip_part is the IP section that completes the IP address when prepended to host_ip_addr host_ip_addr.in-addr.arpa. is the zone name "Text information" can be any type of string For example: in-addr.arpa. IN TXT "This is a test" For more information about this type of record, go to html/rfc1035. For E.164 Zones Nameserver (NS) - Maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records. NS rules have the following format: hostname. IN NS servername. where: hostname. is the zone name or one of its subdomains servername. is a domain name which specifies an authoritative host for the specified hostname. For example: 1.2.e164.arpa. IN NS ns1.example.com. 1.2.e164.arpa. IN NS ns2.example.com e164.arpa. IN NS ns1.example.com Administrator's User Guide 99

100 The NS records of $ORIGIN are displayed in bold characters. 4PSA DNS Manager allows to choose in the interface which is the primary nameserver on a zone (required for some local TLDs). In order to setup an NS record as primary check Make primary when you add/edit the desired NS record. Caution For BIND to take a DNS zone into consideration, at least one NS record must be defined for $ORIGIN in the respective zone. For best practice, it is recommended to have at least two NS records defined for each public domain. For more information about this type of record, go to html/rfc1035. NAPTR record (NAPTR) - Naming Authority Pointers. NAPTR rules have the following format: order preference services flag regexp replacement where: order indicates the order in which records are to be processed when a query returns multiple NAPTR records preference indicates the processing order for multiple records with identical order services indicate the resolution protocol and resolution services employed when applying a rewrite according to the regexp or replacement field flag is a modifier that affects the next DNS lookup regexp is the primary field used for rewrite rules replacement is a secondary field used for rewrite rules For example: 1.2.e164.arpa. IN NAPTR "u" "sip+e2u" "!^.*$! sip:[email protected]!i". 1.2.e164.arpa. IN NAPTR "u" "smtp+e2u" "!^.*$! mailto:[email protected]!i" Administrator's User Guide 100

101 For more information about this type of record, go to html/rfc3403. Value Depending on the Record type, this field displays an IP address, an alias, a name server, a host name, or a text. Last update - The date when the record was last modified (from the web based interface, or by updateurl). M By clicking the Modify icon, the administrator can edit the details of the corresponding DNS Record. Warning Records can be modified only for zones added from the 4PSA DNS Manager control panel. In the Tools area the administrator can switch the Zone type from Master to Slave and vice-versa by clicking the Switch to Slave button. Switch to Master or the Backup DNS zone - The administrator can backup the respective DNS zone by clicking the Backup DNS zone button. To add a Master/Slave DNS server IP address enter the IP address in the corresponding field and click Update. In order to configure the custom buttons that can be viewed in the chosen DNS Zone management page, the administrator must click Custom buttons. Enabling/Disabling Zones 1. You can enable or disable a zone whenever you choose to change its status: When the zone is enabled, press the Zone is enabled button in the Tools area. The zone will be disabled and the button will switch to Zone is disabled Administrator's User Guide 101

102 2. When the zone is disabled, press the Zone is disabled button in the Tools area. The zone will be enabled and the button will switch to Zone is enabled. Transfer IP Addresses The Transfer IPs are DNS server IPs that are allowed to transfer (copy) the zone information from the server (master or slave for the zone). These IPs will be recorded in the named.conf file in the acl (Access Control Lists) clauses. Warning The Transfer IP addresses can be modified only for zones that have been added from the 4PSA DNS Manager control panel. The administrator can access thetransfer management page by clicking the Transfer IP addresses button. In this page there are several details available about the DNS Zone: DNS Zone type and Last DNS Zone update The administrator must specify the required IP addresses in the available text boxes. In order to add more slave IP addresses, the administrator must click the icon. Pay particular attention to the Last DNS Zone update. This is the time when the Zone was actually updated by the 4PSA DNS Manager low level program Administrator's User Guide 102

103 Managing Round Robin Polls Editing Round Robin Polls Warning The DNS Round Robin button is available only for forward zones added from the 4PSA DNS Manager control panel. If you are editing a forward zone and if the client is allowed Round Robin management, the DNS Round Robin button will be available in the Tools area. If the forward zone is not allowed Round Robin management, the icon will be grayed out like this DNS Round Robin. Press this button to open the Round Robin polls management page. This page will list all the polls that have been set up for the DNS Zone. The table comprises the following columns: S - Indicates the poll's state. Press the icon in this column to switch between the active and inactive state. Name - Indicates the poll's name. Click on it to edit the poll. Monitored records - Indicates the number of monitored records. Active records - Indicates how many of the monitored records are active. Last update - Indicates the date and time of the most recent update. The final column contains a check box that allows you to select one or multiple polls in the list in case you wish to delete them. Adding Round Robin Polls If you wish to add a new poll, click the Add new poll button in the New Round Robin poll area. In the new page that opens, fill in the following information: Name - Enter the poll's name Tested protocol - Select the protocol you wish to test. The available protocols are HTTP, IMAP, MySQL, PING, POP3, SIP and SMTP Administrator's User Guide 103

104 Monitoring interval - Enter the number of minutes between two subsequent tests. Tested resource - Enter a resource pertaining to the protocol that is to be tested. You can type a particular IP address or hostname, or you can monitor the value set for the selected records. For the later, use the $RR variable. $RR is replaced by one of the entries in the Value column listed for the selected records. You can use expressions such as or test.php. Try resource for X seconds - Enter for how long Round Robin will attempt to access the resource before failing. Then, select the DNS records you wish to add to the poll from the table below. Click the the new poll. Apply changes button to associate the selected records with When you are done, press OK to save your settings and return to the previous page or Cancel to return to the previous page without applying your settings. Setting SOA Parameters The SOA (Start of Authority) Record defines global parameters for the DNS Zone. There is only one SOA Record allowed in a DNS Zone file. The default SOA parameters values for all the DNS Zones that belong to the client account can be modified. The administrator can edit the following options: Serial - The DNS Zone serial number that must be a natural value between 1 and (a 32 bit unsigned number). The value must increment when any resource record in the zone file is updated. A slave (secondary) DNS server will read the master's DNS SOA record periodically, either when refresh expires or when it receives a NOTIFY and will arithmetically compare the value of the serial number it currently stores with the one received from the master (primary) DNS. If the master's serial value is arithmetically higher than the one currently stored by the slave, then a zone transfer is initiated. If the value is the same or lower, then the zone transfer is not initiated and the slave DNS will not update. Serial example: Administrator's User Guide 104

105 This value represents the current date and time ( :20:21) using the UNIX time stamp. The serial is generated automatically - Select this check box if you want the serial number to be automatically generated. Depending on if you enabled this option or not, the serial can behave in three ways: 1. If the check box is selected, than the serial number will be automatically generated. 2. If the check box is selected and the serial number is manually modified, than DNS Manager will use for the first time the modified serial and, after this, it will automatically generate new serial numbers. 3. If the check box is not selected, than the serial will not be automatically generated and the value entered in the Serial text box will be used. This method will force the serial to a certain value and the slave DNS server will never update the zone. Refresh time 32 bit time value in seconds. This is the period of time that the secondary name server should wait before checking with the primary server to see whether the data has been modified. Default value: seconds. RFC 1912 recommends 1200 to seconds, if your data is volatile or (12 hours) if it is not. Retry time Signed 32 bit value in seconds. When a secondary name server requests for a Zone refresh from the primary server and this fails to respond, the secondary name server waits for the refresh time before attempting another Zone refresh after the failed attempt. Default value: 3600 seconds. Expire time Signed 32 bit value in seconds. This setting indicates when the Zone is no longer authoritative and new interrogation of the root servers is required. It applies to Slaves only. Default value: seconds. RFC 1912 recommends to seconds (2 4 weeks). Minimum TTL This value is used as the default TTL for new Records created within the Zone. It is also used by other DNS servers to cache negative Administrator's User Guide 105

106 responses (for example when a Record does not exist). Default value: seconds. Default TTL Signed 32 bit value in seconds. This is the amount of time that Zone Records are kept in a remote host cache. It is recommended that this value be set large. A small value will force remote servers to query the DNS server again for unchanged data. Default value: seconds. Checking the Nameservers You can verify the availability of the name servers for a zone by clicking the Check Name Servers button in the Tools area of the zone's management page. The page will be updated with a new area entitled Check Name Servers which lists all the name servers and displays their availability using the following indicators: Not available - The name server is unavailable. Timed out - The name server did not answer in due time. Available - The name server is available. Unknown - The name server could not be found. Managing DNS Records Warning Records can be added only for zones added from the 4PSA DNS Manager control panel. In order to manage DNS Records for a DNS Zone, the administrator must click the chosen DNS Zone name. In the DNS Zone management page, the administrator can view several details: DNS Zone type This field displays the type of the DNS Zone, which can be Master or Slave. It also displays the number of Transfer IPs for Master zones and the number of Master IPs for Slave zones respectively. Hosts in this zone - Displays the first and last available IP (these parameters depend on the reverse zone ip class) Administrator's User Guide 106

107 Hosts in this zone is displayed only for reverse DNS zones. Last DNS Zone update This field displays the date when the DNS Zone was last updated by the user or from the remote update location Last DNS Zone update source The source of the last update. The DNS Zone can be updated from the interface or from a remote update location. If the zone was update from a remote location, the icon is displayed. Click this icon to access the configuration page of the respective remote update location. The administrator can add new DNS Records, view and delete existing Records. Click the DNS Zone name to manage the Zone Records. For Slave DNS Zones you cannot add Records and the current Records are not displayed because the actual DNS Records are transferred from the master server(s). In the list of existing DNS Records, the following details are available: S - Indicates whether the record is enabled or disabled. The icon indicates that the record is enabled. Click it to disable the corresponding record. The icon indicates that the record is disabled. Click it to enable the corresponding record. The icon indicates that the record has been temporarily disabled by Round Robin who hasn't been able to access it. Warning The records status can be modified only for zones added from the 4PSA DNS Manager control panel. P - Indicates whether there are any Round Robin polls monitoring the record. The icon indicates there are Round Robin polls set up for the corresponding record. Clicking it will open the Round Robin polls management page for the record Administrator's User Guide 107

108 The icon indicates there are no Round Robin polls set up for the corresponding record. Warning This column is available only for forward zones added from the 4PSA DNS Manager control panel. Host This field displays the host name or IP address of every DNS Record Record type This is the type of the DNS Record. Based on the DNS Zone type it can be: For Forward DNS Zones IP Address (A) - Maps a hostname to a 32-bit IPv4 address. Type A rules have the following format: hostname. IN A XXX.XXX.XXX.XXX where: XXX.XXX.XXX.XXX is the IP address for the hostname. hostname. is the zone name or one of its subdomains. For example: domain.com. IN A subdomain.domain.com. IN A For more information about this type of record, go to html/rfc1035. AAAA Record (AAAA) - Maps a hostname to a 128-bit IPv6 address. AAAA rules have the following format: hostname. IN AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA where: AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA is the IPv6 address for the hostname. hostname. is the zone name or one of its subdomains. For example: domain.com. IN AAAA abcd:1234:ffff:0:12:3:ab1:aa subdomain.domain.com. IN AAAA abcd:1234:ffff:0:12:3:ab1:aa For more information about this type of record, go to html/rfc Administrator's User Guide 108

109 Alias for record (CNAME) - Canonical name record is an alias (or nickname) of one name to another. The A record to which the alias points can be either local or remote - on a foreign name server. This is useful when running multiple services (like an FTP and a webserver) from a single IP address. Each service can then have its own entry in DNS (like ftp.example.com. and It is also used when running multiple HTTP servers, with different names, on the same physical host. CNAME rules have the following format: hostname. IN CNAME servername. where: hostname. is the zone name or one of its subdomains servername. is a fully qualified domain name (FQDN) either inside or outside the zone. For example: ftp.domain.com. IN CNAME inside.domain.com. ftp1.domain.com IN CNAME outside.zone.com. Rfc 1034 states: If a CNAME record is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different. In order for these requirements to be met in 4PSA DNS Manager, the value specified in the Zone alias name field of the CNAME record cannot be set for the DNS Zone name filed in NS, A, AAAA, SRV, CNAME and TXT records or for the Zone field in an MX record. For more information about this type of record, go to html/rfc1035. Nameserver (NS) - Maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records. NS rules have the following format: hostname. IN NS servername. where: hostname. is the zone name or one of its subdomains servername. is a domain name which specifies an authoritative host for the specified hostname Administrator's User Guide 109

110 For example: domain.com. IN NS ns1.example.com. domain.com. IN NS ns2.example.com. The NS records of $ORIGIN are displayed in bold characters. 4PSA DNS Manager allows to choose in the interface which is the primary nameserver on a zone (required for some local TLDs). In order to setup an NS record as primary check Make primary when you add/edit the desired NS record. Caution For BIND to take a DNS zone into consideration, at least one NS record must be defined for $ORIGIN in the respective zone. For best practice, it is recommended to have at least two NS records defined for each public domain. For more information about this type of record, go to html/rfc1035. Mail exchanger (MX) - Maps a domain name to a list of mail exchange servers for that domain. MX rules have the following format: hostname. IN MX preference servername. where: hostname. is the zone name or one of its subdomains preference indicates the hostname's priority. The lower the preference, the higher the priority. This parameter accepts values between 0 and 50. servername. is a fully qualified domain name (FQDN) inside the zone For example: mail.domain.com. IN MX 10 domain.com. webmail.domain.com. IN MX 5 domain.com. For more information about this type of record, go to html/rfc Administrator's User Guide 110

111 Text record (TXT) - Allows an administrator to insert arbitrary text into a DNS record. This has been used to implement new functions with DNS support without allocating new record types. For example, this record is used to implement the Sender Policy Framework and DomainKeys specifications. TXT rules have the following format: hostname. IN TXT "Text information" where: hostname. is the zone name or one of its subdomains "Text information" can be any type of string including strings generated by SPF Rules For example: domain.com. IN TXT "k=rsa; p=mewwdqyerwqewwe" subdomain.domain.com. IN TXT "this is a test" For more information about this type of record, go to html/rfc1035. Service Record (SRV) - Specifies the location of the server(s) for a specific protocol and domain. SRV rules have the following format: _Service._Protocol.Hostname. IN SRV TTL Priority Weight Port Target where: Service is the symbolic name of the desired service. You can find a list of the available services at Protocol is the protocol of the desired service. This is usually TCP or UDP, but 4PSA DNS Manager supports all the protocols listed here Hostname. is the domain name for which the record is valid. TTL is the standard DNS time to live field. If there is no TTL specified for the record, the TTL value for the zone will be employed. Priority is the priority of the target host. The lower the value, the higher the priority level. Weight indicates a relative weight between records with the same priority. Port is the port on which the service is to be found. Target is the domain name of the target host Administrator's User Guide 111

112 For example: The Target parameter can not be an alias (CNAME). When Target is set to. the service is unavailable. _service._tcp.domain.com. IN SRV subdomain.domain.com. *._tcp.domain.com. IN SRV ; no other service is available on tcp protocol For more information about this type of record, go to html/rfc2782. For Reverse DNS Zones Nameserver (NS) - Specifies a host which should be authoritative for the specified class. For class C reverse zones, 4PSA DNS Manager accepts NS records for $ORIGIN and supports classless delegation records, as described in RFC 2317, chapter 4. The NS records of $ORIGIN are displayed in bold characters. 4PSA DNS Manager allows to choose in the interface which is the primary nameserver on a zone (required for some local TLDs). In order to setup an NS record as primary check Make primary when you add/edit the desired NS record. Caution For BIND to take a DNS zone into consideration, at least one NS record must be defined for $ORIGIN in the respective zone. For best practice, it is recommended to have at least two NS records defined for each public domain. Class A and B zones support NS records for $ORIGIN and inferior class zones and do not support classless delegation records. For class C reverse zones, 4PSA DNS Manager automatically generates CNAME records that correspond to the NS records created for classless delegation records. If the Automatically generate CNAME records Administrator's User Guide 112

113 for delegated subnets check box is selected, than the CNAME records will be automatically generated. This check box is available only for NS records with a subnet mask lower than 24 (having a numeric value higher than 24). NS rules have the following format: ip_part.host_ip_addr.in-addr.arpa. IN NS servername. where: host_ip_addr.in-addr.arpa. is the zone name ip_part is the IP section that completes the IP address when prepended to host_ip_addr (for class A, B and D zones, and for class C $ORIGIN NS) for classless delegation records, ip_part is the IP section that completes the IP address when prepended to host_ip_addr including the subnet mask servername. is a domain name which specifies an authoritative host for the specified zone. For example: in-addr.arpa. IN NS ns2.server.com in-addr.arpa. IN NS ns3.server.com. 0/ in-addr.arpa. IN NS example.com. For more information about this type of record, go to html/rfc1035. Reverse record (PTR) - Maps an IPv4 address to the canonical name for that host. Setting up a PTR record for a hostname in the in-addr.arpa. domain that corresponds to an IP address implements reverse DNS lookup for that address. PTR rules have the following format: IPaddress IN PTR hostname. where: IPaddress is the IPv4 address in the IN-ADDR.ARPA. domain hostname. is the corresponding location in the domain name space For example: in-addr.arpa. IN PTR test.com. For more information about this type of record, go to html/rfc1035. Alias for record (CNAME) - A canonical name record is an alias of one name to another. According to RFC 2317, CNAME records are only Administrator's User Guide 113

114 supported in C class reverse zones. CNAME rules have the following format: ip_part.network.host_ip_addr.in-addr.arpa. IN CNAME ip_part.host_ip_addr.in-addr.arpa. where: ip_part is the IP section that completes the IP address when prepended to host_ip_addr network is the subnet mask host_ip_addr.in-addr.arpa. is the zone name For example: in-addr.arpa. IN CNAME 0.0/ in-addr.arpa in-addr.arpa. IN CNAME 1.0/ in-addr.arpa in-addr.arpa. IN CNAME 7.0/ in-addr.arpa. For more information about this type of record, go to html/rfc1035. Text record (TXT) - Allows an administrator to insert arbitrary text into a DNS record. This has been used to implement new functions with DNS support without allocating new record types. For example, this record is used to implement the Sender Policy Framework and DomainKeys specifications. TXT rules have the following format: ip_part.host_ip_addr.in-addr.arpa. IN TXT "Text information" where: ip_part is the IP section that completes the IP address when prepended to host_ip_addr host_ip_addr.in-addr.arpa. is the zone name "Text information" can be any type of string For example: in-addr.arpa. IN TXT "This is a test" For more information about this type of record, go to html/rfc1035. For E.164 Zones Nameserver (NS) - Maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records. NS rules have the following format: Administrator's User Guide 114

115 hostname. IN NS servername. where: hostname. is the zone name or one of its subdomains servername. is a domain name which specifies an authoritative host for the specified hostname. For example: 1.2.e164.arpa. IN NS ns1.example.com. 1.2.e164.arpa. IN NS ns2.example.com e164.arpa. IN NS ns1.example.com. The NS records of $ORIGIN are displayed in bold characters. Starting with version 3.6.0, 4PSA DNS Manager allows to choose in the interface which is the primary nameserver on a zone (required for some local TLDs). In order to setup an NS record as primary check Make primary when you add/edit the desired NS record. Caution For BIND to take a DNS zone into consideration, at least one NS record must be defined for $ORIGIN in the respective zone. For best practice, it is recommended to have at least two NS records defined for each public domain. For more information about this type of record, go to html/rfc1035. NAPTR record (NAPTR) - Naming Authority Pointers. NAPTR rules have the following format: order preference services flag regexp replacement where: order indicates the order in which records are to be processed when a query returns multiple NAPTR records preference indicates the processing order for multiple records with identical order Administrator's User Guide 115

116 services indicate the resolution protocol and resolution services employed when applying a rewrite according to the regexp or replacement field flag is a modifier that affects the next DNS lookup regexp is the primary field used for rewrite rules replacement is a secondary field used for rewrite rules For example: 1.2.e164.arpa. IN NAPTR "u" "sip+e2u" "!^.*$! sip:[email protected]!i". 1.2.e164.arpa. IN NAPTR "u" "smtp+e2u" "!^.*$! mailto:[email protected]!i". For more information about this type of record, go to html/rfc3403. Value Depending on the Record type, this field displays an IP address, an alias, a name server, a host name, or a text. Last update - The date when the record was last modified (from the web based interface, or by updateurl). M By clicking the Modify icon, the administrator can edit the details of the corresponding DNS Record. Warning Records can be modified only for zones added from the 4PSA DNS Manager control panel. Adding DNS Records Warning Records can be added only for zones added from the 4PSA DNS Manager control panel. In order to add a DNS Record, the administrator must access the management page of the respective zone and click the button. The Add NEW Record to DNS Zone page opens. Add DNS Record Administrator's User Guide 116

117 If the DNS zone is a reverse zone, 4PSA DNS Manager will display the value for Hosts in this zone (first and last available IP address; these parameters depend on the reverse zone ip class). In the next area, Record Type, the administrator must choose the record type. You can also choose whether you would like the record to be enabled when you create it. The Record is enabled check box is selected by default. The domain name can be automatically replaced by the name of the newly created domain if [domain] is specified in the domain name field. In order to have an IP address automatically replaced the [ip] tag must be used. Editing a DNS record Warning Records can be modified only for zones added from the 4PSA DNS Manager control panel. To edit a DNS record, the administrator must click the records list. icon in the DNS You can change the record type by selecting the corresponding option from the Select Record type drop down box. You can also enable or disable a record by selecting or deselecting the Record is enabled check box. If the DNS zone is a reverse zone, 4PSA DNS Manager will display the value for Hosts in this zone (first and last available IP address; these parameters depend on the reverse zone ip class). Removing DNS Records Warning Records can be deleted only for zones added from the 4PSA DNS Manager control panel. To remove DNS records, the administrator must follow the procedure: 1. Select the respective records by clicking the corresponding check boxes in the records list Administrator's User Guide 117

118 2. Click the Remove Selected link located above the table. 3. Confirm the records removal by selecting the check box. 4. Click OK Changing the Owner of One or More DNS Zones The administrator can change the owner for one or more of the DNS zones by following the procedure: 1. Select one or more of the DNS zones by selecting the corresponding check boxes. 2. Click the Change owner link located above the table containing the DNS zones list to open the page displaying the clients' list. 3. Select the client who will be the new owner of the DNS zones. Warning When a zone is moved from one client to another, the ownership of the zone passed to the control panel. Global operations on DNS zones You can change records belonging to two or more DNS zones simultaneously. In order to access the Global operations page, select the respective DNS zones and click the table. Global operations link located above the This displays the Global operations page and, depending on the types of DNS zones you have selected, this page will contain one or more of the following sections: Forward zones, Reverse zones and E.164 zones. Each section contains fields that allow you to specify formulas for the respective type of zone. Each formula is defined by filling in three drop-down lists and two text boxes. In the first drop-down list, you must choose the type of records that will be modified. The available options are: NS, A, AAAA, CNAME, MX, TXT and SRV records for forward zones NS, PTR and TXT records for reverse zones NS and NAPTR records for E.164 zones Administrator's User Guide 118

119 In the second drop-down list, you must choose the matching algorithm: The available options are: equals when the value parameter of the records must be identical to the specified value contains when the value parameter of the records must contain the specified value In the first text box, you must specify the search criteria. The * character can be used to match any set of characters. In the third drop-down list, you must select the action you would like to perform on the matching records. The available options are: replace with if you would like to modify the matching records drop record if you would like to erase them The last text box must contain the new value that will be used to modify the respective records. This text box is disabled if you selected drop record in the previous dropdown list. In order to have the domain name automatically completed, you must enter [domain] in the text box. By pressing the section. Use the button, you can add additional rules to a particular buttons to remove formulas. When you are done, click OK to apply the new values to the respective records. Glue Records Name servers in delegations appear listed by name, rather than by IP address. This means that a resolving name server must issue another DNS request to find out the IP address of the server to which it has been referred Administrator's User Guide 119

120 Since this can introduce a circular dependency if the nameserver referred to is under the domain that it is authoritative of, it is occasionally necessary for the nameserver providing the delegation to also provide the IP address of the next nameserver. This record is called a glue record. In practice glue records are used for two purposes: To speed up queries - and consequently reduce DNS load - by providing the name and IP addresses (the glue) for all authoritative name servers, both within and external to the domain. To break the query deadlock for referrals which return name servers within the domain being queried. Glue Records can only be defined for forward master DNS zones added from the control panel. In order to create a Glue Record, there must exist a NS and an A record which meet the following requirements: The NS record must NOT have a corresponding A record. The A record MUST be defined on $ORIGIN or on a subdomain of $ORIGIN The following table displays an example of the records that are required in order to create a Glue Record Table 5.1. Required Records Host Record Type Value sub.example.com NS sub.example.com A ns.sub.example.com In order to create a Glue Record, the administrator must select the desired zone name from the zones list and click the Glue Records link located above the table. Table 5.2. Resulting Glue Record Host Record Type Value ns.sub.example.com A Administrator's User Guide 120

121 SPF Rules You can add Server Policy Framework (SPF) rules to your DNS zones. SPF allows the owner of an Internet domain to use special format DNS TXT rules to specify which machines are authorized to transmit for that domain. For this purpose, in the DNS zones page, select the desired zones and click the SPF Rules link. In the new page that opens, you can manage the SPF rules. SPF Rules can be defined only for zones added from the control panel. In order to create a SPF for one of the origin's subdomains, in the Host text box, enter the subdomain using the following format subodmain.[domain]. Leaving this field empty, will generate the TXT record for $ORIGIN. Next, enter the actual rule. Each rule comprises three elements: 1. Use the first drop down box to select a qualifier. The following qualifiers are available: "+" Pass "-" Fail "~" SoftFail "?" Neutral 2. Use the second drop down box to select a mechanism or a modifier. The following mechanisms are available: all ip4 ip6 a mx ptr exists include And the following modifiers: redirect exp Administrator's User Guide 121

122 3. Use the text box to enter the target URL. Use the button to add rules to the list and the button to remove rules from the list. When you are done, click OK to apply your changes and return to the DNS zones page. Click Cancel if you wish to return to the DNS zones page without applying your changes. Removing DNS Zones To remove a DNS Zone enable the check box corresponding to the chosen DNS Zone name and click the Remove Selected link. In the new page that opens, select the removal confirmation check box and click OK. Multiple DNS Zones can be deleted at the same time. When a zone managed from a Remote Update location is deleted, it is no longer possible to be imported from that Remote location. The respective zone can be imported only by pressing the Update Now button Administrator's User Guide 122

123 Chapter 6 Setting Server Preferences The administrator can set server-wide preferences: DNS templates, SOA parameters, and interface preferences. In order to perform these tasks, the administrator must click the Settings link available in the navigation menu. Available options The page is divided in four sections: 1. Options Administrator accounts - Manage admin accounts. For more information, please read the Managing Administrator Accounts section. Sessions - Reports regarding login sessions. For more information, please read the Managing User Sessions section Administrator's User Guide 123

124 Custom buttons - Manage custom buttons. For more information, please read the Managing Custom Buttons section. DNS Manager settings - Global 4PSA DNS Manager settings. For more information, please read the Configuring DNS Manager Settings section. Global transfer IPs - Manage the global transfer IPs. For more information, please read the Global Transfer IPs section. 2. System Templates DNS templates - Manage the DNS templates. For more information, please read the Setting Server-Wide DNS Templates section. templates - Manage notifications. For more information, please read the Manage Notifications section. File templates - Manage the file templates. For more information, please read the File Templates. 3. 4PSA DNS Manager Interface settings - Manage interface settings. For more information, please read the Setting Interface Preferences. Login preferences - Manage login preferences. For more information, please read the Managing Login Preferences section. License - The administrator is able to update or upgrade license key, or just to view details regarding the current key. For more information, please read the License Management section Administrator's User Guide 124

125 Access - Manage access policy for administrator level users. For more information, please read the Managing the Access Policy section. Languages - Manage language packs. For more information, please read the Manage Interface Languages section. Skins - Manage interface skins. For more information, please read the Manage interface skins section. 4. Database XML export - Exports the entire database in XML format. For more information, please read the XML Export section. XML import - Imports an XML file that is a backup of the database. For more information, please read the XML Import section. Setting Server-Wide DNS Templates The administrator can set server-wide DNS templates that can be used by any new DNS Zone added to the system. In order to manage DNS templates, the administrator must click the DNS templates button available in the System Templates area. The server global DNS templates are available to all clients that have not setup their own DNS templates. In the Server Global DNS Templates management page the administrator can add new server-wide DNS templates, edit and delete existing templates. Creating a New Sever Global DNS Template To create a global DNS Template, the administrator must follow the procedure: 1. Enter a name in the Template name text box Administrator's User Guide 125

126 2. Choose the type of the template by clicking the respective radio box. The available options are: Forward - a template for forward DNS zones Reverse - a template for reverse DNS zones E a template for E.164 DNS zones 3. Choose the template availability by clicking the respective radio box. The available options are: Owned template - this templates can be used only by admin. Wide template - this templates can be used by all clients. 4. Click the OK button. A new page opens allowing you to define DNS records and Template IPs. Wherever you want the domain name to be automatically replaced by the name of the newly created domain, enter [domain] in the domain name field. In order to have an IP address automatically replaced, use the [ip] tag. In this area the administrator can view the list of DNS Records included in the template. The following details are available: Host This field displays the host name or IP address of every DNS Record Record type This is the type of the DNS Record Value Depending on the Record type, this field displays an IP address, an alias, a name server, a host name, or a text. M By clicking the Modify icon, the administrator can edit the details of the corresponding DNS Record. In order to add a new DNS Record to the server global DNS template, select the Record type in the New DNS Record area and click Add. To remove a DNS Record from the template, enable the corresponding check box and follow the Remove Selected link. 4PSA DNS Manager will ask for your confirmation before the Records will be permanently deleted. Multiple DNS Records can be deleted at the same time. Managing a Template's DNS Records To access the Template management section, click the name of the template Administrator's User Guide 126

127 In this area, the administrator can view the list of DNS Records included in the template. The following details are available: Host This field displays the host name or IP address of every DNS Record Record type This is the type of the DNS Record Value Depending on the Record type, this field displays an IP address, an alias, a name server, a host name, or a text. M By clicking the corresponding DNS Record. icon, the administrator can edit the details of the The administrator can also remove DNS Records from a template. Enable the corresponding check box and follow the Remove Selected link. 4PSA DNS Manager will ask for your confirmation before the Records will be permanently deleted. Multiple Records can be deleted at the same time. Adding records to a DNS template To add a record to a DNS template, the administrator must click the Add DNS records button in the respective template's management page. The Add new record page opens. The administrator must choose the record type and configure each record accordingly. 4PSA DNS Manager also accepts internationalized domain names (IDN) - Internet domain names that contain non-ascii characters. The following types of DNS records are available: For Forward DNS Zones IP Address (A) - Maps a hostname to a 32-bit IPv4 address. Type A rules have the following format: hostname. IN A XXX.XXX.XXX.XXX where: XXX.XXX.XXX.XXX is the IP address for the hostname. hostname. is the zone name or one of its subdomains. For example: domain.com. IN A subdomain.domain.com. IN A Administrator's User Guide 127

128 For more information about this type of record, go to html/rfc1035. AAAA Record (AAAA) - Maps a hostname to a 128-bit IPv6 address. AAAA rules have the following format: hostname. IN AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA where: AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA is the IPv6 address for the hostname. hostname. is the zone name or one of its subdomains. For example: domain.com. IN AAAA abcd:1234:ffff:0:12:3:ab1:aa subdomain.domain.com. IN AAAA abcd:1234:ffff:0:12:3:ab1:aa For more information about this type of record, go to html/rfc3596. Alias for record (CNAME) - Canonical name record is an alias (or nickname) of one name to another. The A record to which the alias points can be either local or remote - on a foreign name server. This is useful when running multiple services (like an FTP and a webserver) from a single IP address. Each service can then have its own entry in DNS (like ftp.example.com. and It is also used when running multiple HTTP servers, with different names, on the same physical host. CNAME rules have the following format: hostname. IN CNAME servername. where: hostname. is the zone name or one of its subdomains servername. is a fully qualified domain name (FQDN) either inside or outside the zone. For example: ftp.domain.com. IN CNAME inside.domain.com. ftp1.domain.com IN CNAME outside.zone.com. Rfc 1034 states: If a CNAME record is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different Administrator's User Guide 128

129 In order for these requirements to be met in 4PSA DNS Manager, the value specified in the Zone alias name field of the CNAME record cannot be set for the DNS Zone name filed in NS, A, AAAA, SRV, CNAME and TXT records or for the Zone field in an MX record. For more information about this type of record, go to html/rfc1035. Nameserver (NS) - Maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records. NS rules have the following format: hostname. IN NS servername. where: hostname. is the zone name or one of its subdomains servername. is a domain name which specifies an authoritative host for the specified hostname. For example: domain.com. IN NS ns1.example.com. domain.com. IN NS ns2.example.com. The NS records of $ORIGIN are displayed in bold characters. 4PSA DNS Manager allows to choose in the interface which is the primary nameserver on a zone (required for some local TLDs). In order to setup an NS record as primary check Make primary when you add/edit the desired NS record. Caution For BIND to take a DNS zone into consideration, at least one NS record must be defined for $ORIGIN in the respective zone. For best practice, it is recommended to have at least two NS records defined for each public domain. For more information about this type of record, go to html/rfc Administrator's User Guide 129

130 Mail exchanger (MX) - Maps a domain name to a list of mail exchange servers for that domain. MX rules have the following format: hostname. IN MX preference servername. where: hostname. is the zone name or one of its subdomains preference indicates the hostname's priority. The lower the preference, the higher the priority. This parameter accepts values between 0 and 50. servername. is a fully qualified domain name (FQDN) inside the zone For example: mail.domain.com. IN MX 10 domain.com. webmail.domain.com. IN MX 5 domain.com. For more information about this type of record, go to html/rfc1035. Text record (TXT) - Allows an administrator to insert arbitrary text into a DNS record. This has been used to implement new functions with DNS support without allocating new record types. For example, this record is used to implement the Sender Policy Framework and DomainKeys specifications. TXT rules have the following format: hostname. IN TXT "Text information" where: hostname. is the zone name or one of its subdomains "Text information" can be any type of string including strings generated by SPF Rules For example: domain.com. IN TXT "k=rsa; p=mewwdqyerwqewwe" subdomain.domain.com. IN TXT "this is a test" For more information about this type of record, go to html/rfc1035. Service Record (SRV) - Specifies the location of the server(s) for a specific protocol and domain. SRV rules have the following format: _Service._Protocol.Hostname. IN SRV TTL Priority Weight Port Target where: Administrator's User Guide 130

131 Service is the symbolic name of the desired service. You can find a list of the available services at Protocol is the protocol of the desired service. This is usually TCP or UDP, but 4PSA DNS Manager supports all the protocols listed here Hostname. is the domain name for which the record is valid. TTL is the standard DNS time to live field. If there is no TTL specified for the record, the TTL value for the zone will be employed. Priority is the priority of the target host. The lower the value, the higher the priority level. Weight indicates a relative weight between records with the same priority. Port is the port on which the service is to be found. Target is the domain name of the target host. For example: The Target parameter can not be an alias (CNAME). When Target is set to. the service is unavailable. The Target can be in another domain if you use for it a a FQDN domain name. _service._tcp.domain.com. IN SRV subdomain.domain.com. *._tcp.domain.com. IN SRV ; no other service is available on tcp protocol _service._tcp.domain.com. IN SRV anotherdomain.com. For more information about this type of record, go to html/rfc2782. For Reverse DNS Zones Nameserver (NS) - Specifies a host which should be authoritative for the specified class. For class C reverse zones, 4PSA DNS Manager accepts NS records for $ORIGIN and supports classless delegation records, as described in RFC 2317, chapter Administrator's User Guide 131

132 The NS records of $ORIGIN are displayed in bold characters. 4PSA DNS Manager allows to choose in the interface which is the primary nameserver on a zone (required for some local TLDs). In order to setup an NS record as primary check Make primary when you add/edit the desired NS record. Caution For BIND to take a DNS zone into consideration, at least one NS record must be defined for $ORIGIN in the respective zone. For best practice, it is recommended to have at least two NS records defined for each public domain. Class A and B zones support NS records for $ORIGIN and inferior class zones and do not support classless delegation records. For class C reverse zones, 4PSA DNS Manager automatically generates CNAME records that correspond to the NS records created for classless delegation records. If the Automatically generate CNAME records for delegated subnets check box is selected, the CNAME records will be automatically generated. This check box is available only for NS records with a subnet mask lower than 24 (having a numeric value higher than 24). NS rules have the following format: ip_part.host_ip_addr.in-addr.arpa. IN NS servername. where: host_ip_addr.in-addr.arpa. is the zone name ip_part is the IP section that completes the IP address when prepended to host_ip_addr (for class A, B and D zones, and for class C $ORIGIN NS) for classless delegation records, ip_part is the IP section that completes the IP address when prepended to host_ip_addr including the subnet mask servername. is a domain name which specifies an authoritative host for the specified zone. For example: in-addr.arpa. IN NS ns2.server.com Administrator's User Guide 132

133 1.2.3.in-addr.arpa. IN NS ns3.server.com. 0/ in-addr.arpa. IN NS example.com. For more information about this type of record, go to html/rfc1035. Reverse record (PTR) - Maps an IPv4 address to the canonical name for that host. Setting up a PTR record for a hostname in the in-addr.arpa. domain that corresponds to an IP address implements reverse DNS lookup for that address. PTR rules have the following format: IPaddress IN PTR hostname. where: IPaddress is the IPv4 address in the IN-ADDR.ARPA. domain hostname. is the corresponding location in the domain name space For example: in-addr.arpa. IN PTR test.com. For more information about this type of record, go to html/rfc1035. Alias for record (CNAME) - A canonical name record is an alias of one name to another. According to RFC 2317, CNAME records are only supported in C class reverse zones. CNAME rules have the following format: ip_part.network.host_ip_addr.in-addr.arpa. IN CNAME ip_part.host_ip_addr.in-addr.arpa. where: ip_part is the IP section that completes the IP address when prepended to host_ip_addr network is the subnet mask host_ip_addr.in-addr.arpa. is the zone name For example: in-addr.arpa. IN CNAME 0.0/ in-addr.arpa in-addr.arpa. IN CNAME 1.0/ in-addr.arpa in-addr.arpa. IN CNAME 7.0/ in-addr.arpa. For more information about this type of record, go to html/rfc Administrator's User Guide 133

134 Text record (TXT) - Allows an administrator to insert arbitrary text into a DNS record. This has been used to implement new functions with DNS support without allocating new record types. For example, this record is used to implement the Sender Policy Framework and DomainKeys specifications. TXT rules have the following format: ip_part.host_ip_addr.in-addr.arpa. IN TXT "Text information" where: ip_part is the IP section that completes the IP address when prepended to host_ip_addr host_ip_addr.in-addr.arpa. is the zone name "Text information" can be any type of string For example: in-addr.arpa. IN TXT "This is a test" For more information about this type of record, go to html/rfc1035. For E.164 Zones Nameserver (NS) - Maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records. NS rules have the following format: hostname. IN NS servername. where: hostname. is the zone name or one of its subdomains servername. is a domain name which specifies an authoritative host for the specified hostname. For example: 1.2.e164.arpa. IN NS ns1.example.com. 1.2.e164.arpa. IN NS ns2.example.com e164.arpa. IN NS ns1.example.com. The NS records of $ORIGIN are displayed in bold characters. 4PSA DNS Manager allows to choose in the interface which is the primary nameserver on a zone (required for some local TLDs). In order to setup an Administrator's User Guide 134

135 NS record as primary check Make primary when you add/edit the desired NS record. Caution For BIND to take a DNS zone into consideration, at least one NS record must be defined for $ORIGIN in the respective zone. For best practice, it is recommended to have at least two NS records defined for each public domain. For more information about this type of record, go to html/rfc1035. NAPTR record (NAPTR) - Naming Authority Pointers. NAPTR rules have the following format: order preference services flag regexp replacement where: order indicates the order in which records are to be processed when a query returns multiple NAPTR records preference indicates the processing order for multiple records with identical order services indicate the resolution protocol and resolution services employed when applying a rewrite according to the regexp or replacement field flag is a modifier that affects the next DNS lookup regexp is the primary field used for rewrite rules replacement is a secondary field used for rewrite rules For example: 1.2.e164.arpa. IN NAPTR "u" "sip+e2u" "!^.*$! sip:[email protected]!i". 1.2.e164.arpa. IN NAPTR "u" "smtp+e2u" "!^.*$! mailto:[email protected]!i". For more information about this type of record, go to html/rfc Administrator's User Guide 135

136 Managing a Template's IPs To access the Template's IP Management page, the administrator must click the template's name in the templates list and then the Template IPs button. This page displays the list of the template's IPs and allows the administrator to add new IPs. The following details are available for the existing IPs: T - The icon in this column shows the type of the IP address. It can be - master or - allow transfer. The type of the IP can be changed by pressing the icon in this column. IP: IP address - The IP address When the IPs list is too long, the Search feature may be used to find specific Search - The administrator can write the search criteria in the text box. By clicking the button or the Search label, the system will display only the IPs that match the search criteria. To add an IP to the template, the administrator must specify the respective IP in the appropriate field from the Add Template IPs section: Add the following master IPs to slave zones - for master IPs assigned to slave zones. Multiple IPs can be added by pressing the button. Add the following allow transfer IPs to master zones - for allow transfer IPs assigned to master zones. Multiple IPs can be added by pressing the button. After specifying the IPs, the administrator must click OK to add the respective IPs to the template. Setting the Template's availability There are two options for Template's availability: Owned templates - these templates are defined by administrator and are available only for administrator Wide templates - these templates are defined by administrator but they can be used also by the clients Administrator's User Guide 136

137 The application displays a button with the current template's type, e.g. for a Owned template the button is presented and for a Wide template button is presented. To change between this template type press the button. Editing Server Global DNS Templates In order to edit an existing server global DNS template, the administrator must click its name. In the DNS template management page he can add new DNS Records, edit and delete existing Records, as explained above. Removing Server Global DNS Templates To remove a server-wide DNS template enable the corresponding check box and follow the Remove Selected link. 4PSA DNS Manager will ask for your confirmation before the templates will be permanently deleted. Multiple templates can be deleted at the same time. Manage Notifications 4PSA DNS Manager can send notifications to its users when standard events occur. The text of the notifications can be customized. The system can also be setup to send only some notifications and only to certain users. To access this page, click the templates icon available in Server Settings page, in the System Templates area. The system administrator can set the notification preferences for a series of events displayed on the first column. To select all the check boxes in a column, click the column's header. For example, if you want to select all the check boxes in the Admin column, click the Admin header Administrator's User Guide 137

138 Therefore, the administrator can enable notifications for clients, as for his/her own account. When an account is created, the new owner can receive a mail notifying him that the account was registered. The notification will be sent to the address specified in the account information. Notification s can also be sent to an address specified in the address column. This address can be different for each selected event. The events that can trigger an notification are displayed in preferences section: Client account creation Client account expiration warning notification triggered by this event is sent {days} days in advance as specified in the Send expiration notices field. Client account expired Remote update locations limit reached DNS Zones limit reached Forgot password For this event, 4PSA DNS Manager will send an message containing a temporary password to the user who forgot his/her password and requested a new one. This password is valid only the amount of time specified in Login Preferences page in the Expiration time for new password field. In Preferences section the administrator can specify the conditions in which the warning s will be sent: Send expiration notices {X} days in advance Use this text box to specify how many days before the account expiration a notification is dispatched to the users. To activate notifications, select the check boxes corresponding to the desired notifications an then click OK to save the changes. Click Cancel to return to the previous page without saving the changes you made Administrator's User Guide 138

139 Customize Content To customize the subject and content of an notification, follow these steps: 1. Click the icon corresponding to the chosen event. 2. A new page opens allowing you to edit the subject and body. Modify the text, keeping in mind the following rules: You may use only plain text when writing the subject and content. The is also sent in plain text format. You can include tags that will be automatically replaced by the system with the appropriate content. Examples: [recipient_name] is replaced with the name of the person receiving the notification. 3. Click OK to save the changes to the . Click Cancel to return to the previous page without saving the changes. File Template In order to access the File Templates section, the administrator must click the File templates button in the System templates area of the Server Settings page. The dnsmanager.include file template defines the characteristics of a zone, such as the name of its configuration file and zone-specific options. The file template also informs the administrator on how the DNS zone information is written in the named.conf file. The File Templates page displays a list of all the templates. The following information is available: M - By clicking the icon in this column, the administrator is able to view the differences between the default template and the current template. Name - the name of the template. Description - a short description of the template. Modified - the date when the template was last modified. When the file template list is too long, the Search feature may be used to find specific file template: Administrator's User Guide 139

140 The administrator can write the search criteria in the text box. By clicking the button or the Search label, only the file templates that match the search criteria will be displayed. To display the entire list, the administrator must press the the Show all label. button or Editing a file template To edit a file template, the administrator must click the respective template's name. The page that opens displays the content of the template in the File template content field. In order to modify the file template, the administrator must edit the data from this field. Configuring DNS Manager settings In order to configure the Global application settings, the administrator must press the Settings page. Application settings button in the Options section of the The options available in the Global application settings page are structured into the following sections: Remote updates preferences Remove zones no longer present in update source When this option is enabled, DNS Zones that have been updated via a remote update location will be deleted if the file that was retrieved from the remote location NO LONGER CONTAINS the definition for the respective zones. This setting helps administrators keep the 4PSA DNS Manager server perfectly synchronized with the remote update locations. The administrator can enable/disable this option, or he can allow the client to manage this option, by selecting the Client setting radio box. Lock zones to an update source When this option is enabled, a zone will be associated with a single update remote location (the first update location where the zone description is retrieved from). Any other update location that contains a duplicate description will be ignored. The administrator can enable/disable this option, or he can allow the client to manage this option, by selecting the Client setting radio box Administrator's User Guide 140

141 Default DNS SOA records - The SOA (Start of Authority) Record defines global parameters for the DNS Zone. There is only one SOA Record allowed in a DNS Zone file. The administrator is able to set the SOA parameters values for all the DNS Zones that have no custom configurations. Also, these SOA parameters will be the default parameters for the DNS Zones belonging to client accounts, that have no custom configurations. The following options are available: Refresh time 32 bit time value in seconds. This is the period of time that the secondary name server should wait before checking with the primary server to see whether the data has been modified. Default value: seconds. RFC 1912 recommends 1200 to seconds, if your data is volatile or (12 hours) if it is not. Retry time Signed 32 bit value in seconds. When a secondary name server requests for a Zone refresh from the primary server and this fails to respond, the secondary name server waits for the refresh time before attempting another Zone refresh after the failed attempt. Default value: 3600 seconds. Expire time Signed 32 bit value in seconds. This setting indicates when the Zone is no longer authoritative and new interrogation of the root servers is required. It applies to Slaves only. Default value: seconds. Default value: seconds. RFC 1912 recommends to seconds (2 4 weeks). Minimum TTL This value is used as the default TTL for new Records created within the Zone. It is also used by other DNS servers to cache negative responses (for example when a Record does not exist). Default value: seconds. Default value: seconds. Default TTL Signed 32 bit value in seconds. This is the amount of time that Zone Records are kept in a remote host cache. It is recommended that this value be set large. A small value will force remote servers to query the DNS server again for unchanged data. Default value: seconds. Daemons monitoring Administrator's User Guide 141

142 Monitor round robin When this option is enabled, 4PSA DNS Manager will monitor the rrmonitd daemon. When rrmonitd is down, the system will attempt to restart it. rrmonitd verifies whether the records from poll provide answers according to the monitoring protocol. If a record concurs, it will remain enabled, otherwise, it will be disabled automatically. Monitor DNS server When this option is enabled, 4PSA DNS Manager will monitor the DNS server. When the DNS server is down, the system will attempt to restart the server. Monitor MySQL server - When this option is enabled, 4PSA DNS Manager will monitor the MySQL server. When the MySQL server is down, the system will attempt to restart it. Interface Monitoring - When this option is enabled, 4PSA DNS Manager will monitor the apache server bundled in the product. When the server is down, the system will attempt to restart it. Monitor zonemngd - When this option is enabled, 4PSA DNS Manager will monitor zonemngd. When zonemngd is down, the system will attempt to restart it. zonemngd is a daemon that periodically writes the zone from the database to named.conf and to the zone files on disk. Monitor updateurld - When this option is enabled, 4PSA DNS Manager will monitor updateurld. When updateurld is down, the system will attempt to restart it. updateurld is a daemon that periodically imports the zones from remote update locations to the database. Send monitoring alerts to - The address where the monitoring alerts will be send to. preferences Server sends s from address This is the address where notifications originate from. In the 'From ' field appears This is the text that will be displayed in the Sender field of the . Default value: "4PSA DNS Manager" Global preferences Maximum uploaded file size - The maximum allowed size for uploaded files. Default value: 200 kb Log events on level - Adjusts the level of detail employed when logging events. The following levels are available: Emergency (0), Alert (1), Critical (2), Error (3), Warning (4), Notice (5), Info (6), Debug (7). The default level is Error Administrator's User Guide 142

143 In order to avoid unnecessary stress on the system's resources, it is recommended to use levels above Error only for debugging and for limited periods of time. Delete logs older than X days on a log level higher than (select) - Sets the parameters for automatically clearing outdated logs. The 4PSA DNS Manager will delete logs with levels higher or equal to the selected level. For instance, selecting level Warning (4) will delete the following types of log entries: Warning (4), Notice (5), Info (6) and Debug (7). The default values are: Default number of days - 7 Default log level - Critical (2) You can keep the logs for maximum 1 year (365 days). When you have finished setting up your preferences, click OK to save your settings and return to the previous page. Click Cancel to return to the previous page without applying your changes. If you would like to revert your settings to their default values, click the Default SOA button. Global Transfer IPs The Global Transfer IPs are DNS server IPs that are allowed to transfer (copy) the zone information from the server (master or slave for the zone). These IPs will be recorded in the named.conf file in the acl (Access Control Lists) clauses. To manage these IPs, the administrator must click the Global Transfer IPs icon in the Options area of the Server Settings page. This page displays the list of the global transfer IPs and allows the administrator to delete or add IPs. When the global transfer IPs list is too long, the Search feature may be used to find specific IPs: Administrator's User Guide 143

144 The administrator can write the search criteria in the text box. By clicking the button or the Search label, only the IPs that match the search criteria will be displayed. To display the entire list, the administrator must press the the Show all label. button or To remove IPs from the list, the administrator must select the respective addresses and click the Remove selected link located above the table. To add a new Global Transfer IP address, the administrator must specify the respective IP or the IP/Mask address in the Slave DNS server IP or IP/ Mask address text box (e.g: /24, /16 ) and click OK. Multiple IP or IP/Mask addresses can be added in the same time by using the buttons located on the right of the text box. Setting Interface Preferences The server-wide interface preferences can be managed from the Interface Preferences page by following the next steps: 1. Click the Settings link available in the left navigation panel. 2. Than, click the Manager section. Interface settings icon available int the 4PSA DNS You can customize the following options: Default system-wide rows in list tables Use this text box to set the number of items from a list that will be displayed by default on a page in user context. It can be any number between 1 and 9999, the default being 50. Default system-wide interface skin Use this drop down list to choose one of the available interface skins that will be displayed by default in all user interfaces. Default system-wide language Use this drop down list to set the language that will be used by default in all user interfaces. The list contains the language packs installed in the system Administrator's User Guide 144

145 Caution 4PSA DNS Manager does not allow you to use language packs that were created for earlier versions of the interface. The following warning message is displayed: Outdated versions of the following language packs are installed: {Language1} ({version}), {Language2} ({version}) 4PSA DNS Manager {current version} is installed. Until you install the correct versions of the above language packs, the interface will be displayed in English, regardless of the user language preference. The client account users will also see an English interface, if the version of their interface language is lower than the current version of the product. You can fix this problem by installing a language pack corresponding to the current version of the 4PSA DNS Manager. Default application browser title Use this text box to fill in the name that will be displayed in the 4PSA DNS Manager interface browser title bar. Show build number in application title Use this option if you want to display the 4PSA DNS Manager build number in the browser's title bar. Rows in table Use this text box to set the number of rows that will be displayed in your interface. Interface skin Use this drop down list to choose the skin used by the logged in user interface. System language Use this drop down list to choose the language used by the logged in user interface. Program logo Choose the logo that will be displayed at the top of the user interfaces. Fill in the text box with the location of the file on your computer or use the Browse button to locate the file. Logo URL The logo file has a hyper link on it. Use this text box to fill in the destination of this hyperlink. It can be your business website for example. Remove manufacturer links - Check this box if you don't want to display the 4PSA copyright notice in the user interface. The interface settings for the current user can be changed directly from the top frame by clicking the My interface link. 4PSA DNS Manager allows you to customize the following options: Rows in table Interface skin Administrator's User Guide 145

146 System language Program logo Logo URL Manage Interface Languages View the Language List In the Language Management page, you can view the list of all available languages installed with the product. The interface languages are very important because they allow the system to be presented in the user's native language. To access this page, click the Settings link in the left panel Navigation area. Next, click the Languages icon available in the 4PSA DNS Manager area. Multiple actions can be performed: Add a new language Enable/ Disable an existing language 4PSA DNS Manager displays the following information about each language: S The status of language pack, displayed using an icon: Disabled. Enabled or Language pack The 2 letter code of the language. (for example en for English Language The name of the language in English Version The version of the 4PSA DNS Manager product for which the language pack was translated. Caution 4PSA DNS Manager allows you to add language packs that correspond to earlier versions of the product. But you cannot use them in the interface. For more details on this topic, see this note. Used The number of accounts currently using this language on their interfaces Administrator's User Guide 146

147 Add Interface Languages To add a new interface language to the system, click the Languages icon available in the 4PSA DNS Manager area in the Settings and follow these steps: 1. In the Language Management page, click the Add language icon. 2. Use the Path to the language pack file location text box to fill in the location of the language pack file on your computer or use the Browse button to locate the file. The accepted format for the language pack file is.tar.gz. 3. Click OK to add the new language to the system. Click Cancel to go back to the previous page without adding the language. Delete Interface Languages To remove interface languages from the system, click the Languages icon available in the 4PSA DNS Manager area and follow the steps: 1. Choose the languages you want to delete by selecting their corresponding check boxes in the records list. 2. Click the Remove selected link. A new page opens displaying the list of languages that will be deleted. 3. Review the list. If you want to proceed with the removal, select the Confirm the removal check box and click OK. Otherwise click Cancel to return to the previous page without deleting anything. English cannot be removed and therefore 4PSA DNS Manager automatically disables its corresponding check box. You cannot remove languages that are currently selected by system users for their interfaces; their corresponding check boxes are disabled Administrator's User Guide 147

148 Manage Interface Skins View the Skins List In the Skins Repository page, you can view a list of all skins available in the system. You can also add and remove skins from the system. To access this page, click the Settings link in the left panel Navigation area. Next, click the Skins icon available in the 4PSA DNS Manager area. 4PSA DNS Manager displays the following information on each skin: Name The name that identifies the skin in the system Description A short description of the skin Author The designer of the skin Used The number of users currently using this skin in their interface Add a New Skin To add a new interface skin to the system, click the available in the 4PSA DNS Manager area. Skins icon 1. In the Skin Repository page, click the Add skin icon. 2. Use the Path to the skin package file location text box to fill in the location of the skin package file on your computer or use the Browse button to locate the file. The accepted format for the skin package file is.tar.gz. 3. Click OK to add the new skin to the system. Click Cancel to go back to the previous page without adding the skin Administrator's User Guide 148

149 Delete Skins To remove interface skins from the system, click the available in the 4PSA DNS Manager area and follow the steps: Skins icon 1. Choose the skins you want to delete by selecting their corresponding check boxes. 2. Click the Remove selected link. A new page opens displaying the list of skins that will be deleted. 3. Review the list. If you want to proceed with the removal, select the Confirm the removal check box and click OK. Otherwise click Cancel to return to the previous page without deleting anything. You cannot remove skins that are currently selected by system users for their interfaces; their corresponding check boxes are disabled. Managing Login Preferences The login preferences provide flexibility and protection against the common forms of login break-in techniques. You can configure a series of login preferences that apply to all system users. To access this page, click the Login preferences icon available in the 4PSA DNS Manager area of the Server Settings page. You can configure the following settings that will be applied to all system users: Login preferences This section includes login related settings, that allow the administrator to configure the login session policy. Login expiration time Use this text box to set after how many minutes a logged in user is automatically logged out due to the lack of activity. After this interval expires, the user will have to re-login to be able to use the interface. The default value is 7200 seconds. Number of invalid attempts Use this text box to limit the number of consecutive failed login attempts. The default value is 3 attempts Administrator's User Guide 149

150 If a user enters a wrong login/password combination for a number higher than the maximum number of invalid attempts it is restricted from accessing the interface for the period of time defined in Interval to block access after. Attempts interval When a user fails to log in (due to incorrect username and/ or password), the system starts counting the failed attempts. However, after a failed login attempt, if the user waits {attempts interval} seconds before trying again, the failed attempts counter will be reset; this allows the user to try to log in without the risk of exceeding the Number of invalid attempts. The default value is 600 seconds. Interval to block access after Use this text box to set the time interval a user will be unable to login after the Number of invalid attempts has been exceeded. The default value is 600 seconds. Expire time for new password When a user forgets his password, 4PSA DNS Manager can assign a random password and send it to the user. Use this text box to set for how many minutes the password will be valid after generation. The default value is 3600 seconds. Password preferences This section includes password related settings, that allow the administrator to configure the login policy. Password strength Select the login policy suitable for your environment: Very High Password cannot contain the login name, must contain different case characters, cannot be a dictionary word, and must contain at least one non alphanumeric character. High Password cannot contain the login name, must contain different case characters, and can not be a dictionary word. Medium Password cannot contain the login name and can not be a dictionary word. Low Password cannot contain the login name Administrator's User Guide 150

151 Managing the Access Policy 4PSA DNS Manager allows you to set up an access policy for administrator level users. To access the Access policy page, click the 4PSA DNS Manager area. There are two types of access policies: Access icon in the Deny When this policy is configured, an administrator is not allowed to log in to the 4PSA DNS Manager interface if his computer's IP is listed in the deny list. All other IPs that are not included in the deny list can access the interface with an administrator account. This is the policy configured by default. Allow When this policy is configured, an administrator can log in to the 4PSA DNS Manager interface only if his computer's IP address is listed in the allow list. All other IPs that are not included in the allow list cannot access to the interface with an administrator account. You cannot set up both types of policies at the same time. Configure the Allow or Deny Policy To switch from the Deny (default) policy to the Allow policy follow these steps: 1. The Access policy page displays the heading Access policy is deny for 2. all networks below. Click the jump to the next step. Switch to allow icon. Otherwise Click the Add network icon. A new page opens where you can enter the subnet or IP addresses to which you want to grant access. To switch from the Allow policy to the Deny policy follow these steps: Administrator's User Guide 151

152 1. The Access policy page displays the heading Access policy is allow for 2. all networks below. Click the to the next step. Switch to deny icon. Otherwise jump Click the Add network icon. A new page opens allowing you to enter the subnet or IP addresses you want to block. Add Allowed or Denied Network After setting the access policy, you need to add networks to the list of allowed/ denied networks. Follow the steps below: Click the Add network icon. A new page opens where you can enter the subnet or IP addresses to which you want to allow/ deny access. Use the time. buttons to add several subnet or IP addresses at the same Click OK to add the IP(s) to the allow/ deny list. Click Cancel to go back to the previous page. To remove a subnet or IP address from the allow/ deny list, select its corresponding check box. Then click the Remove selected link placed above the table. You will be asked to confirm the removal. Managing Notifications In order to manage the notification alerts sent by 4PSA DNS Manager the administrator must click the templates button available in the System Templates area of the Server Settings page. In this area you can choose the recipient of the notification, set the events when these notifications are sent, and modify the text of the notification. You can enable 4PSA DNS Manager to send notifications to the administrators, clients, or to other addresses. When the following events occur, 4PSA DNS Manager can send notification s: Administrator's User Guide 152

153 Client account creation When this option is enabled, 4PSA DNS Manager will send notifications to the selected users when a new Client account is created in the system. Client account expiration warning When this option is enabled, 4PSA DNS Manager will send notifications to the selected users when a Client account will expire soon. Client account expired When this option is enabled, 4PSA DNS Manager will send notifications to the selected users when a Client account has reached the expiration date. Remote update locations limit reached When this option is enabled, 4PSA DNS Manager will send notifications to the selected users when the remote update locations limit allowed for a client is reached. The administrator can receive notification s only when new Client accounts are created in the system. The administrator notification is sent to the admin who created the client. DNS Zones limit reached When this option is enabled, 4PSA DNS Manager will send notifications to the selected users when the DNS Zones limit allowed for a client is reached. Forgot password When this option is enabled, 4PSA DNS Manager will send a notification to the user who forgot his password. This will also contain the new password and instructions on how to activate it. In order to modify the text of the notification, click the Modify icon. In this page you can edit the chosen notification. You can write your own text in the notification text fields or you can use the default text provided by 4PSA DNS Manager by clicking Defaults. The fields in square brackets that appear in the message body will be automatically replaced: [client] will be replaced by the name of the client added to the system [client_login] will be replaced by the login username of the affected client [password] will be replaced by the added client password [ ] will be replaced by the added client address [dns_limit] will be replaced by the DNS Zones limit that applies to the corresponding client Administrator's User Guide 153

154 [url_limit] will be replaced by the remote update locations limit that applies to the corresponding client If you delete or modify these fields the notification receivers will not see the details in the notification body. Make these changes at your own risk. You must click Update to save the changes made or Cancel to go back without saving them. Managing Custom Buttons In order to manage the custom buttons available in 4PSA DNS Manager the administrator must click Custom buttons available in the Server settings page. In this page you can add new buttons, edit and delete the available buttons. In the custom buttons list, the following details are available: S The status of the button displayed using an icon: Disabled. A The availability of the button Enabled or L The location of the button: means that the button is displayed in the left panel and means that the button is placed in the right panel. I The icon associated with the button If the button is associated with the default icon, 4PSA DNS Manager displays Label This is the label that will be displayed bellow the button URL This is the URL which will open in a pop-up window when you click the button Priority The value in this text box defines the order in which the custom buttons are displayed in the interface. The information can be sorted by button label, URL, and context help by clicking the table header links Administrator's User Guide 154

155 Adding Custom Buttons In order to add a new button, click Add custom button available in the Tools area. In the new page that opens, the following fields are available: Label This is the label that will be displayed bellow the button. Title This is the tip that will be displayed when the mouse is positioned on the button's icon. Location Use this drop down list to choose where the button will be displayed: Default image for all skins When this option is enabled, 4PSA DNS Manager displays a default icon for the button. If you disable this check box, 4PSA DNS Manager displays additional controls that allow you to load custom icons for the button: Use the Browse button to locate a graphic file on your computer. Enable the check box corresponding to the skin where the icon will be used. Enable the All skins check box if you want to use the same icon for all the 4PSA DNS Manager skins installed on the server. You can use the time. buttons to add icons for different skins at the same Client ID When this option is selected, the ID of the currently selected client is appended to the URL linked with the button. E.g.: URL This is the URL which will open in a pop-up window, when you click the button. Context help This is the description of the button that will appear in the context help area on mouse-over. Priority The value in this text box defines the order in which the custom buttons are displayed in the interface. Inheritance level Use this drop down list to specify the visibility of the button: 0 The button is visible only to the client user. 1 The button is visible to multiple users. Action Use this drop down list to choose if the URL will be opened in the: Administrator's User Guide 155

156 Current window or New window Click OK to update the button's details. Click Cancel, if you want to return to the previous page without saving the button. Editing Custom Buttons In order to edit the existing buttons, click the button label link. You can modify the available fields, as presented in the previous section. Click OK to update the button's details. Click Cancel, if you want to return to the previous page without saving the changes. Removing Custom Buttons To remove a custom button, enable the corresponding check box and follow the Remove Selected link. 4PSA DNS Manager will ask for your confirmation before the buttons will be permanently deleted. Multiple buttons can be deleted at the same time. License Management The product requires a license key in order to work. The license key will be generated by 4PSA based on the server IP. The License Management page contains the following sections: License key status Your server IP This is the main IP address of your server. The license key must be issued for this IP, otherwise it will not work. License key status The status of the currently loaded license key. Upload license key License file You can use this form to upload the license key to the server. If you can access other pages in 4PSA DNS Manager, this means that your license is valid and you do not have to upload a new one Administrator's User Guide 156

157 License key properties This section contains details about the current license License key number - The number of the license key License key ownership - The type of the license key ownership Maximum number of zones - The maximum number of allowed zones License key expires on - The date when the license key expires The Owned and Leased licenses automatically renew before the License expire date. XML export 4PSA DNS Manager allows the administrator to export THE ENTIRE database in XML format. This feature can be used for backup or for migration purposes. An administrator account will export all of the following: Admins' accounts details Admins' accounts interface preferences Admins' accounts custom buttons Global transfer IPs Global DNS templates templates DNS Manager settings Default interface settings Login settings Global Access Policy Clients' accounts details Clients' settings Clients' remote locations Clients' DNS templates Clients' custom buttons Clients' interface settings Administrator's User Guide 157

158 Clients' DNS zones To export the database in XML format, the administrator must click the XML export button in the Database section of the Server Settings page. XML import 4PSA DNS Manager allows the administrator to import an XML file that is a backup of the database. An administrator account is able to import administrators, clients and zone accounts and also global server settings from the XML file. The details of the existing administrators' and clients' account will be updated. The accounts are identified through the login username. When a new account is created using the import XML method, an will be sent to the address found in the XML file (in the Account Details section) sending the new password to the new created user. The existing client's account details will be updated. From the XML file, new zones are created. The records from existing zones are replaced with the records from the XML file. Zones that do not have any records will not be created. The zones that are defined on the server will not be deleted if they do not exist in the XML file. To import a database in XML format, the administrator must click the XML import button in the Database section of the Server Settings page. Then use the Browse button to locate the backup file Administrator's User Guide 158

159 Chapter 7 Command Line Configuration In order to customize 4PSA DNS Manager to meet your requirements, you can use the command line utilities included in the software distribution. In this way you can configure the low level engine and the 4PSA DNS Manager interface. Low Level Engine Configuration The file /etc/dnsmanager/dnsmanager.conf contains several directives which control the 4PSA DNS Manager low level behavior. These directives cannot be modified using the browser interface. You should modify them only if you fully understand their functionality. The following directives are included in the list: These values are modified during the product installation based on admin input. If you change these values, you might experience problems Administrator's User Guide 159

160 DNSMANAGER_ROOT_D - The directory where 4PSA DNS Manager interface files are. Default value is /usr/local/dnsmanager DNSMANAGER_RC_D The script used for start/stop dnsmanager daemon. On Red Hat RPM installation the script location is /etc/rc.d/init.d/ dnsmanager. MYSQL_BIN_D The MySQL binary directory. The MySQL location on a Red Hat RPM installation is /usr/bin. MYSQL_RC_D The script used for start/stop MySQL daemon. The script location on a Red Hat RPM installation is /etc/rc.d/init.d/mysql. MYSQL_VAR_D The MySQL databases directory. The default location on a Red Hat RPM installation is /var/lib/mysql. NAMED_RC_D The script used for start/stop named daemon. The default location, on Red Hat RPM installation is /etc/rc.d/init.d/named. RNDC_BIN_D - The path to rndc binary used for communicating with named. Default location /usr/sbin. ZONEMNG_RC_D - Default location: /etc/rc.d/init.d/zonemngd UPDATEURL_RC_D - Default location: /etc/rc.d/init.d/updateurld NAMED_D - The root directory for the named daemon. On Red Hat RPM installation, the named root directory is /var/named/run-root. NAMED_FILE The named configuration file. Default /etc/named.conf. NAMED_SBIN_D The named binary directory. On a Red Hat standard RPM installation is /usr/sbin. RNDC_FILE The rndc configuration file. Default /etc/rndc.conf. MASTER_D The named master zone files location. Default: /var. SECONDARY_D The named slave zones files location. Default: /var/ secondary. TEMPLATES_D Directory where monitoring templates are stored. Default: /var/lib/dnsmanager/templates. TEMP_D The temporary working directory for 4PSA DNS Manager. Default: /usr/local/dnsmanager/tmp. DOWNLOAD_D The temporary directory used by 4PSA DNS Manager to download files with DNS Zone information from remote locations. Default: /usr/ local/dnsmanager/tmp/download. DAEMON_NAME The name of the Bind daemon. This name is used by 4PSA DNS Manager for monitoring and other operations. Default: named. SENDMAIL_BIN_FILE The path to sendmail file. Default: /usr/sbin/ sendmail -t Administrator's User Guide 160

161 DIG_BIN_D Dig application path. Default: /usr/bin. YUM_BIN_D The yum updater binary directory. On Red Hat RPM installation, the yum binary directory is /usr/bin. YUM_CACHE_D The folder used as installer directory. Default: /var/ cache/dnsmanager. DUMPS_D The daily dumps directory. Default: /var/lib/dnsmanager/ dumps. DNSMANAGER_LOG_D The folder used as logging directory. Default: / var/log/dnsmanager. NAMED_USERNAME The username under which named service runs. Default: named. NAMED_GROUP The group name under which named service runs. Default: named. ZONEMNG_PID_FILE - zonemng process ID file. Default:/var/run/ dnsmanager/zonemng.pid UPDATEURL_PID_FILE - updateurld process ID file. Default: /var/run/ dnsmanager/updateurl.pid UPDATEURL_USER - The user updateurld is running as. Default: dnsmanager UPDATEURL_GROUP The group updateurld is running as. Default: dnsmanager DOWNLOAD_URL_TIMEOUT The time granted to download a file from a remote location (seconds). You may increase this value if you experience download problems. Default: 45. DOWNLOAD_URL_CONNECT_TIMEOUT Time granted to the remote update process to connect to a remote location (seconds). You may increase this value if you experience download problems. Default: 15. UPDATEURL_CONCURRENCY_LIMIT - Maximum number of concurrent processes in updateurld. Default: 10 ZONEMNG_CONCURRENCY_LIMIT - Maximum number of concurrent processes in zonemngd. Default: 10. MAX_DOWNLOAD_THREADS Maximum number of concurrent download processes. Default: 20. MAX_DAILY_RESTART Maximum number of daily named restarts made by 4PSA DNS Manager. Default: 20. MAX_FILE_SIZE The maximum size of a file 4PSA DNS Manager will download from a remote location (kb). Default: Administrator's User Guide 161

162 MAX_ZONES_PERFILE The maximum number of DNS Zones which can exist in a remote update file. 4PSA DNS Manager will not process a larger number of DNS Zones. Default: MAX_RECORDS Maximum number of DNS records in a zone file. Default: ZONEMNG_RUN_INTERVAL - The interval in seconds when zonemng is getting changes from database Default value: 900. UPDATEURL_RUN_INTERVAL - The interval in seconds when updateurl is trying to download URLs. Default value: 900. ZONE_SERIAL RFC 4PSA DNS Manager can write the zone serial number in two formats (RFC1912 and timestamp). Valid options: RFC and timestamp. Default: RFC. DB_HOST The host name used by 4PSA DNS Manager low level scripts to connect to the database DB_NAME The database name used by 4PSA DNS Manager. Warning Do not change this value because 4PSA DNS Manager requires the dnsmanager database name. DB_USER The user 4PSA DNS Manager uses to connect to the database DB_PASSWD The password 4PSA DNS Manager uses to connect to the database RRMONIT_MAX_THREADS - Maximum number of threads used by the rrmonitd deamon when monitoring records. Default: RRMONIT_TIMEOUT - Timeout interval for the rrmonitd deamon. Default: RRMONIT_POLLING_INTERVAL - Time interval used by rrmonitd between two consecutive polling list read. Default: 25. RRMONIT_CONCURRENCY - Number of threads for monitoring daemon. Default: 4. RRMONIT_DRIFT - Seconds to delay the concurrent polls that exceed RRMONIT_CONCURRENCY. Default: 7. RRMONIT_PID_FILE - PID file for the rrmonitd deamon. Default: /var/ run/dnsmanager/rrmonit.pid. RRMONIT_D - Monitoring scripts path for the rrmonitd deamon. Default: /usr/local/dnsmanager/rrmonit/bin Administrator's User Guide 162

163 RRMONIT_RC_D - rrmonitd start/stop script. Default: /etc/init.d/ rrmonitd. Monitoring script configuration file The file /etc/dnsmanager/monitoring.conf contains the services that are monitored and describes the behaviour of the monitoring service. The following directives are included in the file: MONIT_ S - Number of daily s sent by monitoring daemon. MONIT_RESTARTS - Number of daily monitoring daemon restarts. NAMED_MONIT 1 - DNS server monitoring service. Values: 1 - enabled, or 0 - disabled. MYSQL_MONIT 0 - MySQL server monitoring service. Values: 1 - enabled, or 0 - disabled. DNSMHTTP_MONIT 0 - Interface monitoring service. Values: 1 - enabled, or 0 - disabled. ZONEMNG_MONIT 1 - zonemng monitoring service. Values: 1 - enabled, or 0 - disabled. UPDATEURL_MONIT 1 - updateurl monitoring service. Values: 1 - enabled, or 0 - disabled. RRMONIT_MONIT 1 - rrmonit monitoring service. Values: 1 - enabled, or 0 - disabled. ALERT_ - The address where the notifications will be send Administrator's User Guide 163

164 Chapter 8 Remote Update Location Configuration 4PSA DNS Manager is able to get files containing DNS Zones and full DNS Records information from remote servers. In order to be able to retrieve this information, you have to set up a Cron job on the remote server; this Cron job must prepare the list of the DNS Zones. Every time 4PSA DNS Manager updates its database with the information from this URL, the Records will be up to date. Generating a list of DNS Zones on a server is a pretty straightforward job. Let's assume that you have a Plesk server and you want to provide centralized DNS and redundancy for this server. The algorithm can be applied to as many servers as you want, no matter what control panel they have installed. 1. 4PSA DNS Manager as a Secondary Server The easiest option is to let 4PSA DNS Manager act as a slave DNS server for your multiple Plesk servers which have DNS Zones setup as primary. In order to achieve this, the following requirements have to be met: Administrator's User Guide 164

165 1. 4PSA DNS Manager is allowed to obtain DNS Zone information from the primary server 2. 4PSA DNS Manager knows the names of the DNS Zones which must obtained from the primary server In order to satisfy these two basic requirements, you have to configure the DNS server on the Plesk server to allow transfer from the 4PSA DNS Manager IP. Since every DNS Zone created on a Plesk server includes an ACL called commonallow-transfer, all you have to do is to include the IP of the 4PSA DNS Manager in the Global Transfer IPs page, or to add the Allow transfer IPs in the Remote Update Locations page. Since Plesk uses its database to write the named.conf file, the best solution is to insert the IP address of the 4PSA DNS Manager server in the psa database. This way you can be sure that the named.conf file will remain correct. To do this, execute the following commands in the psa database: MySQL>INSERT INTO misc VALUES ('DNS_Allow_TransferXX','<Secondary Server IP>'); Where: XX is a unique number (increment it to add more IP addresses), <Secondary Server IP> is the IP of the 4PSA DNS Manager server. The second step is to let 4PSA DNS Manager obtain the list of the DNS Zones from the master server (Plesk server). In order to do this we will install on the Plesk server a program supplied in the 4PSA DNS Manager in the DNSMANAGER_ROOT_D/remote directory. The plesk_export.sh is a shell script written by 4PSA for Plesk servers. It writes a file containing the name of all domains that exist on this server. The program accepts the final destination file as argument. All you have to do is to insert this file in cron and make sure that it will write the list of the domains to a directory which can be accessed over the web. First you will have to configure the configure the script to export slaves zones and master records (edit the script to set the required variables as defined in the script). For example: sh plesk_export.sh /home/httpd/vhosts/mydomain.com/httpdocs/ dnslist.txt will dump the list of domains to a file that can be accessed over the web at: Administrator's User Guide 165

166 Keep in mind that you must add the plesk_export.sh invocation in cron on the Plesk server. This way the dnslist.txt file will be updated at regular time intervals and 4PSA DNS Manager will retrieve the latest list of the domains available on the server. Now you have to setup 4PSA DNS Manager to update the list of the DNS Zones from this location. This will be a remote update location in 4PSA DNS Manager. For more information on how to set up remote update locations, view the Managing DNS Zones Remote Update Locations section. 2. 4PSA DNS Manager as a Primary Server 4PSA DNS Manager can act as a primary DNS server while updating the DNS Zone information from a remote server. In this case, 4PSA DNS Manager will have to get full DNS Zone information from the remote server, not only the DNS Zone names like in the previous case. Once again we will have as an example a Plesk server. In order to generate the full DNS Zones information on a Plesk server, we will use a script from the 4PSA DNS Manager in the DNSMANAGER_ROOT_D/remote directory. The plesk_export.sh is a shell script written by 4PSA for Plesk servers. It writes a file containing the name of all domains which exist on this server and their full DNS Records. The program accepts the name of the final destination file as argument. All you have to do is to insert this file in cron and make sure that it will write the list of the domains to a directory which can be accessed over the web. First, you will have to configure the script to export master zones and optionally allow_transfer records (edit the script to set the required variables as defined in the script). For example: sh plesk_export.sh /home/httpd/vhosts/mydomain.com/httpdocs/ zone.txt will dump the list of the domains to a file that can be accessed over the web at: Administrator's User Guide 166

167 Keep in mind that you must add the plesk_export.sh invocation in cron on the Plesk server. In this way, the dnslist.txt file will be updated on regular intervals and 4PSA DNS Manager will retrieve the latest list of the domains available on the server. Now you have to setup 4PSA DNS Manager to update the list of the DNS Zones from this location. This will be a remote update location in 4PSA DNS Manager. Scripts to perform the same tasks can be written for any control panel. The list of scripts that must be used on remote servers will be updated by 4PSA and the scripts will be placed in the DNSMANAGER_ROOT_D/remote directory. With current version of 4PSA DNS Manager are shipped update scripts for Plesk, Ensim, InterWorx Control Panel, Helm, Cobalt and older DNS Manager versions. For other control panels, which use bind/named (like Cpanel or Direct Admin), you can use the bind_export.sh script. The bind_export.sh script is located in the DNSMANAGER_ROOT_D/remote/bind. This script generates a dump file for all the zones defined in the named.conf file by acquiring the data from the zone files defined on named.conf Administrator's User Guide 167

168 Appendix A. Supported Dump File examples In 4PSA DNS Manager 3.7.0, the file dump format has changed. The major improvements are: The zone type is preserved in the dump. Basically it's possible to have both slave and master zones in the same file, so it is no longer needed to have two types of update locations in DNS Manager. The SOA parameters can be included in the dump. When these are not included, the client or server global parameters are used. It is possible to include allow_transfer and masters parameters, according to the zone type. Examples of zone dump: domain.ltd. master { REFRESH RETRY EXPIRE MIN_TTL DEFAULT_TTL SERIAL ALLOW_TRANSFER NS domain.ltd. ns1.domain.ltd. NS aa.domain.ltd. ns.domain.ltd. CNAME cname.domain.ltd. canonical.name. CNAME somedir.domain.ltd. domain.ltd. CNAME ftp domain.ltd. A mail.domain.ltd AAAA sub.domain.ltd. 2001:db8:85a3:88:8a2e:370:7334: Administrator's User Guide 168

169 MX zone.domain.ltd. .exchanger 10 TXT txt.domain.ltd. v=spf1 exists:%{ir}.%{v}.arpa -all TXT some-text.domain.ltd. any text TXT domain.ltd. sometext TXT private._domainkey.domain.ltd. k=rsa; p=mewwdqyerwqewwe SRV _sip._tcp.domain.ltd SRV _sip._tcp.domain.ltd. anotherdomain.com SRV _h323._udp.domain.ltd. sub.domain.ltd } testdomain.com. master { $ORIGIN com. TXT testdomain v=spf1 a mx ptr mx:mail.testdomain.com ~all NS ns1.test-web NS ns2.test-web A } If the zone type is missing, it is assumed to be a master zone definition. domain.ltd.{ REFRESH RETRY EXPIRE MIN_TTL DEFAULT_TTL SERIAL ALLOW_TRANSFER Administrator's User Guide 169

170 NS domain.ltd. ns1.domain.ltd. NS aa.domain.ltd. ns.domain.ltd. CNAME cname.domain.ltd. canonical.name. CNAME somedir.domain.ltd. domain.ltd. CNAME ftp domain.ltd. A mail.domain.ltd AAAA sub.domain.ltd. 2001:db8:85a3:88:8a2e:370:7334:89 MX zone.domain.ltd. .exchanger 10 TXT txt.domain.ltd. v=spf1 exists:%{ir}.%{v}.arpa -all TXT some-text.domain.ltd. any text TXT domain.ltd. sometext TXT private._domainkey.domain.ltd. k=rsa; p=mewwdqyerwqewwe SRV _sip._tcp.domain.ltd SRV _sip._tcp.domain.ltd. anotherdomain.com SRV _h323._udp.domain.ltd. sub.domain.ltd } Slave zones are defined as follows: in-addr.arpa. slave { } MASTER aa.com. slave { } MASTER The rules mentioned above also apply to the reverse DNS zones. Below are explained full DNS zones with /24 /28 and /32 subnet mask Administrator's User Guide 170

171 4.3.2.in-addr.arpa. master { REFRESH RETRY EXPIRE MIN_TTL DEFAULT_TTL SERIAL NS in-addr.arpa. ns1.name.com. NS 0/ in-addr.arpa. ns.domain.com. PTR in-addr.arpa. zone.name. PTR in-addr.arpa. dom1.com. PTR in-addr.arpa. dom2.com. PTR in-addr.arpa. dom3.com. CNAME in-addr.arpa. 10.0/ in-addr.arpa. TXT host in-addr.arpa. value TXT in-addr.arpa. sometext } 4/ in-addr.arpa. master { REFRESH RETRY 3600 EXPIRE MIN_TTL SERIAL DEFAULT_TTL ALLOW_TRANSFER Administrator's User Guide 171

172 NS 4/ in-addr.arpa. aa.com. PTR 6.4/ in-addr.arpa. zone.c.om. PTR 6.4/ in-addr.arpa. dom1.com. PTR 6.4/ in-addr.arpa. dom2.com. TXT a.4/ in-addr.arpa. text value TXT 4/ in-addr.arpa. sometext } in-addr.arpa. master { REFRESH RETRY 3600 EXPIRE MIN_TTL SERIAL DEFAULT_TTL ALLOW_TRANSFER NS in-addr.arpa. aa.com. PTR in-addr.arpa. zone.c.om. TXT abc in-addr.arpa. sometext } The "@" character is accepted when defining zones. testdomain.com. master { ns.isdomain.com. NS new mail.testdomain.com. 10 MX test mail1.testdomain.com Administrator's User Guide 172

173 this is not a test CNAME *.new newtest.com. } The "-" character is also accepted when defining reverse zones in-addr.arpa. master { } REFRESH RETRY 3600 EXPIRE MIN_TTL SERIAL DEFAULT_TTL ALLOW_TRANSFER NS in-addr.arpa. aa.com. PTR in-addr.arpa. zone.com. PTR in-addr.arpa. dom1.com. PTR in-addr.arpa. dom2.com. TXT a in-addr.arpa. text value TXT in-addr.arpa. sometext If the SOA records are not found in the zone definition, they are inherited from the client, if the client has SOA records defined. If the client has no SOA records defined, the system wide SOA settings defined by the administrator are used. domain.ltd. master { ALLOW_TRANSFER NS domain.ltd. ns1.domain.ltd Administrator's User Guide 173

174 NS aa.domain.ltd. ns.domain.ltd. CNAME cname.domain.ltd. canonical.name. CNAME somedir.domain.ltd. domain.ltd. CNAME ftp domain.ltd. A mail.domain.ltd MX zone.domain.ltd. .exchanger 10 TXT txt.domain.ltd. v=spf1 exists:%{ir}.%{v}.arpa -all TXT some-text.domain.ltd. any text TXT private._domainkey.domain.ltd. k=rsa; p=mewwdqyerwqewwe TXT domain.ltd. text value } 4/ in-addr.arpa. master { } NS 4/ in-addr.arpa. aa.com. PTR 6.4/ in-addr.arpa. zone.com. PTR 6.4/ in-addr.arpa. dom1.com. PTR 6.4/ in-addr.arpa. dom2.com. TXT a.4/ in-addr.arpa. text value TXT 4/ in-addr.arpa. sometext To mark a primary nameserver, 1 is wrote on last position of the NS record from dump file, as ns2.server.ltd in the example below: domain.ltd. master{ NS domain.ltd. ns1.server.ltd. NS domain.ltd. ns2.server.ltd. 1 CNAME cname.domain.ltd. canonical.name Administrator's User Guide 174

175 CNAME somedir.domain.ltd. domain.ltd. CNAME ftp domain.ltd. A mail.domain.ltd MX zone.domain.ltd. .exchanger 10 TXT txt.domain.ltd. v=spf1 exists:%{ir}.%{v}.arpa -all TXT some-text.domain.ltd. any text TXT domain.ltd. text value } Also the closing bracket may be placed on the same line with an record, as below: domain.ltd. master{ ns1.server.ltd. ns2.server.ltd. 1 A mail.domain.ltd TXT domain.ltd. text value } Administrator's User Guide 175