How to Configure DNS Zones



Similar documents
Networking Domain Name System

How to Add Domains and DNS Records

Introduction to DNS CHAPTER 5. In This Chapter

Copyright

Networking Domain Name System

netkit lab dns Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version Author(s)

API of DNS hosting. For DNS-master and Secondary services Table of contents

DNS. Computer networks - Administration 1DV202. fredag 30 mars 12

ECE 4321 Computer Networks. Network Programming

Application Protocols in the TCP/IP Reference Model

Talk-101 User Guide. DNSGate

Bulk DNS Update CSV File

Networking Domain Name System

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Concept. DNS - Domain Name System

Fasthosts Internet Parallels Plesk 10 Manual

- Domain Name System -

Switching Your DNS WiredTree

Installing and Setting up Microsoft DNS Server

Customer admin guide. UC Management Centre

How to Configure the Windows DNS Server

2 HDE Controller X DNS Server Manual

DNS ActiveX Control for Microsoft Windows. Copyright Magneto Software All rights reserved

DNS. Computer Networks. Seminar 12

4PSA DNS Manager Administrator's User Guide

DNS and Interface User Guide

NetIQ Advanced Authentication Framework - MacOS Client

Using Webmin and Bind9 to Setup DNS Sever on Linux

Windows 2008 Server. Domain Name System Administración SSII

Domain Name System :49:44 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

How to set up the Integrated DNS Server for Inbound Load Balancing

Motivation. Domain Name System (DNS) Flat Namespace. Hierarchical Namespace

Glossary of Technical Terms Related to IPv6

SME- Mail to SMS & MMS Gateway with NowSMS Quick Start Guide

1 Introduction: Network Applications

Module 2. Configuring and Troubleshooting DNS. Contents:

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Domain Name System

KAREL UCAP DNS AND DHCP CONCEPTS MANUAL MADE BY: KAREL ELEKTRONIK SANAYI ve TICARET A.S. Organize Sanayi Gazneliler Caddesi 10

Hostname (DNS Resolvable) Network Objects

CS3250 Distributed Systems

Configuring a Domain to work with your Server

DNS Conformance Test Specification For Client

Understand Names Resolution

Domain Name System. Heng Sovannarith

Fax. Problems with Fax Delivery to Users CHAPTER

Transferring Your Internet Services

DNS + DHCP. Michael Tsai 2015/04/27

DNS : Domain Name System

Parallels Plesk Panel User Guide

DNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. .

The Domain Name System (DNS)

Conexim DNS Administrator s Guide

Lesson 13: DNS Security. Javier Osuna GMV Head of Security and Process Consulting Division

HTG XROADS NETWORKS. Network Appliance How To Guide: DNS Delegation. How To Guide

The Use of DNS Resource Records

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

Migration Manual (For Outlook Express 6)

138 Configuration Wizards

Configuring the BIND name server (named) Configuring the BIND resolver Constructing the name server database files

Introduction to Network Operating Systems

How To Guide Edge Network Appliance How To Guide:

Windows Active Directory. DNS, Kerberos and LDAP T h u r s d a y, J a n u a r y 2 7, 2011 INLS 576 Spring 2011

Internet Security [1] VU Engin Kirda

Content Filtering Client Policy & Reporting Administrator s Guide

Understanding DNS (the Domain Name System)

Inbound Load Balance. User Manual

Parallels Panel. Parallels Small Business Panel 10.2: Administrator's Guide. Revision 1.0

Overview. Principles Creating reverse zones Setting up nameservers Reverse delegation procedures IPv6 Reverse DNS

Quick Start Guide. Sendio System Protection Appliance. Sendio 5.0

My Services Online Service Support. User Guide for DNS and NTP services

WHM Administrator s Guide

Parallels Plesk Automation

KB Windows 2000 DNS Event Messages 1 Through 1614

Domain Name Servers. Domain Types WWW host names. Internet Names. COMP476 Networked Computer Systems. Domain Name Servers

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0

WEB2CS INSTALLATION GUIDE

Section 1 Overview Section 2 Home... 5

Migration Manual (For Outlook 2010)

Web Hosting Getting Started Guide

The Application Layer. CS158a Chris Pollett May 9, 2007.

Deploying & Configuring a DNS Server on OpenServer 6 or UnixWare 7. Kirk Farquhar

Nimsoft Monitor. dns_response Guide. v1.6 series

Domain Name Server. Training Division National Informatics Centre New Delhi

Legal Notes. Regarding Trademarks KYOCERA Document Solutions Inc.

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

Lab - Observing DNS Resolution

Configuring Trend Micro Content Security

Chapter 9: Name Services. 9.1 Introduction 9.2 Name services and the DNS 9.3 Directory services 9.6 Summary

Agenda. Network Services. Domain Names. Domain Name. Domain Names Domain Name System Internationalized Domain Names. Domain Names & DNS

Releasing blocked in Data Security

THE MASTER LIST OF DNS TERMINOLOGY. First Edition

- Spam Spam Firewall How Does the Spam Firewall Work? Getting Started username Create New Password

Dell Compellent Storage Center

Domain Name System (DNS) Fundamentals

Copyright International Business Machines Corporation All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure

Transcription:

How to Configure DNS Zones The Barracuda NG Firewall DNS configuration object contains two predefined zones: _template and. To be able to edit and specify DNS zones within the Barracuda NG Firewall DNS configuration, you must create a DNS service. For more information, see link. In this article: Zone 1: _template This zone contains the general template, which is used as model for all newly created zones. The procedure for creating and modifying template settings is identical to the procedure for creating and editing settings in another zone. Note that only template settings which have already existed before creating the zone will be inherited. To access the _template zone, proceed with the following steps: 1. Log into the Barracuda NG Firewall. 2. From the Config Tree, expand Box > Virtual Servers > <Your Server> > Assigned Services > DNS. 3. Expand the DNS service and open the DNS Template Zone by double clicking it. 4. Double click on the entry (_template) to create or modify settings for SOA, Primary Server, Nameserver, 5. Right-click into the main window to create new hosts, mail-exchangers, etc. Every setting made here will be clearly arranged in a separate row within the main window and can be selected for further modification or deletion. Zone 2:. The initial set of root-servers is defined using a hint zone. When the server starts up it uses the hint zone file to find a root name server and get the most recent list of root name servers. The zone "." is short for this root zone and means any zone for which there is no locally defined zone (slave or master) or cached answer. Do NOT modify the root server settings unless you exactly know what you are doing. Add a New Zone To introduce a new zone, right-click your DNS server and select Lock Server. Optionally, you may lock the DNS Server in the Config Tree already. The configuration may now be modified. Select Add New Zone from the context menu and configure the following options: Parameter Overview Click here to see more Parameter Description How to Configure DNS Zones 1 / 9

Type Origin Domain Name Lookup Masters Forwards Master - Every domain configuration change takes place on the master. From here the information is propagated to the secondary servers. A master zone requires at least a Start of Authority (SOA) record and a Name Server (NS) record. Be sure to examine the security settings of the master zone, since a corrupt master zone can cause a lot of problems. Slave - A slave zone is a replica of a master zone. The masters list specifies one or more IP addresses that the slave contacts to update its copy of the zone. DNS slave zones do not require much configuration; just enter the IP addresses of the master server (or servers) and examine the security settings. Be sure to set a transfer-source- IP, otherwise the slave zone will not be accepted by the DNS server. Forward - A forward zone is used to direct all queries in it to other servers. The specification of options in such a zone will override any global options declared in the options statement. A forward zone does not need a transfer-source-ip. Be sure to check the security settings. Hint - The initial set of root name servers is specified using a hint zone. When the server starts up, it uses the root hints to find a root name server and get the most recent list of root name servers. The Barracuda NG Firewall DNS server already has a hint zone (Zone ".") pre-configured, so normally there is no need to introduce another hint zone. Depending on the selected types the necessary settings may be slightly different. Such settings are marked with (optional) in the following. Enter the domain name you wish to create here (for example, barracuda.com). This section is used for defining whether the zone should perform Forward or Reverse lookup. DNS forward lookup provides IP addresses for known host names, while reverse lookup provides host names for known IP addresses. The Barracuda NG Firewall DNS server is able to provide DNS reverse lookup only for 8-bit networks (like 213.47.10.0/24). (optional) This field is available when type Slave is selected. Enter the master IP addresses here. (optional) This field is available when type Forward is selected. Enter the forward IP addresses here. By clicking the advanced button a new window appears containing additional settings: notify Parameter also notify transfer-source-ip Description Allows the administrator to select whether the DNS server should notify slave DNS servers about zone changes. Possible values for selection are yes/no/explicit. If explicit is selected enter the explicit IP in the also notify field below. Here you may enter a list of hosts that should be notified about zone changes although these machines are not registered slaves of the DNS server. Separate multiple entries with a semicolon and space (like 10.0.0.53; 10.0.0.67; 192.168.0.10). This field is only available for type Slave. It defines the IP address the slave has to use when contacting its master DNS server. The following options are available: service-default server-first server-second explicit Slave zones must have transfer-source-ip to work. How to Configure DNS Zones 2 / 9

Advanced Settings Section Security This section offers detailed security options for the DNS service. Each pull-down field can take one the value none or any. allow notify - This field is only available for type Slave. It defines if the Slave accepts notifications about updates from its master. allow query - Lists the hosts that are allowed to query the DNS server. By default all hosts are allowed to query the DNS server. allow update - Lists the hosts that are allowed to update the database of the DNS server. allow transfer - Lists the hosts that are allowed to fetch the DNS database from the DNS server. Edit/Add a New Start of Authority At creation time of the Barracuda NG Firewall DNS Server a standard template is created which is automatically inherited by newly generated zones. This template may freely be deleted or modified. In case you have deleted it, and have thereafter created a new zone, proceed as follows to comprehend the following instructions: 1. 2. Select the newly created domain lacking a Start of Authority record in the tree view, right-click the main window and choose Add a New Start of Authority (SOA). If the SOA record already exists, double-click an existing entry with type NS or SOA and select the Start of Authority (SOA) tab. DNS Server - SOA Configuration Serial Primary Sever Responsible person Refresh after Retry after Expire after Minimum TTL Expire (TTL) Enter a serial number here. - Clicking Update will increase the serial number by one. The serial number of the master has to be higher than the serial number saved on the slave, otherwise the slave will stop fetching information updates from its master. Select the primary name server of the domain here. - By clicking Pickup already created entries can be selected. Use this field to define a person responsible for this host/zone. The syntax that has to be used is username.domain (for example ernestexample.test.org). - By clicking Pickup already created entries can be selected. This interval tells the slave how often it has to check whether its data is up to date. When the slave fails to reach the master server after the refresh period (Refresh after), then it starts trying again after this set time interval. When the slave fails to contact the master server for the expire period, the slave expires its data. Expiring means that the slave stops giving out answers about the data because the data is too old to be useful. (standard) This value sets the Time To Live of cached database entries of this zone. - The format for TTL is days:hours:minutes:seconds. This value sets the Time To Live of cached database entries of this zone until it is considered as expired. - The format for TTL is days:hours:minutes:seconds. How to Configure DNS Zones 3 / 9

Edit/Add a New Name Server 1. 2. To introduce a new Name Server (NS), right-click the right part of the window and select New Name Server (NS). If a nameserver has already been created, open an existing entry with type SOA or NS and click the Nameserver (NS) tab. A new nameserver can only be entered if the SOA has already been generated. Name Server Configuration Superordinate domain Add /Modify /Delete This is a read-only field. It displays the name of the domain the nameserver will be responsible for. To add name servers, click Add. Servername - This is the name of the name server. IP Address - This is the IP address of the name server. Expire (TTL) - This is the globally defined length of life, future name server records are expected to have. The format for the Time to Live (TTL) is days:hours:minutes:seconds. Add a New Host To introduce a new host, right-click the main window and select New Host. Entries made in the individual tabs will be saved in separate rows of type A, TXT, HINFO and WKS within the main configuration window. Select the Add corresponding reverse lookup entry (PTR) check box to automatically create a pointer record when creating the A-Record. In order to function, the reverse zone as described in the last article section must have already been created. Host Configuration Superordinate domain - This read-only field displays the name of the domain where the new host is created in (This field is also displayed in all other tabs of this window). Host - Enter the name of the host here (In all other tabs of this window this field is also displayed but read-only). How to Configure DNS Zones 4 / 9

IP address - To enter a new host IP address click Add. To delete an existing address, click Delete. Expire (TTL) - The format for this field is days:hours:minutes:seconds. Host Information (HINFO) Tab The fields of this tab (Hardware Type and Operating System) can be used to provide information on the hardware and operating system of the host. Text (TXT) Tab Text - In this field, any text can be entered. For example, for describing the system to simplify maintenance of the DNS database. Expire (TTL) - The format for this field is days:hours:minutes:seconds. Well-Known Services (WKS) Tab Enter the IP address and the used protocol in the appropriate fields. The services must be entered in plain text and separated with blanks (like: telnet ssh smtp ftp). Add a New Mail-Exchanger To introduce a new mail exchanger, right-click the main window and select New Mail-Exchanger. Mail-Exchanger Configuration Superordinate domain - This is a read-only field. It displays the name of the domain the mailexchanger handles mail-traffic for. (This field is also displayed in all other tabs of this window). Host - Depending on the needs the following values are entered here: @ - mail-exchanger is responsible for @domain.com any_text - mail-exchanger is responsible for @any_text.domain.com. Mailserver (A) - Here the name of the mailserver must be entered. To select existing entries, click Pickup. Mailserver priority - Use this field to set the mailserver priority. Expire (TTL) - The format for this field is days:hours:minutes:seconds. Mailbox information (MINFO) Tab Mailbox (MB) - Here the name of the mailbox has to be entered. To select existing entries, click Pickup. Error mailbox (MB) - Here the name of the error mailbox has to be entered. To select existing entries, How to Configure DNS Zones 5 / 9

click Pickup. Expire (TTL) - The format for this field is days:hours:minutes:seconds. Well-Known Services (WKS) Tab Enter the IP address and the used protocol in the appropriate fields. The services must be entered in plain text and separated with blanks (for example telnet ssh smtp ftp). Add a New Domain To introduce a new subdomain, right-click the main window and select New Domain. Enter a name for the new sub-domain. After clicking OK, the new subdomain displays in the DNS tree. Within the new sub-domain, you are able to perform the same operations as described above. Completely set up new subdomains before clicking Send Changes and Activate. Otherwise, incompletely configured subdomains are deleted. Add New Others There are several other objects you can add to your DNS configuration. These objects can be introduced by right-clicking in the right part of the DNS config window and selecting New Others. The following objects can be added to the DNS configuration: Parameter Overview Click here to see more A AAAA AFSDB CNAME DNAME New host. IPv6 address. AFSDB records specify the hosts that provide a style of distributed service advertised under this domain name. A subtype value (analogous to the preference value in the MX record) indicates which style of distributed service is provided with the given name. Subtype 1 indicates that the named host is an AFS database server for the AFS cell of the given domain name. Subtype 2 indicates that the named host provides intra-cell name service for the DCE cell named by the given domain name. CNAME specifies an alias or nickname for the official or canonical name. An alias should be the only record associated with the alias; all other resource records should be associated with the canonical name and not with the alias. Any resource records that include a zone name as their value (for example, NS or MX) must list the canonical name, not the alias. This resource record is especially useful when changing machine names. DNAME specifies an alias for one or more subdomains of a domain. The effect of this is that the entire subtree of DNS identified by the domain name can be mapped onto the target domain. How to Configure DNS Zones 6 / 9

HINFO ISDN MB MG MINFO MR MX NAPTR NS PTR RP RT SVR TXT WKS X25 HINFO records contain host-specific data. They list the hardware and operating system that are running on the listed host. If you want to include a space in the machine name, you must quote the name. Host information is not specific to any address class, so ANY may be used for the address class. There should be one HINFO record for each host. For security reasons, many sites do not include the HINFO record, and no applications depend on this record. Representation of ISDN addresses. MB lists the machine where a user wants to receive mail. The "name" field is the user's login; the machine field denotes the machine to which mail is to be delivered. Mail box names should be unique to the zone. The mail group record (MG) lists members of a mail group. MINFO creates a mail group for a mailing list. This resource record is usually associated with a mail group, but it can be used with a mailbox record. The "name" specifies the name of the mailbox. The "requests" field is where mail such, as requests to be added to a mail group, should be sent. The "maintainer" is a mailbox that should receive error messages. This is particularly appropriate for mailing lists when errors in members' names should be reported to a person different to the sender. MR records lists aliases for a user. The "name" field lists the alias for the name listed in the fourth field, which should have a corresponding MB record. MX records specify a list of hosts that are configured to receive mail sent to this domain name. Every host that receives mail should have an MX record, since if one is not found at the time the mail is delivered, an MX value will be imputed with a cost of 0 and a destination of the host itself. NAPTR records map between sets of URNs, URLs and plain domain names and suggest to clients what protocol should be used to talk to the mapped resource. For example NAPTR is used in SIP. The SIP URN for the US telephone number 1-800-555-1234 would be tel:+1-800-555-1234 and its domain name sipcalls.sip.com NS lists a name server responsible for a given zone. The first "name'' field lists the zone that is serviced by the listed name server. There should be one NS record for each name server of the zone, and every zone should have at least two name servers, preferably on separate networks. PTR allows special names to point to some other location in the domain. The following example of a PTR record is used in setting up reverse pointers for the special in addr.arpa domain. This line is from the example mynet.rev file. In this record, the "name'' field is the network number of the host in reverse order. You only need to specify enough octets to make the name unique. RP identifies the name (or group name) of the responsible person(s) for a host. This information is useful in troubleshooting problems over the network. Route-through binding for hosts that do not have their own direct wide area network addresses (experimental). Information on well known network services (replaces WKS). A TXT record contains free-form textual data. The syntax of the text depends on the domain in which it appears; several systems use TXT records to encode user databases and other administrative data. WKS records describe the well-known services supported by a particular protocol at a specified address. The list of services and port numbers comes from the list of services specified in /etc/services. There should be only one WKS record per protocol and address. Because the WKS record is not widely used throughout the Internet, applications should not rely on the existence of this record to recognize the presence or absence of a service. Instead, the application should simply attempt to use the service. Representation of X.25 network addresses (experimental). Reverse Lookup Zones Each of the available zones can be defined as a reverse lookup zone. To do so, switch the lookup box from forward to reverse when creating a new zone. The input mask will change and you will be able to enter the address of the network you wish to create a reverse lookup zone for. How to Configure DNS Zones 7 / 9

An appropriate name for the reverse lookup zone will automatically be created from the network address. In our example, the network address is 10.0.0.0 which results in an automatically created reverse lookup zone named 0.0.10.in-addr.arpa. By clicking the advanced button the advanced option window will pop up allowing you to define the same options as described in the section. How to Configure DNS Zones 8 / 9

How to Configure DNS Zones 9 / 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information