This section describes the most commonly used terms in DNS/DHCP Services.
Additional Options: An attribute of the DNS server and zone, which allows fine-tuning of options for server performance. The values specified at the zone level override the values specified in the DNS server.
Additional from Auth: Controls the behavior of an authoritative server when answering queries that have additional data, or when following CNAME and DNAME chains. When this option is set to Yes, and when a query is being answered from authoritative data, the additional data section of the reply is filled in using data from other authoritative zones.
Additional from Cache: Controls the behavior of an authoritative server when answering queries that have additional data, or when following CNAME and DNAME chains. When this option is set to Yes, and when a query is being answered from authoritative data, the additional data section of the reply is filled in using data from the cache.
Allow Notify: Specifies the hosts that are allowed to notify slaves of a zone change in addition to the zone masters. This can be configured only for a secondary zone.
Allow Recursion: A list of IP addresses or networks from which the DNS server will accept queries recursively. If a value is not specified, the default is to allow recursive queries from all hosts.
Also Notify: A list of IP addresses of name servers that are also sent notify messages when a new copy of the zone is loaded, in addition to the servers listed in the Zone’s NS records. This is primarily meant to converge stealth servers. The default is an empty list (no additional notification list). The value specified in the zone overrides the value specified in the server.
Audit: A set of security-related events that need to be audited.
Audit policy: A set of rules that controls how the audit services function.
Auditing Trailing: Tracks the activities of users by recording the selected types of events in the security log/database of a server or a workstation. The process defines policies that determine the security events to be reported to the network administrator or auditor.
Authoritative: DNS data that is served by the resident DNS server. The server can be either primary or secondary. This is the DNS data that belongs to a resident domain and is managed by the administrator of that domain, or it is the DNS data that is imported through a zone transfer.
Blacklist servers: These are fake servers; the DNS server does not answer queries from or forward queries to these servers. This list is maintained in the dnipBlacklistServers attribute of the DNS server object in Novell® eDirectory™.
Bulk Zone Export: Transferring one or more zones' configuration and data from eDirectory to files. This can be done using the Import-Convert-Export (ICE) utility, which uses ICE zone handlers.
Bulk Zone Import: Transferring one or more zones' configuration and data from files to eDirectory. This can be done using the Import-Convert-Export (ICE) utility, which uses ICE zone handlers.
Cleaning Interval: With this option set, the server removes expired resource records from the cache after every cleaning interval. If it is set to 0, no periodic cleaning occurs.
Cluster Services: Novell DNS cluster services is a server clustering solution that provides high availability and manageability of critical network resources including data, applications, and services. It is enabled for eDirectory and supports failover, fallback, and migration (load balancing) of individual managed services.
Co-existence: Both the old and new servers interoperate on the same eDirectory configuration. The underlying platform and configuration is the same and can use different versions of the server. Co-existence of a new DNS server with a current DNS server allows customers to do a phased upgrade and migration from old DNS servers to new DNS servers.
Designated Primary Server: The master primary server, which serves a primary zone and honors zone-out transfer requests. It is the only primary server in the zone that accepts dynamic updates. There is only one designated primary server per zone.
Designated Secondary Server: The master secondary server, which serves a secondary zone and honors zone-out transfer requests. It is the only secondary server in the zone that will performs in-bound zone transfer requests to the primary server in the zone. There is only one designated secondary server per zone.
Dynamic Reconfiguration: Detects the changes in the DNS server and DNS Zone configuration data and applies it from eDirectory to DNS server in-memory while the DNS server is in running mode (without shutting down the server).
Dynamic Update - Novell proprietary: Novell DHCP server sends the updates to DNS server by using a Novell proprietary update format. The proprietary dynamic update message has a different format from the standard RFC 2136 message, and also has a security signature associated with the message. There is a logic for establishing credentials for each connection from DHCP to DNS. After the credentials are established, the DHCP server sends the actual packet of DNS data for update to the DNS server.
Dynamic Update - RFC 2136: The new DNS servers accept dynamic update requests in standard RFC 2136 format. For more information, refer to RFC 2136.
Event: The occurrence of an action on an object of interest.
Event Logging: Any significant occurrence in the system or an application that requires administrators to be notified or an event to be added to a log.
Event logging is primarily for:
Application monitoring; that is, monitoring the critical and important operations related to the application or server.
Error monitoring; that is, monitoring failure in some operations.
Fault tolerance: Handles temporary disruptions of eDirectory unavailability, with graceful degradation in functionality. This can be categorized as:
Full Fault Tolerance: The state when eDirectory is down and access to the DNS server object is broken. The server does not accept the following:
No write operation can be performed until eDirectory is up.
The server resolves only normal queries and zone-out transfer. Full Fault-Tolerance mode is applicable to all zones that are being serviced by the DNS server.
Partial Fault Tolerance: The state when eDirectory is up but access to some zones is broken (because some eDirectory partitions are down or are not accessible). The server will not accept the following:
No write operation to these zones is performed until the partition is down
The server will only resolves normal queries for this zone. The queries are used only until the expiration for a secondary zone, but they are used indefinitely for a primary zone.
Forward: This option can be configured only if the forwarding list is not empty. A value of First, which is the default, causes the server to query the forwarders first. If that does not answer the query, the server then looks for the answer. If Only is specified, the server will queries only the forwarders.
Empty Forwarder: This option is used for domain delegation (child zones). With Empty Forward list, global forwarders are ignored and NS records are used for domain delegation.
Forwarder: A DNS server that forwards queries to other DNS servers, if the requested information is not found on the local server.
FQDN: Fully Qualified Distinguished Name.
Group: The DNS/DHCP Group object is a standard eDirectory group object. The DNS and DHCP servers gain the rights to DNS and DHCP data within the tree through the Group object.
ICE: The utility to import or export the DNS server, zone configuration information, and data to or from the eDirectory database.
Journal Log: All changes made to a zone using dynamic update are stored in the zone's journal log. The server automatically creates this log when the first dynamic update takes place. The extension .jnl is appended to the name of the corresponding zone to form the journal log file. The journal log is in a binary format and should not be edited manually.
Lame TTL: Sets the number of seconds to cache a lame server indication (these are misconfigurations in the remote servers, discovered by the DNS service when trying to query those servers during resolution). 0 disables caching (not recommended). The maximum value is 1800 (30 minutes).
Listen On: Specifies the interfaces and ports that the server answers queries from. It takes an optional port and an address match list. If a port is not specified, port 53 is used.
Locator: The DNS/DHCP Locator object contains a reference to global defaults and DHCP options, and list of all DNS and DHCP servers, subnets, and zones in the tree.
Maximum Cache Size: The maximum amount of memory (in bytes) used for the server's cache. When the amount of data in the cache reaches this limit, the server causes records to expire prematurely so that the limit is not exceeded. The default is 0 (unlimited cache).
Maximum Cache TTL: Sets the maximum time for which the server will caches ordinary (positive) answers.
Maximum NCache TTL: Sets a maximum retention time for negative answers in the server. The server stores negative answers to reduce network traffic and increase performance. The maximum value is 7 days.
Maximum Recursion Lookups: The maximum number of simultaneous recursive lookups that the server performs on behalf of the clients. This allows you to set limits on the servers’ resource consumption The default value is 1000.
NOTE:Each recursive client uses about 20 KB of memory
Minimal Responses: Allows the server to add records to the authority sections, and optionally to the additional section depending on the value set for this option. If this is set to No, the server adds records to both the authority and additional sections when generating responses. If this is set to Yes, the server adds records only to the authority section when generating responses. The performance of the server increases if this option is set to No.
Non-Authoritative: DNS data that is not served by the resident DNS server. This is the DNS data that belongs to a foreign domain and is not managed by the resident DNS administrator. This data is cached through responses to forwarded queries.
Notify: When this option is set to Yes, DNS notify messages are sent when the contents of a zone for which the server is authoritative changes. The messages are sent to the servers listed in the zone’s NS records (except the master server identified in thefield), and to any servers listed in the also-notify option.
Notify Source: Determines the local source address, and optionally the UDP port, that is used to send notify messages. The slave should also be configured to receive notify messages from this address.
Novell Dynamic Reconfigure: Specifies the time interval at which dynamic reconfiguration will takes place. The minimum value is 10 minutes and the maximum is 24 hours.
Out-of-band update: Any update to DNS Zone data in eDirectory that bypasses the DNS server (that is, all updates except dynamic update).
Passive Primary Server: A DNS server that serves a primary zone and honors zone-out transfer requests. This server is passive because it cannot update the zone data. There can be multiple passive primary servers serving the same primary zone.
Passive Secondary Server: A DNS server that serves a secondary zone and does not issue in-bound zone transfer requests to the primary server of the zone. It will answers queries to the zone and honors zone-out transfers requests to the zone. There can be multiple passive secondary servers serving the secondary zone.
Performance: This parameter measures the throughput of the server in handling requests and is indicated as the response time for processing concurrent requests (queries, updates, zone transfers, etc.).
Primary Zone: A zone that is authoritative and is serviced by a designated primary DNS server and one or more passive primary DNS servers.
Provide IXFR: Determines whether the local server, acting as the master, responds with an incremental zone transfer when the given remote server, a slave, requests it. If set to Yes, incremental transfer is provided whenever possible. If set to No, all transfers to the remote server are non-incremental (AXFR). The default is Yes.
Query Filter: List of IP addresses or networks from which DNS server accepts queries. If this option is not specified, the default is to allow queries from all hosts. The value specified for this option in the zone will overrides the value specified in the server.
Query Source: Specifies the address and port used for querying other name servers, if the server does not know the answer to a query.
Recursion: If this option is set to Yes, and a DNS query requests recursion, then the server will attempts to do everything required to answer the query. If this option is set to No and the server does not already know the answer, it returns a referral response.
Role: An object in the iManager framework that is associated with user objects in eDirectory.
Rollback: To revert to the previous state if transaction fails.
RootSrvrInfo: The RootSrvrInfo Zone is a Zone object, which is an eDirectory container object that contains RRsets for the DNS Root servers. The RootSrvrInfo Zone object is the equivalent of the BIND db.root file.
Request IXFR: Determines whether the local server, acting as a slave, will requests incremental zone transfers from the given remote server, a master. The default is True.
RR Set Order: Permits ordering of the records in a multiple record response in an RRset. Currently, Novell DNS server supports two orders: random-cyclic and fixed. The default is random-cyclic.
Scalability: This parameter measures how the server scales with load in terms of the number of zones, number of RRs per zone, number of DNS queries, and zone transfers or dynamic updates handled by the server in a typical deployment scenario. It also identifies the limits of the parameters to which the server offers consistent performance without degradation.
Scope settings: Setting the scope and context of Locator object in the eDirectory tree enables better search responses for DNS-DHCP objects. This avoids searching the entire tree by limiting the search within the current scope set.
Secondary Zone: A zone that is serviced by a designated secondary DNS server and one or more passive secondary DNS servers.
Serial Query Rate: Through this option, the slave servers periodically query master servers to find out if the zone serial numbers have changed. Each such query uses a small amount of the slave server’s network bandwidth. In order to limit the amount of bandwidth used, you should limit the rate at which queries are sent. The value of the serial-query-rate option is an integer, which is the maximum number of queries sent per second.
Slave Server: A DNS server that answers queries from its authoritative data and cached data, but relies completely on the forwarders for external information. It does not contact other servers if the forwarders do not give it an answer. A slave server can be a primary or secondary for its authoritative data.
SNMP: Simple Network Management Protocol. For complete information, refer RFC 1067.
Task: A task is an object in the iManager framework that is associated with a role object in eDirectory. Each task describes some action that a role can play to create, modify, or delete objects in eDirectory.
TCP Clients: Specifies the maximum number of simultaneous client TCP connections that the server will accept.
Transaction support: The DNS server supports a transaction for a dynamic update request. This means committing the update to eDirectory, in-memory rbt (red-black tree) database, and in the journal log. If the transaction to any of these fails, the update is rolled back and a negative response is sent to the dynamic update request.
Transfer Format: Through this option, zone transfers can be done by using two different formats, one-answer and many-answers. This option is used on the master server to determine which format it sends. One-answer uses one DNS message per resource record transferred; many-answers places as many resource records as possible into a message. Many-answers is more efficient.
Transfers In: Specifies the maximum number of inbound zone transfers that can run concurrently. Increasing the transfers-in might speed up the convergence of slave zones, but it might also increase the load on the local system.
Transfers Out: Specifies the maximum number of outbound zone transfers that can run concurrently. The zone transfer requests that are in excess of the limit are refused.
Transfers per NS: Specifies the maximum number of inbound zone transfers that can be transferred concurrently from a given remote name server. Increasing the value of this option might speed up the convergence of slave zones, but it might also increase the load on the remote name server.
Transfer Source: Determines the local address that is bound to the IPv4 TCP connections used to fetch the zones transferred inbound by the server. It also determines the source IPv4 address, and optionally the UDP port, used for the refresh queries and forwarded dynamic updates.
Update Filter: List of IP addresses or networks from which the DNS server accepts dynamic DNS updates for primary zones. The default is to deny updates from all hosts. This attribute is effective only on a primary designated server.
Write-through: Writing the dynamic update data immediately to eDirectory (primary data) server in-memory, and to the journal log at the time of request (that is, before replying to dynamic update request).
Zone Export: Transfers data for a single zone configuration from eDirectory into a file. This can be done using the DNS/DHCP Management utilities.
Zone Import: Transfers a single zone configuration and data from a file into eDirectory. This can be done by using the DNS/DHCP Management utilities.
Zone-in: Zone data received by a secondary server from a primary server.
Zone-out: Transfer of data from a primary server to a secondary server.
Zone Statistics: If this option is set to On, the DNS server collects statistical data on all zones in the server.