13.1 Using iManager to Manage DNS

13.1.1 Scope Settings

Configuring the scope settings for a session significantly improves the session's performance. If you do not configure the scope settings for the session, you receive a warning  before every task you attempt to perform. However, you can still proceed with the task.

Setting the scope of the DNS services requires two specifications for the session: the Novell eDirectory context of the Locator object and the administrative scope of the session. Specifying the eDirectory context of the Locator object at the start of the session significantly improves performance because it eliminates the need to search for the Locator object. Specifying the administrative scope of the session also improves performance significantly because it restricts the retrieval of DNS objects for viewing to the scope you specify.

When you configure the DNS scope settings for a session, they only last as long as the session lasts. If you start a new session, you must configure the DNS scope settings again.

To configure DNS scope settings:

  1. Click DNS > Scope Settings to open the DNS Scope Settings window.

  2. Specify the eDirectory context of the DNS Locator object or browse to select it.

  3. Specify the eDirectory context of the container object that will provide the administrative scope of the current session.

    If you specify only the eDirectory context of the DNS Locator object and not the administrative scope of the current session, you can proceed with administrative tasks without receiving a warning message. However, performance is further optimized if you also define the administrative scope.

  4. Click OK to configure the scope settings.

    A message indicates that the scope setting request was successful.

  5. Click OK to complete the process.

    Or

  6. Click Repeat Task to configure the scope settings again.

13.1.2 DNS Server Management

The DNS Server Management role consists of the following tasks:

Creating a Server

Use iManager to create and set up a server object for each DNS server you plan to operate.

  1. In iManager, click DNS > DNS Server Management to open the DNS Server Management window in the main panel.

  2. From the drop-down menu, select Create Server and click OK to open the Create DNS Server window.

  3. Type the NCP server name or browse to select an NCP server from the eDirectory tree.

  4. Specify a unique hostname for the DNS server object.

  5. Specify a domain name for the server object.

  6. Click Create.

    A message indicates that the new DNS server was created.

NOTE:To configure DNS for an existing NetWare 6.5 server, create the DNS server to use the iManager plug-in for DNS. If server is created, then NetWare 6.5 NCP Server should have a DNIP:LocaterPtr attribute pointing to the DNS Locator object.

Viewing or Modifying a Server

After you create a DNS server object, you can modify its configuration parameters.

  1. In iManager, click DNS > DNS Server Management to open the DNS Server Management window in the main panel.

  2. From the drop-down menu, select View/Modify Server and click OK to open the View/Modify Server window.

  3. Select the DNS server from the drop-down list, then click OK.

  4. Follow the on-screen instructions to view and modify the following DNS server configuration parameters:

List of Zones: The names of the zones that the server manages along with the roles of this server for each of the zones. This field cannot be edited.

DNS Server IP Address: The IP addresses on which the DNS server listens for queries. This field cannot be edited.

DNS TSIG Key Information: Information on available and associated keys.

  • Available DNS TSIG Keys: A list of DNS TSIG keys that are available in the eDirectory tree. These keys can be associated with the DNS server.

  • Associated DNS TSIG Keys: A list of DNS TSIG keys that are associated with the DNS server.

  • To add a DNS TSIG key, select the key, then click Add.
  • To remove a DNS TSIG key, select the key, then click Remove
  • To add all the keys, click Add All.
  • To remove all the keys, click Remove All.
  • To add or remove multiple keys, use the Ctrl key to select the keys, then click Add or Remove.

Domain name: The domain name of the DNS server.

Comments: Add your comments about the DNS server. This parameter is optional.

Forward List: A list of IP addresses of DNS servers to which unresolved queries will be forwarded.

  • To add servers to the Forward List, click Add, specify the IP address of the server, then click Add again.
  • To remove servers from the Forward List, select the IP address of the server from the Forward List, then click Delete.

You can also use this list to control the behavior of queries for which the server is not authoritative and the answers do not exist in the cache. Values can be either First or Only. If you specify the value as First, which is the default, the server queries the list of forwarders first. If no answer is found, the server searches for the answer. If you specify the value as Only, the server queries only the forwarders list.

No-Forward List: A list of domain names whose unresolved queries will not be forwarded to other DNS servers.

  • To add domain names to the list, click Add, specify the domain name of the server, then click OK.
  • To remove domain names from the list, select the domain name, then click Delete.

Allow Recursion: A list of IP addresses or networks that can submit recursive DNS queries. If you want to disable recursion, specify a value of None.

  • To add the address match list element, click , then specify the IP address and the mask length.The network number is optional.
  • To add a generic option, select the Predefined match list, select from the available options in the drop-down list, then click OK.
  • To delete the address match list element, select the item to be deleted, then click .

Query Filter: A list of IP addresses or networks that are authorized to query the DNS server. If no IP address is specified, queries are allowed from all hosts.

  • To add the IP address, click , then specify the IP address and the mask length. The network number is optional.
  • To add a generic option, select the Predefined match list, select from the available options in the drop-down list, then click OK.
  • To delete the IP address, select the item to be deleted, then click .

Zone Out Filter: A list of IP addresses or networks that are authorized to perform zone transfer from the DNS server.

  • To add the address match list element, click , then specify the IP address and the mask length. The network number is optional.
  • If you want to add a generic option, select the Predefined match list, select from the available options in the drop-down list, then click OK.
  • To delete the address match list element, select the item to be deleted, then click .

Also Notify: A list of IP addresses of name servers that receive Notify messages, when a fresh copy of the zone is loaded.

  • To add the IP address, Click , specify the IP address, then click OK.
  • To delete the IP address, select the IP address you want to delete, then click .

Blacklist Server: Specifies a list of IP addresses of servers that are not approved. The DNS server does not answer queries from or forward queries to the servers listed.

  • To add the IP address, click , specify the IP address, then click OK.
  • To delete the IP address, select the IP address you want to delete, then click .

Maximum Cache Size: The maximum amount of memory in kilobytes that the server can use as cache.

Maximum Recursion Lookups: The maximum number of simultaneous recursive lookups the server performs on behalf of the clients.

Current Set of Additional Options: The additional global server and zone options. To view the options, click Modify to open the View/Modify Server window.

  • To add an available additional option, select the option and click Add.
  • To add all available additional options, click Add All.
  • To remove an available additional option, select the option and click Remove.
  • To remove all available additional options, click Remove All.
  • To delete all option names in the list, click the top-level check box, then click Delete
  • To remove one or more option names, click the check box next to the option, then click Delete.

Check Names: Restrictions on the character set and syntax of certain domain names in the master zone and the DNS response received from the network.For masters, slave zones, and network responses, the default is to ignore them. This parameter applies to the owner names of A, AAA, and MX records. It also applies to domain names in the RDATA of NS, SOA, and MX records, and to the RDATA of PTR records where the owner name indicates that it is a reverse lookup of a hostname.

Deleting a DNS Server

  1. Click DNS > DNS Server Management to open the DNS Server Management window in the main panel.

  2. From the drop-down menu, select Delete Server and click OK to open the Delete DNS Server window.

    • To remove all DNS servers in the list, click the top-level check box and click Delete.

      or

    • To remove one or more DNS servers, click the check box next to it and click Delete.

Loading or Unloading a DNS Server

  1. In iManager, click DNS > DNS Server Management to open the DNS Server Management window in the main panel.

  2. From the drop-down menu, select Load/Unload Server and click OK to open the Load/Unload DNS server window.

  3. Select the DNS server and specify the port number on which the DNS server is configured.

    This port is required to check whether the DNS server is running or not. By default, port 53 is used if no other port number is specified.

  4. Click OK.

  5. Depending on the state and the version of the DNS server, one of the following happens:

    • If novell-named is not loaded on the machine, you are prompted to load novell-named.

    • If novell-named is already loaded on the machine, you are prompted to unload it. To unload novell-named, click Unload.

    Currently, it is not possible to load novell-named using command line options from DNS iManager on Linux.

  6. Click OK to complete the task.

Moving a DNS Server

This task enables you to move DNS Services from one NCP server to another NCP server. You can also convert a DNS server into a cluster-enabled DNS server by moving it to a virtual NCP server.

  1. In iManager, click DNS > DNS Server Management to open the DNS Server Management window in the main panel.

  2. From the drop-down menu, select Move DNS Server and click OK to open the Move DNS Server window.

  3. Select the DNS server name from the drop-down list.Only OES 2 Linux servers are displayed in this list.

  4. Specify the name of the NCP Server that the DNS Services will be moved to, or use the Object Selector icon to browse and select it.

  5. Click Move.

13.1.3 Zone Management

The DNS Zone object is an eDirectory container object that is made up of Resource Record Set (RRSet) objects and resource records.

Creating a Zone

Creating a Primary Zone

  1. In iManager, click DNS > Zone Management to open the Zone Management window in the main panel.

  2. From the drop-down menu, select Create Zone and click OK to open the Create DNS Zone window.

  3. Select Create New Zone.

  4. Specify the eDirectory context for the zone or browse to select it.

  5. Specify a name for the zone.

  6. Select Primary (default) as the Zone Type.

  7. Select a DNS server from the Assigned Authoritative DNS Server drop-down menu.

    or

    Specify a unique hostname in the Name Server Host Name box and select a domain by clicking the Add button, then click OK.

  8. Click Create.

    A message indicates that the new primary zone has been created.

Creating a Forward Zone

  1. In iManager, click DNS > Zone Management to open the Zone Management window in the main panel.

  2. From the drop-down menu, select Create Zone, then click OK to open the Create DNS Zone window.

  3. Select Create New Zone.

  4. Specify the eDirectory context for the zone or browse to select it.

  5. Specify a name for the zone.

  6. Select Forward as the Zone Type.

  7. Select a DNS server from the Assigned Authoritative DNS Server drop-down menu. This parameter is optional.

    or

    Specify a unique hostname in the Name Server Host Name box and select a domain by clicking the Add button, then click OK.

  8. Click Create.

    A message indicates that the new forward zone has been created.

Creating a Secondary Zone

  1. In iManager, click DNS > Zone Management to open the Zone Management window in the main panel.

  2. From the drop-down menu, select Create Zone, then click OK to open the Create DNS Zone window.

  3. Select Create New Zone.

  4. Specify the eDirectory context for the zone or browse to select it.

  5. Specify a name for the zone.

  6. Select Secondary as the Zone Type.

  7. Specify the IP address of the DNS server that will provide zone out transfers for this secondary zone.

  8. Select a DNS server from the Assigned Authoritative DNS Server drop-down menu. This parameter is optional.

    or

    Specify a unique hostname in the Name Server Host Name box and select a domain by clicking the Add button, then click OK.

  9. Click Create.

    A message indicates that the new secondary zone has been created.

Creating a Primary IN-ADDR.ARPA Zone

  1. In iManager, click DNS > Zone Management to open the Zone Management window in the main panel.

  2. From the drop-down menu, select Create Zone and click OK to open the Create DNS Zone window.

  3. Select Create IN-ADDR.ARPA.

  4. Specify the eDirectory context for the zone or browse to select it.

  5. Specify the network address of the zone in the Network Address field.

    For example, specify 143.72.155 for 155.72.143.IN-ADDR.ARPA.

    The IN-ADDR.ARPA zone name is displayed in the Zone Domain Name field.

  6. Select the Zone Type as Primary (default).

  7. Select a DNS server from the Assigned Authoritative DNS Server drop-down menu. This parameter is optional.

    or

    Specify a unique hostname in the Name Server Host Name box and select a domain by clicking the Add button, then click OK.

  8. Click Create.

    A message indicates that the new Primary IN-AD DR.ARPA Zone object has been created.

Creating a Forward IN-ADDR.ARPA Zone

  1. In iManager, click DNS > Zone Management to open the Zone Management window in the main panel.

  2. From the drop-down menu, select Create Zone, then click OK to open the Create DNS Zone window.

  3. Select Create IN-ADDR.ARPA.

  4. Specify the eDirectory context for the zone or browse to select it.

  5. Specify the network address in the Network Address field.

    The IN-ADDR.ARPA zone name is displayed in the Zone Domain Name field.

  6. Select the Zone Type, then select Forward.

  7. Select a DNS server from the Assigned Authoritative DNS Server drop-down menu. This parameter is optional.

    or

    Specify a unique hostname in the Name Server Host Name box and select a domain by clicking the Add button, then click OK.

  8. Click Create.

    A message indicates that the new Forward IN-ADDR.ARPA Zone object has been created.

Creating a Secondary IN-ADDR.ARPA Zone

  1. In iManager, click DNS > Zone Management to open the Zone Management window in the main panel.

  2. From the drop-down menu, select Create Zone, then click OK to open the Create DNS Zone window.

  3. Select Create IN-ADDR.ARPA.

  4. Specify the eDirectory context for the zone or browse to select it.

  5. Specify the network address in the Network Address field.

    The IN-ADDR.ARPA zone name is displayed in the Zone Domain Name field.

  6. Under the Zone Type, select Secondary.

  7. Select a DNS server from the Assigned Authoritative DNS Server drop-down menu.

    or

    Specify a unique hostname in the Name Server Host Name box and, optionally, specify a domain name or select it from the Domain drop-down menu.

  8. Specify the IP address of the DNS server that will provide zone-out transfers for this secondary zone.

  9. Click Create.

    A message indicates that the new Secondary IN-ADDR.ARPA Zone object has been created.

Viewing or Modifying a Zone Object

After you have created a Zone object, you can modify it and provide more detailed configuration information.

  1. In iManager, click DNS > Zone Management to open the Zone Management window in the main panel.

  2. From the drop-down menu, select View/Modify Zone and click OK to open the View/Modify Zone window.

  3. Select the DNS Zone object from the drop-down menu.

  4. Click OK.

  5. Modify the following DNS Zone configuration parameters.

  • Zone Type: Specifies whether the zone is a primary or secondary zone.

    To configure a server as a passive primary for a zone, specify the server name in the Authoritative DNS servers field of that zone. Make sure this server name is not in the Designated Primary DNS Server field.

    To configure a server as designated primary DNS server, specify the server name in the Authoritative DNS servers field of that zone and select that server name from the Designated Primary DNS Server field.

    To configure a server as a passive secondary for a zone, specify the server name in the Authoritative DNS servers field of that zone. Make sure this server name is not in the Designated Secondary DNS Server field.

    To configure a server as designated secondary server, specify the server name in the Authoritative DNS servers field and select that server name in the Designated Secondary DNS Server field.

    NOTE:It is not possible to change the zone type from primary/secondary to forward and vice versa.

  • Zone Master IP Address: If the zone type is secondary, specify the IP address of the master server for this zone.

  • Available DNS Servers: Lists the available DNS Servers that are not assigned to this zone.

  • Authoritative DNS Servers: Lists all authoritative servers for this zone.

    • Click Add All to assign all available DNS servers to a zone.

    • Click Remove All to remove all authoritative DNS servers from a zone.

  • Designated DNS Server: The DNS server selected in this field will act as a designated primary or designated secondary server depending on whether the zone type is primary or secondary.

  • Comments: You can provide information about the zone in this field. This parameter is optional.

  • Forward List: Specifies a list of DNS servers to which unresolved queries are sent.

  • Forwarder: Controls the behavior of queries for which the server is not authoritative and the answers do not exist in the cache. Values can be either First or Only. The default is First. If you specify the value as First, the server will query the forwarders list first and, if the answer is not found, the server will search for the answer. If you specify the value as Only, the server will query only the forwarders list.

  • Modify Zone Out Filter: Specifies a list of IP addresses or networks authorized to perform zone transfers for this zone from the DNS server managing it.

  • Zone Master: Specifies the domain name of the master DNS server.

  • E-mail Address: Specifies the e-mail address (with @ replaced by a dot) of the person responsible for this zone.

  • Serial Number: Use this field to set a version number for the Start of Authority.

  • Interval values: Select from the following values:

    • Refresh: Specifies the time interval before the secondary name server transfers a copy of the zone data to the primary name server. The default is 180 minutes.

    • Retry: Specifies the time that a secondary name server waits after a transfer has failed and before it tries to download the zone database again. The default is 60 minutes.

    • Expire: Specifies the time after which a secondary name server will be unable to download a zone database. The default is 168 hours.

    • Minimal TTL: Specifies the minimum TTL for a resource record. This parameter determines the period for which a DNS server retains an address mapping in the cache. The default is 24 hours.

  • Select the Define advanced properties check box, then click Next to modify the following values:

    • Query Filter: Specifies a list of IP addresses or networks that are authorized to query the DNS server for this zone. This list overrides the query filter specified at the server for this zone.

      To add the IP address:

      • Click Add

      • Specify the IP address and the mask length.

        The network number is optional.

      • If you want to add a generic option, check the Predefined match-list to select from the available options in the drop-down list.

      • Check the Key option and specify the DNS key from the drop-down list.

      • Click OK.

      To delete the IP address, select the item to be deleted, then click Delete.

    • Also Notify: Specifies a list of IP addresses of name servers that receive Notify messages, when a fresh copy of the zone is loaded.

      To add the IP address, Click Add, specify the IP address, then click OK.

      To delete the IP address, select the IP address you want to delete, then click Delete.

    • Allow Update: Specifies a list of IP addresses or network addresses that are authorized to send updates for this zone. If this option is not configured, the default value of none is used, where no host is authorized to send updates.

      To add the address match list element:

      • Click Add

      • Specify the IP address and the mask length.

        The network number is optional.

      • If you want to add a generic option, check the Predefined match-list to select from the available options in the drop-down list.

      • Select the TSIG key option from the drop-down list. If not specified, then the default value is none.

      • Click OK.

      To delete the address match list element, select the item to be deleted, then click Delete.

    • Update Policy: Specifies the policy to update the measure to implement security for a zone object. This is implemented by the default DNS server administering the zone. The update policy is a five-token string where each token has a definite function to perform. The syntax for update policy is: Permission Identity MatchType TName RR

      To add the update policy:

      • Click Add

      • Select the Permission from the drop-down list. The permission can either be a grant or a deny.

      • Specify the Identity that refers to the name of the key used to sign the update.

      • Specify the MatchType from the drop-down list.

        • name: Matches when the domain name being updated is the same as the name in the name field.

        • subdomain: Matches when the domain name being updated is a subdomain of (that is, ends in) the name in the name field. The domain name must still be in the zone.

        • wildcard: Matches when the domain name being updated matches the wildcard expression in the name field.

        • self: Matches when the domain name being updated is the same as the name in the identity field, not the name field that is when the domain name being updated is the same as the name of the key used to sign the update. If nametype is self, then the name field is ignored; however, you should include the name field when using a nametype of self.

      • TName: Specify the TName, which is the domain name appropriate to the MatchType specified.

      • (Optional): Specify the RR (Resource Record), which can contain any valid record type.

      NOTE:The Allow Update with keys option and the Update Policy options are supported for Linux DNS only.

  • Click Next to associate the DNS TSIG keys with the Zone.

    NOTE:In earlier versions, key association was a must before updating a policy. Now, it is not required for SAM because the keys are negotiated at run time. Because of this, no checking is done to validate the identity field for SAM-based updates.

    Available DNS TSIG Keys: Displays a list of DNS TSIG keys that are available in the eDirectory tree. These keys can be associated with the Zone.

    Associated DNS TSIG Keys: Displays a list of DNS TSIG Keys that are associated with the Zone.

    • To add the DNS TSIG Key, then select the key > click Add.

    • To remove the DNS TSIG key, then select the key > click Remove.

    • To add all the keys, click Add All.

    • To remove all the keys, click Remove All.

    NOTE:To add or remove multiple keys, use the Ctrl key to select the keys, then click Add or Remove.

  • Click Next to specify the current set of additional options. To modify the options, click Modify. Select the appropriate option from the Available Additional Option(s) list. The following are the additional options for the zone:

    • allow-notify: Specifies the list of hosts that are allowed to notify the slaves of zone changes in addition to the zone masters. You can configure this option only for a secondary zone.

      • To add the address list:

        1. Click Add.

        2. Specify the IP address and the mask length. The mask length is optional. OR Check Predefined match-list to select from the available options from the drop-down list. If you select None, the server will reject notifies sent by any other server.

        3. Click OK.

      • To delete the address list:

        1. Select the IP address to be deleted.

        2. Click Remove.

      Allow-notify specified at the server level is overridden by the settings of this zone.

    • max-journal-size: Sets a maximum size in bytes for the journal file. This should be configured only for a Linux zone.

      NOTE:All changes made to a zone by using dynamic update are written to the zone's journal file. The server periodically flushes the complete contents of the updated zone to its zone file. This happens approximately every 15 minutes. When a server is restarted after a shutdown, it replays the journal file to incorporate into the zone any updates that took place after the last zone file update.The dynamic reconfig interval setting is immaterial for a max-journal-size event triggering.

    • notify: Specifies if the notification of any zone data changes has to be sent to a slave server. You can select from the following options:

      • Yes: A notification is sent to all the name servers of the zone when the zone data changes.

      • Explicit: A notification is sent explicitly to the servers specified in the also-notify list when the zone data changes.

      • No: A notification is not sent.

      A notification specified at the server level is overridden by the settings of this zone.

    • notify-source: Specifies the local source address. You also have the option to specify the UDP port that is used to send notify messages. The local source address must appear in the masters list of the slave server or in the allow-notify list. The slave should also be configured to receive notify messages from this address. Notify-source specified at the server level is overridden by the settings of this zone.

    • transfer-source: Specifies the local addresses that are bound to the IPv4 TCP connections used by the zones that are transferred inbound by the server. It also specifies the source IPv4 address and, optionally, the UDP port. The UDP port is used to refresh queries and forward any dynamic updates.

      If you have not set a value, this option defaults to a system-controlled value usually the address of the interface closest to the remote end.

      Transfer-source specified at the server level is overridden by the settings of this zone.

    • zone-statistics: Specifies the statistical information that is dumped to the statistics-file for all zones in the server. Values can be either Yes or No. If you set the value to Yes, the server collects statistical data on all zones in the server. Zone-statistics specified at the server level is overridden by the settings of this zone.

    Click Done after the additional option(s) are selected.

  • Click Done to complete the modify process. A confirmation message displays that the modify process succeeded.

Associating a Zone to Specific DNS Servers

A DNS server can be configured to serve only the queries by specifying the role of a zone as passive, secondary, or passive secondary.

To associate the existing DNS zone to a specific DNS server and specify the role of the zone:

  1. In the iManager DNS role, select the Zone Management task.

  2. From the list of operations, select View Modify Zone.

  3. Select the zone you want to modify.

  4. Specify the Authoritative DNS server for this zone, which is the zone for the specific DNS server.

  5. Click Save.

Deleting a Zone Object

  1. In iManager, click DNS > Zone Management to open the Zone Management window in the main panel.

  2. From the drop-down menu, select Delete Zone and click OK to open the Delete DNS Zone window.

  3. Select the DNS zones that are to be deleted.

    To delete all the Zone objects in the list, click the top-level check box.

  4. Click Next.

  5. Select the zones whose sub-zones are to be deleted.

    To delete all the sub-zone objects in the list, click the top-level check box.

  6. Click Delete.

Importing a Zone Object

  1. In iManager, click DNS > Zone Management to open the Zone Management window in the main panel.

  2. From the drop-down menu, select Import Zone and click OK to open the Import DNS Zone window.

  3. Specify or browse the eDirectory context where the zone is to be created.

  4. Select a designated DNS server distinguished name.

    This server will subsequently manage the zone data.

  5. Select the Zone Type as Primary (default) or Secondary. If you select Secondary as the Zone type, specify the IP address of the zone.

  6. Specify or browse to select the DNS Bind File location.

  7. Click OK.

If the import operation encounters any problems, you can view the error details by downloading the log file. Also, if any of the resource records are ignored because of this problem, you can create them again by using the task in Creating Resource Records.

Exporting a Zone Object

  1. In iManager, click DNS > Zone Management to open the Zone Management window in the main panel.

  2. From the drop-down menu, select Export Zone and click OK to open the Export DNS Zone window.

  3. From the drop-down menu, select the DNS Zone to which the file will be exported.

  4. Click OK.

  5. Click the Click here to download link to open the File Download dialog box.

  6. Select Save to disk, then click OK.

  7. Specify the name of the file or browse to select it, then click Save.

  8. Click Done.

13.1.4 Resource Record Management

An RRSet object represents an individual domain name within a DNS zone. Each RRSet object has one or more resource records beneath it that contain additional information about the domain.

The most common resource records are Address (A) records, which map a domain name to an IP address, and Pointer (PTR) records, which map an IP address to a domain name within an IN-ADDR.ARPA zone.

Creation, Modification, or Updating the resource records is not supported for a Forward Zone.

NOTE:After creating, modifying, or updating the resource records, the data needs to be refreshed by clicking the Tree Refresh button. Without refreshing, the SOA for zone is not updated and the server continues to use old data.

The Resource Record Management role consists of the following tasks:

Creating Resource Records

A resource record is a piece of information about a domain name. Each resource record contains information about a particular piece of data within the domain.

To create a new resource record:

  1. In iManager, click DNS > Resource Record Management to open the Resource Record Management window in the main panel.

  2. From the drop-down menu, select Create Resource Record and click OK to open the Create Resource Record window.

  3. From the drop-down menu, select the domain name where the resource record is to be created, then click Create.

    Resource records cannot be created in a secondary zone.

  4. Specify the owner name under which you want to create the resource record or click the Object Selector icon to search for an existing owner name.

    If the owner name is not specified, the resource record is created under @.

  5. Select the RR Type.

    • A: Maps a domain name to an IP address. If you select this option, you must specify the 32-bit IPv4 address that will map to the associated domainA.

    • CNAME: Specifies the canonical or primary name for the owner. Because the owner name is an alias, you must specify the domain name of the aliased host if you select this option.

    • Others: From the Others drop-down menu, select the resource record type (RR Type) and specify the appropriate resource record data corresponding to the type chosen.

  6. Click Create.

  7. Click OK after the resource record is created.

  8. Click Done to automatically increment the serial number and complete the task.

For more information on resource record types, see Section A.2, Types of Resource Records.

Viewing or Modifying Resource Records

  1. In iManager, click DNS > Resource Record Management to open the Resource Record Management window in the main panel.

  2. Select View/Modify Resource Record from the drop-down menu and click OK to open the Modify RRSet - Resource Record window.

  3. From the Select Domain drop-down menu, select the domain that contains the host or RRSet.

    Resource records cannot be created in a secondary zone.

  4. Specify or search to select the values for the: Host Name, Resource Record, and Resource Record Type fields.

    To use the search feature to select these values:

    • Click the Object Selector icon to open the Object Selector window.

    • Select the Resource Record type from the drop-down menu, select the number of search results to be displayed per page, click Search, then click the hostname.

      This automatically fills in the Host Name, > Resource Record, and Resource Record Type fields.

  5. Click Modify to modify the resource record data.

  6. Modify the resource record data for all but the following types of resource records:

    • A (or IPv4)AAAA (or IPv6)A6

    • PTR

  7. Specify new comments or modify existing comments for the resource record data.

  8. Click Done to save the changes.

Deleting Resource Records

You can delete one, more than one, or all resource records and RRSets, using the multi-select deletion feature in iManager.

  1. In iManager, click DNS > Resource Record Management to open the Resource Record Management window in the main panel.

  2. From the drop-down menu, select Delete Resource Record and click OK to open the Delete RRSet - Resource Record window.

  3. From the Select Domain drop-down menu, select the domain that contains the host or RRSet.

  4. Delete one or more RRSets:

    1. To search for RRSets by owner name, specify the name of the RRSet owner.

    2. Select the RRSet option from the Search Type drop-down menu.

    3. Click Search to list the available RRSets that match the specified owner name.

    4. To delete all RRSets listed, click the top-level check box and click Delete. To delete one or more RRSets, click the corresponding check boxes and click Delete.

  5. Delete one or more resource records:

    1. To search for a resource record by owner name, specify the name of the Resource Record owner.

    2. Select Resource record from the Search Type drop-down menu.

    3. Select the resource record type from the RR Type drop-down menu.

    4. Click Search to list the available resource records that match the specified owner name.To delete all resource records listed, click the top-level check box and click Delete. To delete one or more resource records, click the corresponding check boxes and click Delete.

NOTE:When the A and PTR type resource records are deleted, the corresponding PTR and A resource records also deleted.

13.1.5 DNS Key Management

The DNS Key Management role consists of tasks that allow you to create, modify, and delete DNS Key objects.A DNS Key provides a means of authentication for dynamic DNS updates and for queries to a secured DNS Server. A DNS Key uses shared secret keys as a cryptographically secure means of authenticating a DNS update or query. Only HMAC-MD5 algorithm is supported for DNS Key management. HMAC-MD5 keys must be between 1 and 512 bits. For more information, see the dnssec-keygen manpage.

NOTE:The DNS key option is supported for Linux DNS only.

Unsupported dnssec-keygen features

  • -a: RSA, RSAMD5, DH, DSA, RSASHA1 are not supported by novell-named.

  • -n: ZONE nametype.

  • -f: setting the flag in DNSKEY record.

  • -p: protocol support is not affirmed as it is used in conjunction with DNSKEY for DNSSEC.

Example: 
dnssec-keygen -v 
Usage: 
dnssec-keygen -a HMAC-MD5 -b 218 -n HOST mykey 
Version: 9.3.4 
Required options: 
-a algorithm: RSA | RSAMD5 | DH | DSA | RSASHA1 | HMAC-MD5 
-b key size, in bits: 
RSAMD5: [512..4096] 
RSASHA1: [512..4096] 
DH: [128..4096] 
DSA: [512..1024] and divisible by 64 
HMAC-MD5: [1..512] 
-n nametype: ZONE | HOST | ENTITY | USER | OTHER 
name: owner of the key

The following sections provides information on DNS Key management:

Creating a DNS Key

  1. In iManager, click DNS > DNS Key to open the DNS Key Management window in the main panel.

  2. From the drop-down menu, select Create DNS Key and click OK to open the Create DNS Key window.

  3. Specify a name to identify the DNS key in the DNS Key Name field.

  4. Specify the name of the Algorithm. The HMAC-MD5 algorithm is the only supported algorithm for a DNS key.

  5. Specify the secret key used by the DNS server to encrypt/decrypt the hashed data. Secret-456errt4545= is the secret key generated by dnssec-keygen.

    The secret key provided must be Base64 encoded, else the DNS server fails to start.

  6. Specify or browse to select the NDS context.

  7. Click Create. The DNS key is now created.

    Example: DNS KeyName-Key1,Alorithm-HMAC-MD5,Key Secret-456errt4545=

Viewing or Modifying a DNS Key

  1. In iManager, click DNS > DNS Key to open the DNS Key Management window in the main panel.

  2. From the drop-down menu, select View/Modify DNS Key and click OK to open the View/Modify DNS Key window.

  3. From the drop-down menu, select the DNS Key that you want to view/modify, then click OK to open the Modify DNS Key window.

  4. Modify the attributes such as Secret Key, and the associated comments, then click OK.

Deleting a DNS Key

  1. In iManager, click DNS > DNS Key to open the DNS Key Management window in the main panel.

  2. From the drop-down menu, select Delete DNS Key and click OK to open the Delete DNS Key window.

  3. Select the DNS key that is to be deleted. Click Delete. The DNS key is now deleted.

    To delete multiple DNS keys, click the top-level folder. Click Delete.

NOTE:Deleting DNS key objects, deletes the references to key objects (if any) in Zone and DNS server objects.