Cisco CNS Network Registrar Users's Guide Web Interface, 6.0
Zone Administration
Downloads: This chapterpdf (PDF - 519.0KB) The complete bookPDF (PDF - 2.69MB) | Feedback

Zone Administration

Table Of Contents

Zone Administration

Zone Administrator Role

Role Functions

Primary Zone Functions

Secondary Zone Functions

Zone Distribution Functions

Role Limitations

Managing Zones

Adding Zones

Adding Basic Zone Properties

Changing Attributes and Adding SOA and Name Server Records for the Zone

Editing a Zone

Editing SOA and NS Records for a Zone

Adding and Editing Zone Attributes

Creating a Zone Template from a Zone

Managing Reverse Zones

Deleting a Zone

Managing Resource Records for the Zone

Managing Static Resource Records

Listing and Adding Static Resource Records

Editing Specific Static Resource Records

Adding and Deleting Static Records in a Set

Managing Active Resource Records

Listing and Adding Active Resource Records

Editing Specific Active Resource Records

Adding and Deleting Dynamic Records in a Set

Managing Secondary Zones

Listing Secondary Zones

Adding and Editing Secondary Zones

Creating and Applying Zone Templates

Listing Zone Templates

Adding a Zone Template

Editing a Zone Template

Managing Zone Owners

Listing and Adding Zone Owners

Editing a Zone Owner

Managing Zone Distributions

Listing Zone Distributions

Managing the Secondary Servers

Editing Zone Distributions

Managing the DNS Server

Managing the Server Status

Editing DNS Server Attributes


Zone Administration


Zone administration goes hand in hand with host administration. A zone administrator is responsible for one or more DNS zones, and usually delegates the individual hosts for that zone to the host administrator (described in "Host Administration"). The zone administrator must know the details of the zone, including its start of authority and nameserver records, and all its other DNS resource records.

Table 4-1 lists the topics explained in this chapter.

Table 4-1 Host Administration Topics

If you want to learn about...
See...

Zone administrator responsibilities

"Zone Administrator Role" section

Administering zones

"Managing Zones" section

Managing zone resource records

"Managing Resource Records for the Zone" section

Managing secondary zones

"Managing Secondary Zones" section

Creating and applying a zone template

"Creating and Applying Zone Templates" section

Creating owners for the zone

"Managing Zone Owners" section

Edit a zone distribution

"Managing Zone Distributions" section

Edit DNS server attributes

"Managing the DNS Server" section


Zone Administrator Role

The zone administrator role is a user who is more familiar with DNS than a host administrator. A zone administrator should be comfortable editing zone resource records, creating and configuring zones and subzones, and configuring primary and secondary (master and slave) DNS servers for these zones. Generally, the zone administrator needs to perform all DNS zone creation and management functions possible with Network Registrar.

Zone administrators also appreciate help in minimizing the configuration information that they need to provide. These zone administrator aids are available in Network Registrar:

Defining a single zone distribution map of primary and secondary (master and slave) DNS servers for multiple zones—This automates the process of updating the individual DNS servers when adding a zone. Any zone added would create a primary zone, add its resource records to the primary DNS server, and create secondary zones on the secondary DNS servers.

Managing templates for zone configuration—It is likely that the Start of Authority (SOA) data (nameserver, responsible person, and TTL values) and Name Server (NS) record list will be consistent across all zones managed by a single organization. By providing the ability to define zone templates with common configuration data, the zone administrator needs only to adjust any exceptions for the zone itself.

Providing validation of the resource record values in a zone.

Automatically updating the appropriate reverse (in-addr.arpa) zones with Pointer (PTR) records for all of the Address (A) records in the forward zone.

Role Functions

The zone administrator functions are divided into primary forward and reverse zone, secondary zone, zone distribution, and server maintenance tasks, as explained in the following sections.

Primary Zone Functions

The administrator for a primary zone can perform these functions:

View the list of zones

Create a primary forward and reverse zone

Add a subzone to an existing primary zone

Configure a primary zone

Edit resource records in a zone

Delete a primary zone

Associate a zone with a zone distribution map

Associate a zone with a zone template

Associate a zone with an owner, explicitly at or after creation

Stop, start, and reload the DNS server.

Secondary Zone Functions

The operations on secondary zone objects are mainly needed when Network Registrar does not manage the primary DNS server for a zone, such as with a BIND server or when the primary is in a different administrative domain. The zone administrator can:

Create a new secondary zone

Configure a secondary zone

Delete a secondary zone

View resource records in a secondary zone

Zone Distribution Functions

The zone administrator can perform these zone distribution tasks:

Assign a zone to a zone distribution map or directly to secondary servers

Edit a zone distribution by adding or deleting secondary servers

Role Limitations

The zone administrator role can be constrained to allow administration of a certain list of zones, either specifically listed or more generally described as those with a given owner.

Managing Zones

Administering zones includes listing, adding, editing, and deleting zone data.

Adding Zones

Adding a zone involves creating a domain name. You can also define an owner and use a zone template. If you do not use a template, you must also define the Start of Authority (SOA) and Name Server (NS) properties for the zone.

How to Get There

On the Primary Navigation bar, click the Zone tab. On the Secondary Navigation bar, click the Zones tab. This opens the List/Add Zones page (see Figure 2-6).

Data to Enter

From the List/Add Zones page, the zone administrator can:

List the zones—Zones are listed in the order they are created.

Refresh the zone list—Click the Refresh icon () next to the Name column heading.

Add a zone—Enter values in the fields provided and click Add Zone. See the "Adding Basic Zone Properties" section.

Edit a zone—Click the name of the zone. See the "Editing a Zone" section.

Delete a zone—Click the Delete icon () next to the zone name. See the "Deleting a Zone" section.

View, add, or edit resource records for a zone—Click the View icon () in the Configuration RRs or Active Server RRs column next to the zone name. See the "Managing Resource Records for the Zone" section.

Adding Basic Zone Properties

The first step in creating a zone is to define its domain name, owner, and whether to apply a zone template. Do this on the List/Add Zones page (see Figure 2-6), or, in the case of reverse zones, on the List/Add Reverse Zones page (see Figure 4-2).

Data to Enter

You must enter or select the fields described in Table 4-2 to create a zone. The Name property, marked with an asterisk (*), is required.

Table 4-2 Entries on the Add Zone Page 

Entry
Description

Name*

Name of the zone. Enter the zone name as a fully qualified domain name, such as example.com. (including the trailing dot). The name must be unique. Required.

Owner

Predefined tag name of the administrative owner of the zone. Select from the drop-down list. Add these owner tags on the Owners page, described in the "Managing Zone Owners" section. Optional.

Template

Predefined zone template for the zone. Select from the drop-down list. Create zone templates on the List Zone Templates page, described in the "Creating and Applying Zone Templates" section. You can also create a zone template from a zone on the Edit Zone page (see "Editing a Zone" section). Optional.

Tip If you select a zone template, you do not need to add Start of Authority (SOA) or Name Server (NS) records for it, because they are already defined in the template.

Actions to Take

After entering these values, click Add Zone to add the entry, or Cancel to cancel the entry. These actions occur depending on whether you specify a template when creating the zone:

If you specify a template, you return to the List/Add Zones page.

If you omit a template for the zone, this opens the Add Zone page. See the "Changing Attributes and Adding SOA and Name Server Records for the Zone" section.

Changing Attributes and Adding SOA and Name Server Records for the Zone

If you decided not to use a template for the zone, or you want to override the template, you may want to change the zone name, reselect an owner, or add the zone to a distribution. Creating a zone also involves defining the Start of Authority (SOA) record and the primary nameserver for the zone.

How to Get There


Step 1 On the Primary Navigation bar, click the Zone tab.

Step 2 On the Secondary Navigation bar, click the Zones tab. This opens the List/Add Zones page (see Figure 2-6).

Step 3 Enter a zone name without specifying a zone template. (If you specify a template, you return to the List/Add Zones page.)

Step 4 Click Add Zone. This opens the Add Zone page (see Figure 2-5).


Data to Enter

Enter the SOA and nameserver properties for the zone, as described in Table 4-3. The required properties are marked with an asterisk (*).

Table 4-3 Entries for Zone Creation 

Entry
Description

Name*

Change the name of the zone.

Owner

Reselect the owner of the zone from the drop-down list. Add these owner tags on the Owners page, described in the "Managing Zone Owners" section.

Distribution

Select a zone distribution to which to add this zone, as described in the "Managing Zone Distributions" section. The common distribution is the Default distribution.

Default TTL

The default or fallback time-to-live of the zone data, if no other TTLs are defined, defaulted to 86400s (2d).

SOA Attributes

Serial Number*

Suggested serial number of the zone's SOA record, which is incremented with each record change. In most cases, this value is 1.

DNS Server Value

Actual serial number the DNS server maintains. You cannot modify this value. To refresh this number, click the Refresh icon () next to the field.

SOA TTL

TTL of the SOA record itself. If not specified, defaults to the Default TTL of the zone.

Nameserver*

DNS nameserver for the zone. You can enter it fully qualified or you can enter just the hostname, which makes it relative to the zone.

Contact E-Mail*

E-mail address of the hostmaster for the zone. Enter it in the hostmaster.example.com. format, or just the hostmaster name, which makes it relative to the zone.

Secondary Refresh

Interval at which a secondary server should try a zone transfer, defaulted to 3h.

Secondary Retry

Interval at which a secondary server should retry a zone transfer if it encounters an error, defaulted to 60m.

Secondary Expire

Interval at which to expire the secondary server's zone records with the lack of zone transfers, defaulted to 7d.

Negative TTL

Time-to-live to use for negative responses.

Nameservers
 

NS TTL

Default time-to-live of the nameserver, defaulted to 12h.

nameservers*

Add nameservers by entering each host or alias name and clicking Add Nameserver. To delete any resulting nameserver, click the Delete icon () next to its name. Required.

Attributes

(Help for each attribute is also available by clicking its name.)

Zone Transfer

restricted-set

With the restrict-xfer attribute enabled, the set of IP addresses that can request zone transfers. There is no default.

notify

Enables notifying other authoritative servers when this zone changes. The default is what is set for the server, which defaults to enabled.

notify-set

List of additional servers to notify when the zone changes. There is no default.

Dynamic DNS

dynamic

For a primary zone only, enables or disables RFC 2136 dynamic updates to the zone. The default is enabled.

update-acl

Adds or updates one or more access control list (ACL) elements to the zone. The server uses ACLs to control who can perform dynamic DNS updates. Set at the zone level, it overrides the server value. The default is unset, which implies that no one can update the zone.

Subzone Forwarding

subzone-forward

For zones with forwarders set, the normal Network Registrar behavior is to ignore delegation to subzone nameservers and forward queries to these forwarding servers instead. You would normally need to set a resolution exception to the subzone server. This might be impractical for large numbers of subzones. With this attribute set to no-forward, when the server receives a query for any of its subzones, it tries to find relevant subzone NS records, resolve their corresponding IP addresses, and delegate the query to those IP addresses. The default is normal.

Checkpoint

checkpoint-interval

Interval (in seconds) at which to checkpoint the zone (take the latest snapshot of the runtime database). The default is the server setting, which defaults to 3h.

checkpoint-min-
interval

Minimum interval (in seconds) between consecutive checkpoints. The default is the server setting.

Scavenging

scvg-enabled

For a primary zone only, enables or disables dynamic resource record scavenging (stale record cleanup) of the zone. The default is false.

scvg-interval

For a primary zone only, with the scvg-enabled attribute enabled, the interval, in seconds, at which the zone is scheduled for scavenging. The default is the server setting, which defaults to 1w.

scvg-refresh-
interval

For a primary zone only, with the scvg-enabled attribute enabled, the interval, in seconds, during which the zone can have a timestamp updated to prepare for scavenging. The default is the server setting, which defaults to 1w.

scvg-no-refresh-
interval

For a primary zone only, with the scvg-enabled attribute enabled, the interval, in seconds, during which actions such as dynamic or prerequisite-only updates do not advance the timestamp for scavenging. The default is the server setting, which defaults to 1w.

scvg-ignore-
restart-interval

For a primary zone only, the interval, in seconds, for which a server restart does not recalculate a start scavenging time. The default is the server setting, which defaults to 2h.

scvg-max-records

Maximum number of records the DNS server will scavenge from one zone during a scavenging interval when scavenging is enabled. There is no default.

scvg-max-records-
searched

Maximum number of records to search at one time for a candidate to be scavenged. There is no default.

scvg-pause-interval

Time (in seconds) that scavenging waits after scavenging a set of records, before going on to the next set. There is no default.


Actions to Take

After entering these values, click Add Zone to add the entry, or Cancel to cancel the entry. The created zone appears on the List/Add Zones page. Note that you cannot apply a zone template on this page; you must edit the zone to apply the template.

Editing a Zone

You can edit the zone to add SOA or NS records, or add zone attributes.

Editing SOA and NS Records for a Zone

If a zone does not include SOA or NS records, you can edit the zone to add or modify them.

How to Get There


Step 1 On the Primary Navigation bar, click the Zone tab.

Step 2 On the Secondary Navigation bar, click the Zones tab. This opens the List/Add Zones page.

Step 3 Click the zone name. This opens the Edit Zone page, which includes the same fields as the Add Zone page (see Figure 2-5), the top of which shows the general, SOA, and NS attributes.


Data to Enter

Modify the SOA and NS attributes for the zone, as described in Table 4-3.

Actions to Take

If you are not adding zone attributes:

To unset any of the fields, check the box in the Unset? column for the field, then click Unset Fields.

Click Modify Zone, or to void your changes, click Cancel.

To save the modified zone as a template, click Modify Zone and Save Template.

Adding and Editing Zone Attributes

You can also add zone attributes that control such things as checkpoint intervals, resource record scavenging, and whether to allow dynamic updates or NOTIFY.

How to Get There


Step 1 On the Primary Navigation bar, click the Zone tab.

Step 2 On the Secondary Navigation bar, click the Zones tab. This opens the List/Add Zones page.

Step 3 Click the zone name. This opens the Edit Zone page.

Step 4 Go to the area of the page with the Zone Transfer attributes. Expand each category as necessary.


Data to Enter

Click the name of the attribute to get contextual help, or see Table 4-3. Each attribute has a value, datatype, and default.

Actions to Take

To complete this page:

To unset any of the fields, check the box in the Unset? column for the field and click Unset Fields.

Click Modify Zone, or to void your changes, click Cancel.

To save the modified zone as a template, click Modify Zone and Save Template. See the "Creating a Zone Template from a Zone" section.

Creating a Zone Template from a Zone

You can save zone information as a template so that you can re-use it for other zones. You do this from the Edit Zone page. On this page, click Modify Zone and Save Template after you modify the zone information.

On the Save New Zone Template page (see Figure 4-1), give the template a name in the Value field, and click Save Zone Template, or Cancel to cancel saving it. You return to the List/Add Zones page.

Figure 4-1 Save New Zone Template Page

Managing Reverse Zones

For every subnet, you should have a corresponding reverse zone so that the DNS server can resolve a domain name based on its IP address. Adding reverse zones is similar to adding forward zones, except that the reverse zone name is the reverse of the subnet's network address prepended to the in-addr.arpa. zone. For example, the 192.168.50.0 subnet has a reverse zone of 50.168.192.in-addr.arpa.

Network Registrar automatically creates the 127.in-addr.arpa. zone for your local host. You should create reverse zones for all of your subnets.

How to Get There

On the Primary Navigation bar, click the Zone tab. On the Secondary Navigation bar, click the Reverse Zones tab. This opens the List/Add Reverse Zones page (see Figure 4-2).

Figure 4-2 List/Add Reverse Zones Page

Actions to Take

From the List/Add Reverse Zones page, the zone administrator can:

List the zones—Zone names appear in the order that they are created.

Refresh the zone list—Click the Refresh icon () next to the zone name.

Add a zone—Enter values in the fields provided and click Add Zone. See the "Adding Basic Zone Properties" section.

Edit a zone—Click the name of the zone. See the "Editing a Zone" section.

Delete a zone—Click the Delete icon () next to the zone name. See the "Deleting a Zone" section.

View, add, or edit resource records for a zone—Click the View icon () in the Configuration RRs or Active Server RRs column next to the zone name. See the "Managing Resource Records for the Zone" section.

Deleting a Zone

It might become necessary to delete a zone if it is no longer to be managed.

How to Get There

On the Primary Navigation bar, click the Zone tab. On the Secondary Navigation bar, click the Zones tab. This opens the List/Add Zones page (see Figure 2-6).

Actions to Take

To delete the entry, click the Delete icon () next to its name. A confirmation page appears where you can click Delete to continue with the deletion, or Cancel to cancel it.

Managing Resource Records for the Zone

There are two kinds of resource records you can view and manage in the Web UI:

Static resource records added to the Web UI, but not yet added to the DNS server

Static and dynamic resource records added to the DNS server after a reload

Managing Static Resource Records

Static resource records define zone records that do not change dynamically. These are records you add in the Web UI, but are not yet propagated to the server.

Listing and Adding Static Resource Records

You can list and add any static resource records for a zone.

How to Get There


Step 1 On the Primary Navigation bar, click the Zone tab.

Step 2 On the Secondary Navigation bar, click the Zones tab. This opens the List/Add Zones page (see Figure 2-6).

Step 3 Click the View icon () in the Configuration RRs column of the zone name. This opens the List/Add Static Resource Records for Zone page (see Figure 4-3). (If the name and other fields are not visible at the top of the page, expand that area of the page by clicking the + sign next to the Name field.)

Figure 4-3 List/Add Static Resource Records for Zone Page


Tip Records are listed in BIND format, with only the first record in a set labeled with its name, and in DNSSEC order. To reduce or increase the items in the table, change the Page Size value at the bottom of the page, then click Change Page Size.



Data to Enter

Table 4-4 describes the fields and selections on the List/Add Static Resource Records for Zone page.

Table 4-4 Entries for Zone Resource Records 

Entry
Description

Name

Name of the static resource record. Must be unique and fully qualified, for example, the example.com. zone. Required.

State

Always static for static resource records.

TTL

Time-to-live of the resource record. -1 indicates to use the default TTL value defined by the defttl zone attribute. Optional, no default.

Type

Type of static resource record, currently Address (A), Name Server (NS), Host Information (HINFO), Integrated Services Digital Network (ISDN), Mailbox Information (MINFO), Responsible Person (RP), Canonical Name (CNAME), Mailbox Domain Name (MB), Mail Group Member (MG), Mail Rename (MR), Reverse Pointer (PTR), Text (TXT), Mail Exchanger (MX), Andrew File System Database (AFSDB), IPv6 (AAAA), Route Through (RT), Server (SRV), Well Known Services (WKS), IPv6 Address (A6), X.25 Address (X25), Network Service Access Point Address (NSAP), and Naming Authority Pointer (NAPTR). Each of these has a specific data format. Required.

Note Do not include quotes in TXT record data.

Data

Specific data required for each resource record type. For details on the data, see the Network Registrar User's Guide, Appendix A. Required.


Actions to Take

After entering these values, click Add Resource Record to add the entry to the table, or click Cancel to cancel the operation. To delete a resource record, select it in the table and click the Delete icon (), which opens a Confirm Delete page. To return to the zone list, click Return to Zone List.

Editing Specific Static Resource Records

You may need to edit existing static resource records for a zone.

How to Get There


Step 1 On the Primary Navigation bar, click the Zone tab.

Step 2 On the Secondary Navigation bar, click the Zones tab. This opens the List/Add Zones page (see Figure 2-6).

Step 3 Click the View icon () in the Configuration RRs column of the zone name. This opens the List/Add Static Resource Records for Zone page (see Figure 4-3).

Step 4 Click the Edit icon () next to the record you want to edit. This opens the Edit Resource Record in Zone page (see Figure 4-4).

Figure 4-4 Edit Resource Record in Zone Page


Data to Enter

The fields and selections on this page are described in Table 4-4.

Actions to Take

After editing these values, click Modify Resource Record, or click Cancel to cancel the operation. You return to the List/Add Static Resource Record for Zone page. To delete a resource record on this page, select it in the table and click the Delete icon (), which opens a Confirm Delete page.

Adding and Deleting Static Records in a Set

Each resource record can belong to a set identified by the name of the resource record. (Note that this name appears only once, next to the first record in the set.) For example, a record set can have multiple A or PTR records. You can add and delete records in this set.

How to Get There


Step 1 On the Primary Navigation bar, click the Zone tab.

Step 2 On the Secondary Navigation bar, click the Zones tab. This opens the List/Add Zones page (see Figure 2-6).

Step 3 Click the View icon () in the Configuration RRs column of the zone name. This opens the List/Add Static Resource Records for Zone page (see Figure 4-3).

Step 4 Click the name of the record set to which you want to add additional records. This opens the Edit Resource Record Set in Zone page (see Figure 4-5). (If the resource record name and other fields are not visible at the top of the page, expand the page by clicking the + sign next to the Name field.)


Note If you click the Edit icon (), this edits the specific record only, and not its entire set. See the "Editing Specific Static Resource Records" section.


Figure 4-5 Edit Resource Record Set in Zone Page

Step 5 Reload the DNS server from the Manage DNS Server page. See the "Managing the DNS Server" section.


Data to Enter

Table 4-4 describes the fields and selections on the Edit Resource Record Set in Zone page.

Actions to Take

After entering these values, you can add the record to the set and edit any records:

To add the resource record to the set, click Add Resource Record, or click Cancel to cancel the operation.

To edit a single record, click the Edit icon () next to its name. This opens the Edit Resource Record in Zone page described in the "Editing Specific Static Resource Records" section.

To delete any record, click the Delete icon () next to its name.

To delete all the records for the set, click Delete All.

Return to the full record list by clicking Return to Full Resource Record List.

Managing Active Resource Records

Active resource records are those maintained by the DNS server and can include static and dynamic zone records. You must reload the DNS server after creating the zone for these resource records.

Listing and Adding Active Resource Records

Each zone includes active resource records reflected by the server. These records include the SOA and NS records for the zone and any dynamic resource records based on dynamic DNS updates.

How to Get There


Step 1 On the Primary Navigation bar, click the Zone tab.

Step 2 On the Secondary Navigation bar, click the DNS Server tab. This opens the Manage DNS Server page.

Step 3 Click the Reload icon () next to the DNS server (see the "Managing the DNS Server" section).

Step 4 On the Secondary Navigation bar, click the Zones tab. This opens the List/Add Zones page.

Step 5 Click the View icon () in the Active Server RRs column of the zone name. This opens the List/Add DNS Server Resource Records for Zone page (see Figure 4-6).

Figure 4-6 List/Add DNS Server Resource Records for Zone Page


Tip Records are listed in BIND format, with only the first record in a set labeled with its name, and in DNSSEC order. To reduce or increase the items in the table, change the Page Size value at the bottom of the page, then click Change Page Size.



Data to Enter

The fields and selections on this page are described in Table 4-4.

Actions to Take

After entering these values, click Add Resource Record to add the entry to the table, or click Cancel to cancel the operation. To delete the a resource record, select it in the table and click the Delete icon (), which opens a Confirm Delete page. To return to the zone list, click Return to Zone List.

Editing Specific Active Resource Records

You may need to edit existing active resource records for a zone.

How to Get There


Step 1 On the Primary Navigation bar, click the Zone tab.

Step 2 On the Secondary Navigation bar, click the DNS Server tab. This opens the Manage DNS Server page.

Step 3 Click the Reload icon () next to the DNS server (see the "Managing the DNS Server" section).

Step 4 On the Secondary Navigation bar, click the Zones tab. This opens the List/Add Zones page (see Figure 2-6).

Step 5 Click the View icon () in the Active Server RRs column of the zone name. This opens the List/Add DNS Server Resource Records for Zone page (see Figure 4-3).

Step 6 Click the Edit icon () next to the record you want to edit. This opens the Edit Resource Record in Zone page (see Figure 4-4).


Data to Enter

Table 4-4 describes the fields and selections on the Edit Resource Record in Zone page.

Actions to Take

After editing these values, click Modify Resource Record, or click Cancel to cancel the operation. You return to the List/Add DNS Server Resource Record for Zone page. To delete a resource record on this page, select it in the table and click the Delete icon (), which opens a Confirm Delete page.

Adding and Deleting Dynamic Records in a Set

Each resource record can belong to a set identified by the name of the resource record. (Note that this name appears only once, next to the first record in the set.) For example, a record set can have multiple A and PTR records. You can add and delete these records.

How to Get There


Step 1 On the Primary Navigation bar, click the Zone tab.

Step 2 On the Secondary Navigation bar, click the DNS Server tab. This opens the Manage DNS Server page.

Step 3 Click the Reload icon () next to the DNS server (see the "Managing the DNS Server" section).

Step 4 On the Secondary Navigation bar, click the Zones tab. This opens the List/Add Zones page (see Figure 2-6).

Step 5 Click the View icon () in the Active Server RRs column of the zone name. This opens the List/Add DNS Server Resource Records for Zone page (see Figure 4-6).

Step 6 Click the name of the record set to which you want to add additional records. This opens the Edit Resource Record Set in Zone page (see Figure 4-5). (If the resource record name and other fields are not visible at the top of the page, expand the page by clicking the + sign next to the Name field.)


Note If you click the Edit icon (), this edits the specific record only, and not its entire set. See the "Editing Specific Active Resource Records" section.



Data to Enter

Table 4-4 describes the fields and selections on the Edit Resource Record Set in Zone page.

Actions to Take

After entering these values, you can add the record to the set and edit any records:

To add the resource record to the set, click Add Resource Record, or click Cancel to cancel the operation.

To edit a single record, click the Edit icon () next to its name. This opens the Edit Resource Record in Zone page described in the "Editing Specific Static Resource Records" section.

To delete any record, click the Delete icon () next to its name.

To delete all the records for the set, click Delete All.

To return to the full record list, click Return to Full Resource Record List.

Managing Secondary Zones

If the DNS server is acting as a secondary server for some zones, you might need to manually create one or more secondary zones.


Note If the authoritative server for your secondary zones is also running Network Registrar 6.0, see the "Managing Zone Distributions" section for how to avoid entering these zones manually.


Adding secondary zones is similar to adding forward zones except that the secondary zones must reference a master server. They also include additional attributes that relate to zone transfers from these primary zones. You can list, add, and edit secondary zones.

Listing Secondary Zones

The first step in creating secondary zones is to list the existing ones.

How to Get There

On the Primary Navigation bar, click the Zone tab. On the Secondary Navigation bar, click the Secondary Zones tab. This opens the List Secondary Zones page (Figure 4-7). (Note that the examples given in this section are based on a different zone than in the previous section. The example.com zone assumes that a zone distribution was set up for it. The chicago.example.com secondary zone described in this section is set up manually based on an external authoritative server.)

Figure 4-7 List Secondary Zones Page

Actions to Take

From this page, the zone administrator can perform these tasks:

Refresh the zone list—Click the Refresh icon ().

Add a secondary zone—Click Add Secondary Zone. See the "Adding and Editing Secondary Zones" section.

Edit a secondary zone—Click its name. See the "Adding and Editing Secondary Zones" section.

View, add, or edit server resource records for a zone—Click the View icon () in the Active Server RRs column next to the zone name. See the "Managing Resource Records for the Zone" section.

Delete a secondary zone—Click the Delete icon () next to the zone name. This opens a Confirm Delete page.

Adding and Editing Secondary Zones

Adding a secondary zone involves giving it zone attributes and then associating it with a master server. You cannot associate a zone template with a secondary zone.

How to Get There


Step 1 On the Primary Navigation bar, click the Zone tab.

Step 2 On the Secondary Navigation bar, click the Secondary Zones tab. This opens the List Secondary Zones page (see Figure 4-7).

Step 3 Add or edit the secondary zone:

To add a secondary zone, click Add Secondary Zone. This opens the Add Secondary Zone page (see Figure 4-8). The Name and auth-servers fields both require values.

Figure 4-8 Add Secondary Zone Page

To edit a secondary zone, click its name. This opens the Edit Secondary Zone page, which includes the same fields as the Add Secondary Zone page. The Name and auth-servers fields both require values.


Data to Enter

Click the name of the attribute to open contextual help for it, or see Table 4-5. The Name and auth-servers attributes, marked with an asterisk (*), are required to create the secondary zone.

Table 4-5 Entries for Secondary Zone Editing 

Entry
Description
Attribute

(Help for each attribute is also available by clicking its name.)

Name*

Name of the secondary zone. Enter the zone name as a fully qualified domain name, such as snake.example.com. (including the trailing dot). The name must be unique. Required.

auth-servers*

List of authoritative DNS servers from which to transfer DNS data for this secondary zone. Separate the server names with a comma. Required.

restrict-xfr

Enable or disable restricting to the specific set of hosts specified in the restricted-set attribute. The default is false.

restricted-set

List of host IP addresses that can request zone transfers, if you enable the restrict-xfr attribute. Separate addresses with a comma. There is no default.

IXFR and NOTIFY

ixfr

Enable or disable requesting incremental zone transfers for this secondary zone. This setting overrides the ixfr-enable attribute setting at the DNS server level. There is no default.

notify

Enables notifying other authoritative servers when this zone changes. There is no default.

notify-set

List of additional servers to notify when the zone changes. There is no default.

Checkpoint

checkpoint-interval

Interval (in seconds) at which to checkpoint the zone (take the latest snapshot of the runtime database). The default is 3h.

checkpoint-min-
interval

Minimum interval (in seconds) between consecutive checkpoints. There is no default.


Actions to Take

You can complete adding or editing the secondary zone, and then modify it or delete it:

To unset any of the fields, check the box in the Unset? column for the field, then click Unset Fields.

Click Modify Secondary Zone, or to void your changes, click Cancel. You return to the List Secondary Zones page. On this page, you can refresh the list, edit, and d delete the zones.

Creating and Applying Zone Templates

A zone template is a convenient way of creating a boilerplate for primary zones that share many of the same attributes. You can apply a zone template to any zone, and override the zone's attributes with those of the template.

Listing Zone Templates

When you create zone templates, first list the existing templates.

How to Get There

On the Primary Navigation bar, click the Zone tab. On the Secondary Navigation bar, click the Zone Templates tab. This opens the List Zone Templates page (see Figure 4-9).

Figure 4-9 List Zone Templates Page

Actions to Take

To create a zone template, click Add Zone Template. To delete a template, click the Delete icon () to the left of the template name.

Adding a Zone Template

Adding a zone template is like adding a zone, except that you save the template by a distinguishing name other than a domain name.

How to Get There


Step 1 On the Primary Navigation bar, click the Zone tab.

Step 2 On the Secondary Navigation bar, click the Zone Templates tab. This opens the List Zone Templates page (see Figure 4-9).

Step 3 Click Add Zone Template. This opens the Add Zone Template page, which includes the same fields as the Add Zone page (see Figure 2-5), except that the template field is missing (you cannot create a template from a template).


Actions to Take

The data to enter and functions to perform are the same as those described in Table 4-3. Give the zone template a distinguishing name, other than a domain name.

To add the zone template information, click Add Zone Template, or Cancel to cancel the operation.

Editing a Zone Template

After you create a zone template, you can also edit its attributes.

How to Get There


Step 1 On the Primary Navigation bar, click the Zone tab.

Step 2 On the Secondary Navigation bar, click the Zone Templates tab. This opens the List Zone Templates page (see Figure 4-9).

Step 3 Click the name of the template. This opens the Edit Zone Template page.


Actions to Take

Table 4-3 describes the fields to edit and functions to perform. The same defaults apply.

To unset any of the fields, check the box in the Unset? column for the field, and click the Unset Fields button. To save the zone template edits, click Modify Template, or Cancel to cancel the operation.

Managing Zone Owners

Creating zone owners creates a pick list of owners when you create a zone. Each zone can have an owner. An owner can also be a scope or subnet selection tag.

Listing and Adding Zone Owners

You can list and add zone owners on a single page. Creating a zone owner involves creating an owner tag name, full name, and a contact name.

How to Get There

On the Primary Navigation bar, click the Zone tab. On the Secondary Navigation bar, click the Owners tab. This opens the List/Add Owners page (see Figure 4-10).

Figure 4-10 List/Add Owners Page

Data to Enter

Table 4-6 describes the fields on this page. The fields marked with an asterisk (*) are required.

Table 4-6 Entries on the List/Add Owners Page 

Entry
Description

Tag*

Identifiable tag for the owner. You can use an abbreviated form of the full owner name, or a scope or subnet selection tag. Required.

Name*

Full name of the owner. You can use an ISP name or corporate entity. Required.

Contact

Name of the administrative contact for the zone owner. Optional.


Actions to Take

To add the zone owner information, fill in the fields, then click Add Owner. To delete an owner, click the Delete icon () next to the owner name.

Editing a Zone Owner

You may need to edit a zone's owner information.

How to Get There


Step 1 On the Primary Navigation bar, click the Zone tab.

Step 2 On the Secondary Navigation bar, click the Owners tab. This opens the List/Add Owners page (see Figure 4-10).

Step 3 Click the name of the owner to edit. This opens the Edit Owner page (see Figure 4-11).

Figure 4-11 Edit Owner Page


Data to Enter

Table 4-6 describes the fields on this page.

Actions to Take

To unset any field, check the Unset? box next to the field and click Unset Fields. To modify the zone owner information, click Modify Owner, or click Cancel to cancel the operation.

Managing Zone Distributions

Creating a zone distribution map simplifies creating multiple zones that share the same secondary server attributes. Like a template, the zone distribution map can have a unique name. The distribution map requires adding one or more predefined secondary servers. When you run a zone distribution synchronization, this adds secondary zones to the primary zone.

In Network Registrar 6.0, you can manage only the default distribution and you cannot define any others. The distribution must be in a star topology, that is, one authoritative server and multiple secondary servers. The authoritative server can only be the local primary DNS server where the zone distribution default is defined.

On the Edit Zone Distribution page, the Authoritative Server IP Address list must have the real IP address (or addresses) of the machine on which the primary server is running. You add the secondary servers' IP addresses on the List Secondary Server page. When you synchronize the primary and secondary servers, you should see secondary zones on the secondary servers that correspond to the primary zones on the primary server.

Listing Zone Distributions

You can list zone distributions before synchronizing or managing the servers, or running a report.

How to Get There

On the Primary Navigation bar, click the Zone tab. On the Secondary Navigation bar, click the Zone Distribution tab. This opens the List Zone Distribution page (see Figure 4-12).

Figure 4-12 List Zone Distributions Page

Actions to Take

Table 4-7 describes the columns or functions on this page.

Table 4-7 Columns on the List Zone Distributions Page 

Column
Description

Name

Name of the zone distribution. Default is the default distribution. Click the name to open the Edit Zone Distributions page (see the "Editing Zone Distributions" section).

DNS Primary Server

This value is always Local DNS Server.

Synchronize

You can run the synchronization program or a report:

Run—Click the Run icon () to synchronize the servers in the zone distribution. Note that if you delete the primary zone for the authoritative server, synchronizing deletes the secondary zone on the secondary server.

Report—Click the Report icon () to run a report on the synchronization.

Manage Servers

Click the View icon () to manage the DNS secondary servers in the zone distribution. This opens the List Secondary Servers page (see the "Managing the Secondary Servers" section).


Managing the Secondary Servers

You can manage the secondary servers in a zone distribution.

How to Get There


Step 1 On the Primary Navigation bar, click the Zone tab.

Step 2 On the Secondary Navigation bar, click the Zone Distribution tab. This opens the List Zone Distribution page (see Figure 4-12).

Step 3 Click the Manage icon () under the Manage Servers column for the zone distribution. This opens the List Secondary Servers page after a moment of retrieving the necessary information.


Actions to Take

Table 4-8 describes the functions on the List Secondary Servers page.


Note If you find a server error, investigate the server log file for a configuration error, correct the error, return to this page, then refresh the page.


Table 4-8 Columns on the List Secondary Servers Page 

Column
Description

Name

Tag name of the secondary server.

IP Address

IP address of the secondary server.

State

State of the server—initialized, running, or disabled. If the Web UI cannot determine the state, a question mark (?) appears.

Health

Relative health of the server, as a color indicator: () for optimal health, () for less than optimal health, and () for stopped. The numbers in parentheses range from 0 (stopped) to 10 (optimum health). If the Web UI cannot determine the server's health, a question mark (?) appears.

Statistics

Click the Report () icon to view statistics for the server. This opens the Statistics for Server page, which shows statistics relevant to the server. You can refresh the statistics using the Refresh icon (). To return to managing the server, click Return to Manage DNS Server on that page. Each statistic item is described in the help window when you click the item name.

View Log

Click the Logs () icon to view the log files for the server. This opens the Log for Server page, which lists the log items for the particular server ordered by date and time. You can step through the log using the arrow keys and change the number of items shown by clicking Change Page Size. You can display the log items in two different ways, a tabular format and in the log file format (which you can better use for cutting-and-pasting to a text file). Toggle between these two display modes using the Logs () icon on the Log for Server page. To return to managing the server, click Return to Manage DNS Server on that page.

Start/Stop/
Reload

Click the Start icon () to start or restart the server, click the Stop icon () to stop the server, or click the Refresh icon () to reload the server. If the function is unsuccessful, a red X appears in the column.


You can add a secondary server for the distribution on this page. Click Add Secondary Server to open the Add Secondary Server page (see Figure 4-13), or click Return to Zone Distribution List.

Figure 4-13 Add Secondary Server Page

Table 4-9 describes the fields on the Add Secondary Server page.

Table 4-9 Entries on the Add Secondary Server Page 

Entry
Description

Name

Tag name of the secondary server.

IP Address

IP address of the secondary server, in quad format.

Administrator Username

User name of the administrator for the secondary server.

Administrator Password

Password of the administrator for the secondary server.

SCP Port Number

CCM SCP port number to communicate with the target secondary server. Check the target system for this port number, which is set during Network Registrar installation. On Windows systems, the installation sets the CNR_CCM_PORT registry key. On Solaris and Linux systems, the installation sets the CNR_CCM_PORT variable in the install-dir/conf/aic.conf file. The default is 1234.


Editing Zone Distributions

You can edit (but not delete) the default zone distribution. You cannot add any other zone distribution.

How to Get There


Step 1 On the Primary Navigation bar, click the Zone tab.

Step 2 On the Secondary Navigation bar, click the Zone Distribution tab. This opens the List Zone Distribution page (see Figure 4-12).

Step 3 Click the name of the zone distribution. This opens the Edit Zone Distribution page (see Figure 4-14).

Figure 4-14 Edit Zone Distribution Page


Actions to Take

To edit the zone distribution, add IP addresses for the authoritative servers for the secondary zones and click Add IP Address for each one. The authoritative servers in this list are used to set the authoritative servers list (auth-servers) when configuring each secondary zone for the distribution.These addresses are always for the primary server on the local host and should be the real network addresses. Click Modify Zone Distribution to add the addresses, or Cancel to cancel. You will want to resynchronize the distribution on the List Zone Distributions page. This list of authoritative servers is copied to the secondary zone's auth-servers attribute (see Figure 4-8).

Note that if you change the Authoritative Server IP Addresses on the Edit Zone Distribution page after synchronizing the zones, you must change to the same addresses in the secondary zone's auth-server attribute before resynchronizing. This change does not happen automatically.

Managing the DNS Server

You can manage the DNS server, including viewing its health, statistics, and logs; starting, stopping, and reloading it; and editing the server attributes.

Managing the Server Status

You can view the server status and health, and stop, start, and reload the server.

How to Get There

On the Primary Navigation bar, click the Zone tab. On the Secondary Navigation bar, click the DNS Server tab. This opens the Manage DNS Server page (see Figure 4-15).


Note If you find a server error, investigate the server log file for a configuration error, correct the error, return to this page, and refresh the page.


Figure 4-15 Manage DNS Server Page

Actions to Take

Table 4-10 describes the columns and functions on this page. The page indicates when it was last refreshed. To move from it, click any other Navigation bar tab.

Table 4-10 Columns on the Manage DNS Server Page 

Column
Description

Name

Name of the DNS server. Click the name to edit the server attributes. See the "Editing DNS Server Attributes" section.

State

State of the server—initialized, running, or disabled. If the Web UI cannot determine the state, a question mark (?) appears.

Health

Relative health of the server, as a color indicator: () for optimal health, () for less than optimal health, and () for stopped. The numbers in parentheses range from 0 (stopped) to 10 (optimum health). If the Web UI cannot determine the server's health, a question mark (?) appears.

Statistics

Click the Report () icon to view statistics for the server. This opens the Statistics for Server page, which shows statistics relevant to the server. You can refresh the statistics using the Refresh icon (). To return to managing the server, click Return to Manage DNS Server on that page. Each statistic item is described in the help window when you click the item name.

View Log

Click the Logs () icon to view the log files for the server. This opens the Log for Server page, which lists the log items for the particular server ordered by date and time. You can step through the log using the arrow keys and change the number of items shown by clicking Change Page Size. You can display the log items in two different ways, a tabular format and in the log file format (which you can better use for cutting-and-pasting to a text file). Toggle between these two display modes using the Logs () icon on the Log for Server page. To return to managing the server, click Return to Manage DNS Server on that page.

Start/Stop/
Reload

Click the Start icon () to start or restart the server, click the Stop icon () to stop the server, or click the Refresh icon () to reload the server. If the function is unsuccessful, a red X appears in the column.


Editing DNS Server Attributes

You can edit DNS server attributes, unless you are in read-only mode.

How to Get There


Step 1 On the Primary Navigation bar, click the Zone tab.

Step 2 On the Secondary Navigation bar, click the DNS Server tab. This opens the Manage DNS Server page (see Figure 4-15).

Step 3 Click the name of the server. This opens the Edit DNS Server page (see Figure 4-16).

Figure 4-16 Edit DNS Server Page


Attribute Settings

Help for each attribute is available by clicking the name of the attribute, or see Table 4-11. The attributes are also identified by their CLI names, in parentheses, and many have an indicated default value.

Table 4-11 DNS Server Attributes 

Attribute
Description
Forwarders

Sites that must limit their network traffic for security reasons can designate one or more servers to be forwarders that handle all off-site requests before the local server goes out to the Internet. If you use this feature, you must enter the IP address of each forwarder, then click Add Forwarder to add each forwarder.

Recursive queries

Enables or disables forwarding client queries to other nameservers when your DNS server is not authoritative for data in its own cache. If you disable recursive queries, you make your nameserver a noncaching server. Default enabled.

Slave mode

Enables or disables slave mode. Slave mode controls whether the server should be a slave server that relies entirely on forwarders for data not in its cache. This attribute has no effect unless you also specify the corresponding forwarders. Note that you can override slave mode for specific domains with the DNS exception method. Default disabled.

Resolution Exceptions

Name,
IP Address(es)

If you do not want the DNS servers to use the standard resolution method to query the root nameserver for certain names outside its domain, use resolution exception. This bypasses the root nameservers and targets a specific server to handle name resolution. If you use this feature, you must enter the name of the domain you want to use for the resolution exception, followed by the IP address or addresses of the nameserver or nameservers for that exception. No default.

Click Add Exception to add each resolution exception.

Root Nameservers

Name,
IP Address(es)

Root nameservers know the addresses of the authoritative nameservers for all the top-level domains. When you first start a newly installed Network Registrar DNS server, it uses a set of preconfigured root servers, sometimes called root hints, as authorities to ask for the current root nameservers. These root hints are listed in this section. You can also define internal root servers for your network. If you have a large namespace, adding one or more internal root servers is a good solution, even better than using forwarders. No default.

To add internal root hint servers, enter each one's domain name and IP address or addresses, then click Add Root Nameservers.

Foreign Servers

Address/Mask,
Multirec,
IXFR

These attributes control the behavior of the DNS server when it communicates with other DNS servers. Use it either to control incremental zone transfers or send multiple records per Transmission Control Protocol (TCP) packet. You can set these attributes for each foreign server:

Multirec—Whether to send a remote server zone transfers (AXFR) with multiple records in one TCP packet. Older DNS servers crash when they receive such transfers, despite being allowed by the protocol. Optional, initial default disable.

IXFR—Whether a foreign server supports incremental transfer and to query it for incremental (IXFR) before full (AXFR) when asking for zone transfers. Although unwittingly setting this to true is generally harmless, doing so may result in additional transactions to accomplish a zone transfer. Optional, initial default disable.

If you are using this feature, add the IP address and netmask of the foreign server, then select if you want multirec or ixfr support. To add each foreign server, click Add Foreign Server.

Network Settings

Listening port

Number of the UDP and TCP port on which the DNS server listens for queries. Default 53.

Remote DNS servers port

Number of the UDP and TCP port to which the DNS server sends queries to other servers. Default 53.

Query source IP address

Source IP address from which, when resolving names for clients, the DNS server sends queries to other servers. A value of 0.0.0.0 indicates that the operating system will use the best local address, based on the destination. No default.

Query source UDP port

UDP port number from which the DNS server sends queries to other servers when resolving names for clients. A value of zero indicates the need to choose a random port. If this attribute is unset, the port used to listen for queries sends the queries (see the Listening port attribute). No default.

Zone Defaults

Zone checkpoint interval

Interval (in seconds) at which to checkpoint zones (take the latest snapshot from the runtime database). The checkpoint interval set at the zone level overrides this value. Default 19800s (3h).

Request incremental transfers (IXFR)

Controls the incremental transfer behavior for zones for which you did not configure a specific behavior. If incremental transfer is enabled, then you must also set the value of the ixfr-expire-interval attribute or accept the default value. Default enabled.

Send zone change notification (NOTIFY)

Controls sending NOTIFY messages for zones incurring a change. You must also set the other notify-xxx attributes or accept their defaults. Default enabled.

DNS Update access control

Adds or updates one or more access control lists (ACLs) to the zone. The server uses ACLs to control what networks or operating systems can perform dynamic DNS updates. Set at the zone level, it overrides the server value. No default.

Zone scavenge interval

With scavenging enabled, the interval, in seconds, at which the zone is scheduled for scavenging. The zone setting of the same attribute overrides this setting. Range 1h through 1y. Default 1w.

Zone scavenge refresh period

With scavenging enabled, the interval, in seconds, during which the record can have a timestamp refreshed. The zone setting of the same attribute overrides this setting. Range 1h through 1y. Default 1w.

Zone scavenge no-refresh period

With scavenging enabled, the interval, in seconds, during which actions, such as dynamic updates, do not refresh the timestamp on a record. The zone setting of the same attribute overrides this setting. Range 1h through 1y. Default 1w.

Zone scavenge reload allowance

Interval, in seconds, for which a server restart does not recalculate a start scavenging time. Default 2h.

Logging

Log settings

Determines which events to log, as set using a bit mask. Logging additional details about events can help analyze a problem. However, leaving detailed logging enabled for a long period can fill the log files and affect server performance. The log categories (and their default status) are:

config—Server configuration and de-initialization (unconfiguration). Default enabled.

ddns—High level dynamic update messages. Default enabled.

xfr-in—Inbound full and incremental zone transfers. Default enabled.

xfr-out—Outbound full and incremental zone transfers. Default enabled.

notify—NOTIFY transactions. Default enabled.

datastore—Datastore processing that provides insight into various events in the server's embedded databases. Default enabled.

scavenge—Zone scavenging of dynamic resource records. Default enabled.

scavenge-details—More detailed scavenged zone output. Default disabled.

server-operations—General high server events, such as those pertaining to sockets and interfaces. Default enabled.

lame-delegation—Lame delegation events, although enabled by default. Disabling this flag could prevent the log from getting filled with frequent lame delegation encounters. Note that this has the same effect as setting the lame-deleg-notify zone attribute. Default enabled.

root-query—Root server queries and responses. Default enabled.

ddns-refreshes—Dynamic DNS update refreshes from individual hosts, such as Windows 2000 clients. Default disabled.

ddns-refreshes-details—Resource records refreshed during dynamic DNS updates from individual hosts, such as Windows 2000 clients. Default disabled.

ddns-details—Resource records added or deleted due to dynamic DNS updates. Default disabled.

tsig—Allows logging of events associated with transaction signature (TSIG) DDNS updates. Default enabled.

tsig-details—Causes more detailed logging pertaining to TSIG to be displayed (disabled by default). Default disabled.

activity-summary—Generates a server activity at intervals set by the activity-summary-interval attribute, which defaults to five minutes. Default disabled.

query-errors—Query processing errors. Default enabled.

config-details—Generates detailed information during server configuration by displaying all configured and assumed server attributes. Default disabled.

Miscellaneous Options and Settings

Don't fetch missing glue records

Controls whether you want the DNS server, when composing a response to a query, to fetch missing glue records. Glue records are A records with the address of a domain's authoritative nameserver. Normal DNS responses include NS records and their A records related to the name being queried. Default disabled.

Report lame delegation

Controls whether to notify when a server listed in a parent zone's delegation of subzones does not know that it is authoritative for the zone. Note that this has the same effect as setting log-settings=lame-delegation. Default enabled.

Enable round-robin

Controls whether to round-robin equivalent records in responses to queries. Equivalent records are records of the same name and type. Because clients often only look at the first record of a set, enabling this attribute can help balance loads and keep clients from forever trying to talk to an out-of-service host. Default enabled.

Max. resource record caching TTL

Maximum amount of time to retain cached data. Default 1w.

Max. negative answer caching TTL

Sets an upper bound on the amount of time that a Network Registrar DNS server caches a negative response. (Replaces the neg-cache-ttl attribute used in previous versions of Network Registrar, but not compliant with RFC 2308.) The allowable range in seconds is 0 to 2147483647 (68y). A value of 0 indicates no upper bound. Default 1h.

Max. memory cache size

Size of the memory cache, in kilobytes. Default 200.

Advanced Options and Settings

Relax UPDATE zone name validation

Controls relaxing of the RFC 2136 restriction on the zone name record for dynamic updates. When enabled, this allows updates to the top of the zone. Default disabled.

Save negative cache entries to disk

Controls whether to have the server store negative-query-results cache entries in its cache.db file. If disabled, the server discards negative cache entries evicted from the in-memory cache instead of storing them in the cache.db file. Default enabled.

Fake responses for IP address-like names

Controls whether the server, if queried for a domain name that resembles an IP address (for example, an A record like 192.168.40.40), automatically responds with a NXDOMAIN status without even trying to query (or forward to) other servers. Default enabled.

Simulate UPDATES to zone-top name

For Windows 2000 Domain Controller compatibility, when processing a dynamic update packet that attempts to add or remove A records from the name of a zone, respond as if the update was successful, rather than with a refusal, as would normally occur from the static/dynamic name conflict. No update to the records at the zone name actually occurs, although the response indicates that it does. Default disabled.

Enable subnet sorting

Controls whether to re-order address records in responses to queries based on the subnet of the client. Because clients often only look at the first record of a set, enabling this attribute can help localize network traffic onto a subnet. This attribute applies only to answers to queries from clients located on the same subnet as the DNS server. Default disabled.

NOTIFY max. changes to accumulate

With NOTIFY enabled, the maximum number of UPDATE changes to accumulate during the notify-wait period. If this number is exceeded, Network Registrar sends notification before the notify-wait period passes. Default 100.

NOTIFY wait for more changes

With NOTIFY enabled, the period of time to delay, after an initial zone change, before sending change notification to other nameservers. Use this attribute to accumulate multiple changes. Default 5s.

NOTIFY send min. interval

With NOTIFY enabled, the minimum interval required before sending notification of consecutive changes on the same zone to a particular server. Default 2s.

NOTIFY delay between servers

With NOTIFY enabled, the interval to stagger notification of multiple servers of a particular change. Default 1s.

NOTIFY IXFR-only interval (secondary zones)

Longest interval to maintain a secondary zone solely with incremental transfers. After this period, the server requests a full zone transfer. Default 1w.

Rate limit on NOTIFY receive (secondary zones)

With NOTIFY enabled, for secondary zones, the minimum amount of time between the completion of processing of one notification (serial number testing or zone transfer) and the start of processing of another notification. Default 5s.