Cisco CNS Network Registrar User's Guide, 6.0
Customizing DNS Zone and Server Parameters
Downloads: This chapterpdf (PDF - 408.0KB) The complete bookPDF (PDF - 7.06MB) | Feedback

Customizing DNS Zone and Server Parameters

Table Of Contents

Customizing DNS Zone and Server Parameters

Setting the Zone's Start of Authority Properties

Setting the SOA Time to Live

Setting the Secondary Refresh Time

Setting the Secondary Retry Time

Setting the Secondary Expiration Time

Configuring Hosts in a Zone

Adding Address, Canonical Name, and Mail Exchanger Records

Removing a Host

Editing a Host

Enabling Zone Transfers

Enabling Dynamic DNS Updates

Adding Subzones

Choosing a Subzone Name and Servers

Creating and Delegating a Subzone

Undelegating a Subzone

Editing a Delegated Subzone

Configuring Resource Records

Adding Resource Records

Removing Resource Records

Adding Dynamic Records

Removing Dynamic Records

Removing Cached Records

Listing Records

Filtering Records

Deleting Leftover Zone Records After Recreating a Zone

Using Server (SRV) Records

Using NAPTR Records

Setting Advanced Server Properties

Prefetching Glue Records

Reporting Lame Delegation

Enabling Relaxed Dynamic Update

Setting Maximum Negative Cache Time

Setting Maximum Cache TTL

Setting Maximum Memory Cache Size

Flushing DNS Cache

Handling Rogue Address Records and Other Cache Attributes

Setting Local and External Port Numbers

Tuning DNS Properties


Customizing DNS Zone and Server Parameters


This chapter explains how to configure some of the more advanced DNS zone and server parameters using the Cisco CNS Network Registrar CLI and GUI. Before you proceed with the tasks in this chapter, read "Configuring DNS Servers," which explains how to set up the basic properties of a primary and secondary DNS server and its zones. The Network Registrar Web UI Guide explains how to accomplish these tasks using the Web-based interface.

Table 6-1 describes the topics related to customizing DNS zones and servers.

Table 6-1 DNS Zone Configuration Topics 

If you want to...
See...

Configure the zones for a primary name server

"Configuring a Primary DNS Server" section

Set a zone's Start of Authority (SOA) record properties

"Setting the Zone's Start of Authority Properties" section

Add, edit, or remove hosts in a zone

"Configuring Hosts in a Zone" section

Enable, disable, or restrict zone transfers

"Enabling Zone Transfers" section

Enable dynamic DNS updates for DHCP servers

"Enabling Dynamic DNS Updates" section

Add, edit, delegate, or remove subzones

"Adding Subzones" section

Edit a zone's resource records

"Configuring Resource Records" section

Set the more advanced server options, such as adjusting cache

"Setting Advanced Server Properties" section

Tuning the DNS properties

"Tuning DNS Properties" section



Tip Reload the DNS server after you make any changes to the configuration.


Setting the Zone's Start of Authority Properties

The Start of Authority (SOA) record designates the top of the zone in the DNS inverted-tree namespace. A zone can have only one SOA record, which sets these properties for the primary zone:

SOA time to live (TTL)—soattl

Primary server name—ns

Hostmaster (person in charge) name—person

Serial number—serial

Secondary refresh time—refresh

Secondary retry time—retry

Secondary expire time—expire

Minimum TTL—minttl

The "Creating the Zone" section describes setting the serial number, primary server name, and hostmaster properties for the SOA record. This section described setting the remaining, more advanced properties.

Setting the SOA Time to Live

The SOA record's time to live (TTL) is usually determined by the zone's default TTL. However, you can explicitly set the SOA TTL, which sets the maximum number of seconds a server can cache the SOA record data. For example, if the SOA TTL is set for 3600 seconds (one hour), an external server must remove the SOA record from its cache after an hour and then query your name server again.

You can set the SOA TTL in the Web UI, GUI, or CLI. You need to use the Web UI or CLI to set the default TTL. The preset default TTL is 86400 seconds (one day).

Network Registrar responds to authoritative queries with an explicit TTL value. If there is no explicit TTL value, it uses the default TTL for the zone, as set by the value of the defttl zone attribute. Databases originating from versions of Network Registrar earlier than 3.5 do not have the defttl zone attribute, and use the minimum TTL in the zone's SOA record for the default TTL.

If you have an earlier version of Network Registrar and want to enforce the minimum SOA record TTL, contact the Cisco TAC. Enforcing the minimum SOA TTL causes Network Registrar not only to use the minttl zone attribute value as the default TTL, but also as a floor value—resource records with explicit TTL values smaller than minttl assume the minttl value.

Normally, Network Registrar assumes the default TTL when responding with a zone transfer with resource records that do not have explicit TTL values. If the default TTL value for the zone is administratively altered, Network Registrar automatically forces a full zone transfer to any secondary DNS server requesting a zone transfer.

Using the Web UI


Step 1 On the Primary Navigation bar, click the Zone tab. See the Network Registrar Web UI Guide for details.

Step 2 On the Secondary Navigation bar, click the Zones tab.

Step 3 Create a zone or edit an existing one. The Add Zone or Edit Zone page shows the SOA attributes.

Step 4 Set the Zone Default TTL, which defaults to 24 hours.

Step 5 If you wish, set the SOA TTL, which is the TTL for the SOA records only. It defaults to the Zone Default TTL value.

Step 6 You can also set a TTL value specifically for the NS records of the zone. Set the nsttl value listed under the attributes. This value also defaults to the Zone Default TTL value.

Step 7 Click Modify Zone.


Using the CLI

To set the default TTL value, use the zone name set defttl command. Reload the server.

nrcmd> zone example.com. set defttl=172800 
100 Ok 
defttl=2d 
nrcmd> dns reload 
100 Ok

Using the GUI

From the SOA tab of the Primary Zone dialog box, enter an appropriate value, in seconds, in the TTL field. The minus sign (the default) indicates to use the default TTL value.

Setting the Secondary Refresh Time

The secondary refresh time is how often a secondary server communicates with its primary about the potential need for a zone transfer. A good range is from an hour to a day, depending on how often you expect to change zone data.

If you use NOTIFY, you can set the refresh time to a larger value without causing long delays between transfers, because NOTIFY forces the secondary servers to notice when the primary data changes. For details about NOTIFY, see the "Enabling NOTIFY" section.

Using the Web UI


Step 1 On the Primary Navigation bar, click the Zone tab. See the Network Registrar Web UI Guide for details.

Step 2 On the Secondary Navigation bar, click the Zones tab.

Step 3 Create a zone or edit an existing one. The Add Zone or Edit Zone page shows the SOA attributes.

Step 4 Set the Secondary Refresh field to the refresh time, which defaults to three hours.

Step 5 Make any other changes, then click Modify Zone.


Using the CLI

Use the zone name set refresh command to set or change the secondary refresh time. The default is 10800 seconds (three hours).

nrcmd> zone example.com. set refresh=3600 
100 Ok 
refresh=60m 

Using the GUI

On the SOA tab, enter a value, in seconds, in the Secondary refresh time field.

Setting the Secondary Retry Time

The DNS server uses the secondary retry time between successive failures of a zone transfer. If the refresh interval expires and an attempt to poll for a zone transfer fails, the server continues to retry until it succeeds. A good value is between one-third and one-tenth of the refresh time. The default is one hour.

Using the Web UI


Step 1 On the Primary Navigation bar, click the Zone tab. See the Network Registrar Web UI Guide for details.

Step 2 On the Secondary Navigation bar, click the Zones tab.

Step 3 Create a zone or edit an existing one. The Add Zone or Edit Zone page shows the SOA attributes.

Step 4 Set the Secondary Retry field to the retry time, which defaults to one hour.

Step 5 Make any other changes, then click Modify Zone.


Using the CLI

Use the zone name set retry command to specify the secondary retry time.

nrcmd> zone example.com. set retry=4800 
100 Ok 
retry=1h20m 

Using the GUI

On the SOA tab, enter a value, in seconds, in the Secondary retry time field.

Setting the Secondary Expiration Time

The secondary expiration time is the longest time a secondary server can claim authority for zone data when responding to queries after it cannot receive zone updates during a zone transfer. Set this to a large number that provides enough time to survive extended primary server failure. The default is seven days.

Using the Web UI


Step 1 On the Primary Navigation bar, click the Zone tab. See the Network Registrar Web UI Guide for details.

Step 2 On the Secondary Navigation bar, click the Zones tab.

Step 3 Create a zone or edit an existing one. The Add Zone or Edit Zone page shows the SOA attributes.

Step 4 Set the Secondary Expire field to the expiration time, which defaults to seven days.

Step 5 Make any other changes, then click Modify Zone.


Using the CLI

Use the zone name set expire command to set the expiration interval.

nrcmd> zone example.com. set expire=500000 
100 Ok 
expire=5d18h53m20s 

Using the GUI

On the SOA tab, enter a value, in seconds, in the Secondary expire time field.

Configuring Hosts in a Zone

Configuring hosts adds A resource records for the zone's servers and hosts. As indicated in the "Adding Authoritative Name Servers for the Zone" section, you must create an A record for each NS record.

Adding Address, Canonical Name, and Mail Exchanger Records

Use the following procedure to add Address (A), Canonical Name (CNAME), and Mail Exchanger (MX) records for your zone. Note that you cannot create a CNAME record with the same name as another resource record.

Using the Web UI


Step 1 On the Primary Navigation bar, click the Zone tab. See the Network Registrar Web UI Guide for details.

Step 2 On the Secondary Navigation bar, click the Zones tab to open the List/Add Zones page.

Step 3 Click the View icon () in the Configuration RRs column next to the zone name for which you want to add A, CNAME, and MX records. This opens the List/Add Static Resource Records for Zone page.

Step 4 For an A record, add a host name in the Name field, set or accept the TTL, click A in the Type drop-down list, add an IP address for the host in the Data field, then click Add Resource Record.

Step 5 For a CNAME record, add the alias host name in the Name field, set or accept the TTL, click CNAME in the Type list, add the canonical name of the host in the Data field, then click Add Resource Record.

Step 6 For an MX record, add the origin host name in the Name field, set or accept the TTL, click MX in the Type list, add the integer preference value, a space, and the domain name of the mail exchanger for the origin host, then click Add Resource Record.


Using the CLI

Use the zone name addHost command to add the host name, address, and aliases to the zone. This creates an A record and CNAME records for the zone. Use the zone name listHosts command to list the hosts created.

nrcmd> zone example.com. addHost examplehost1 192.168.50.101 host101 
100 Ok
examplehost1 192.168.50.101
nrcmd> zone example.com. listHosts 
100 Ok 
examplehost1: addr=192.168.50.101; 
exampleDNSserv1: addr=192.168.50.1; 

To add additional CNAME records, use the zone name addRR alias CNAME canonical command.

nrcmd> zone example.com. addRR dnshost1 CNAME exampleDNSserv1 
100 Ok 
dnshost1				IN		CNAME		exampleDNSserv1.example.com. 

To add MX records, use the zone name addRR hostname MX preference mxname command.

nrcmd> zone example.com. addRR examplehost1 MX 10 exchanger.example.com. 
100 Ok 
examplehost1				IN		MX		10 exchanger.example.com. 

Using the GUI


Step 1 In the Primary Zone dialog box, click the Hosts tab.

Step 2 Click Add.

Step 3 In the Add Host dialog box:

a. Enter the required host name and its addresses.

b. Enter any aliases you might want the host known under, which creates a Canonical Name (CNAME) record for the host. The server tries to resolve an alias to an A record, and if not found, looks for a CNAME record that maps the alias to its canonical (actual) name, then tries to resolve that name. Thus, be sure that any alias name you enter for a host in the Name field ultimately resolves to an A record.

c. Enter any Mail Exchanger (MX) records that add mail exchangers, other hosts that process or forward mail for the A record host. Have at least one MX record for every host.

For multiple MX records, you can set their routing preference value in the Preference field next to each Name field. The lower the number, the higher the preference, so that a server with a 100 value takes precedence over one with a 200 value (the range can be from 0 to 65535). After the mailer tries to contact the MX host with the lowest number and fails, it tries the MX host with the next higher preference value, and so on.

d. Check the Generate reverse mapping records box if you want Network Registrar to generate reverse mapping records automatically for an existing reverse zone.

Step 4 Click OK to add this host, or click Apply to continue adding hosts. After you click OK, Network Registrar returns to the Hosts tab of the Primary Zone dialog box and displays the new host or hosts.


Removing a Host

Removing a host removes all its associated resource records. These include aliases (CNAME), MX records, and, if selected, reverse (PTR) records removed from the in-addr.arpa zone.

Using the Web UI

On the Primary Navigation bar, click the Host tab to open the List Zones (and select the zone) or List/Add Hosts in Zone page. On the List/Add Hosts in Zone page, click the Delete icon () next to the host you want to remove, then confirm the deletion on a Confirm Delete page. You can also delete hosts from the Edit Hosts page, and delete addresses for hosts on the Add Host page. See the Network Registrar Web UI Guide for details.

Using the CLI

Use the zone name removeRR hostname A command to remove a host from a zone. Confirm the removal using the zone name listHosts command.

nrcmd> zone example.com. removeRR examplehost99 A 
100 Ok 
nrcmd> zone example.com. listHosts 
100 Ok 
examplehost1: addr=192.168.50.101; 
exampleDNSserv1: addr=192.168.50.1; 

Using the GUI

On the Hosts tab, choose the host name that you want to remove, then click Remove. Network Registrar updates the host list to show the current hosts.

Editing a Host

You can edit individual host data in a zone.

Using the Web UI


Step 1 On the Primary Navigation bar, click the Host tab to open the List Zones (and select the zone) or List/Add Hosts in Zone page. See the Network Registrar Web UI Guide for details.

Step 2 On the List/Add Hosts in Zone page, select the name of the host you want to edit. This open the Edit Host page.

Step 3 You can edit the host name or its IP address, or you can delete the host using the Delete icon ().

Step 4 Click Modify Host.


Using the CLI

To change host information, you have to remove the host, using the zone name removeHost command, and re-add it, using the zone name addHost command.

nrcmd> zone example.com. removeRR examplehost99 A 
100 Ok 
nrcmd> zone example.com. addRR examplehost99 A 192.168.50.199 
100 Ok 
examplehost99					IN		A		192.168.50.199 

Using the GUI

On the Hosts tab, choose the host name you want to edit, and click Edit. In the Edit Hosts dialog box, make the necessary changes to the host name, address, alias, or MX record, then click OK.

When you edit a host, the Generate reverse mapping records box is checked if there is a reverse zone for any of the host's addresses. If you click OK, Network Registrar displays a warning dialog box for each address not having a corresponding entry in a reverse zone. This is a normal result and not harmful.

Enabling Zone Transfers

A secondary server periodically contacts its primary for changes, called a zone transfer. The interval is defined in the server's SOA record as the secondary refresh time. You enable zone transfers by setting the restrict-xfer attribute to false (the default).


Note If you restrict zone transfers, the nslookup utility ls command may fail because it tries to do a full zone transfer, unless you include the IP address that the ls command runs from in the zone's restricted-set list.


Using the Web UI


Step 1 On the Primary Navigation bar, click the Zone tab. See the Network Registrar Web UI Guide for details.

Step 2 On the Secondary Navigation bar, click the Secondary Zones tab to open the List Secondary Zones page.

Step 3 Click the name of the zone to open the Edit Secondary Zone page.

Step 4 In the zone attributes, you can set the restrict-xfer attribute to false (the default). If you set the attribute to true, you can also specify a list of servers to which to restrict the zone transfers by using the restricted-set attribute, separating the IP addresses with commas.

Step 5 Click Modify Secondary Zone.


Using the CLI

Zone transfers are enabled in the CLI by default unless you restrict them using the zone name enable restrict-xfer command. If you want to force a zone transfer, use the zone name forceXfer primary or zone name forceXfer secondary command.

Using the GUI

Use the options on the Zone Transfers tab to allow zone transfers to all servers requesting zone data, to restrict the servers, or prevent all zone transfers:

Enable zone transfers from any secondary by checking the Do not restrict zone transfers box.

Restrict zone transfers by checking the Restrict zone transfers to the following addresses box and entering the addresses of the secondary servers allowed to perform zone transfers.

Disable zone transfers entirely by checking the Restrict zone transfers to the following addresses box and leaving the list of authorized secondary servers blank. You might want to turn off zone transfers temporarily while you are reconfiguring the site, or if you have no secondary servers.

Enabling Dynamic DNS Updates

Dynamic DNS (RFC 2136) integrates DNS and DHCP so that they can work together. Dynamic DNS update automatically records the association between the hosts and their DHCP-assigned addresses. Using DHCP and dynamic DNS update, you can configure a host automatically for network access whenever it attaches to the network. You can locate and access the host using its unique DNS host name.

Dynamic DNS update is described more fully in "Configuring Dynamic DNS Update." For dynamic DNS update to function properly, you must configure the corresponding DHCP scope.

You can allow DNS updates from certain DHCP servers.

Using the Web UI


Step 1 On the Primary Navigation bar, click the Zone tab. See the Network Registrar Web UI Guide for details.

Step 2 On the Secondary Navigation bar, click the Zones tab to open the List/Add Zones page.

Step 3 Click the name of the zone to open the Edit Zone page.

Step 4 Under the Dynamic DNS category in the zone attributes, set the dynamic attribute to true (enabled).

Step 5 Add a comma-separated list of addresses of DHCP servers, Windows 2000 client, or DC controllers from which DNS allows updates to this zone in the update-acl attribute field.

Step 6 Click Modify Zone.


Using the CLI

Use the zone name enable dynamic command to enable dynamic updates to the zone. The dynamic property is enabled by default. Then use the zone name set update-acl command to specify the (comma-separated) list of IP addresses from which dynamic updates will be accepted. Use the zone name show command to display all the addresses in the set.

nrcmd> zone example.com. enable dynamic 
100 Ok 
dynamic=true 
nrcmd> zone example.com. set update-acl=192.168.1.1,127.0.0.1 
100 Ok
update-acl="192.168.1.1; 127.0.0.1" 
nrcmd> zone example.com. show 
100 Ok 
example.com. (primary): 
...
update-acl = "{192.168.1.1;} 127.0.0.1" 

You can also specify a network address and mask in the definition.

nrcmd> zone example.com. set update-acl=192.168.0.0/16 
100 Ok
update-acl=192.168.0.0/16

Using the GUI


Step 1 In the Primary Zone dialog box, click the DHCP tab.

Step 2 Check the Enable dynamic DNS updates box.

Step 3 Enter the addresses of the DHCP servers, Windows 2000 clients, or DC controllers from which DNS allows updates to this zone. If you do not list a DHCP server, the update does not occur. You must do this for both the forward and reverse zones.

Step 4 Click OK.


Adding Subzones

As the zone grows, you might want to divide it into smaller pieces called subzones. You can delegate administrative authority for these subzones, and have them managed by people within those zones or served by separate servers. This partitioning is called subzone delegation. Establish subzone delegation by performing these tasks:

Choose a subzone name

Specify a name server name

Specify a name server address

Choosing a Subzone Name and Servers

After you decide to divide the zone into subzones, you must create names for them. Involve the people responsible for the subzones in deciding their names, and try to maintain a consistent naming scheme.

These suggestions can help you avoid subzone naming problems:

Consider not naming a subzone by its organizational name. In a changing business environment, organizations merge and are renamed. Naming a subzone after an organization could result in a name that is no longer meaningful over time.

Consider not using geographical names that indicate the subzone location. Geographical names are meaningless to people outside your organization.

Do not use cryptic names; make them obvious.

Do not use existing or reserved top-level domain names as subzones. Using existing names can result in routing problems.

After you choose a subzone name, specify its name servers, the ones the parent domain's name servers use when queried about the subzone. To ensure that the subzone is always reachable, you should specify two name servers. They must be authoritative for this zone as either primary or secondary, or this causes lame delegation. See the "Reporting Lame Delegation" section.

Whenever a subzone's name server changes its name or address, the subzone administrator must inform its parent zone so that the latter's administrator can change the subzone's name server and glue records. A glue record is an A record with the address of a subzone's authoritative name server. If the subzone's administrator fails to inform its parent, the glue records are invalid. The common symptom is that a host cannot reach a host in another domain by its name, only by its address.

Creating and Delegating a Subzone

If the name server for the subzone is in the parent domain, add an NS record. The A record for the server likely already exists. If the server is in the subzone being delegated, add an NS record and a glue A record for the server so that the domain can find it.

Using the Web UI


Step 1 On the Primary Navigation bar, click the Zone tab. See the Network Registrar Web UI Guide for details.

Step 2 On the Secondary Navigation bar, click the Zones tab to open the List/Add Zones page.

Step 3 Add a zone with the subzone domain name, as in the "Adding a Primary Forward Zone" section. On the Add Zone page, add the SOA records, and name servers and their A records, as you would for any zone. Click Add Zone.

Step 4 On the List/Add Zones page, click the View icon () in the Configuration RRs column of the parent zone's name to open the List/Add Static Resource Records for Zone page.

Step 5 Create an NS record in the parent zone for the subzone's server. Enter the subzone name in the Name field, select record type NS, and enter the subzone server's fully qualified domain name in the Data field. Click Add Resource Record.

Step 6 Add a glue A record for the subzone's server. Enter the subzone name server in the Name field, select record type A, and enter the subzone server's IP address in the Data field. Click Add Resource Record.

Step 7 Click Return to Zone List.


Using the CLI

Use the zone subzone create primary and zone subzone addRR hostname A address commands to create the subzone and create an A record for the server. Then use the zone parentzone addRR name NS and zone parentzone addRR hostname A address commands to delegate the subzone on the parent zone. The last host record adds the glue record if the server is in the subzone.

nrcmd> zone boston.example.com. create primary bostonDNSserv1 hostmaster 
nrcmd> zone boston.example.com. addRR bostonDNSserv1 A 192.168.60.1 
100 Ok 
bostonDNSserv1					IN		A		192.168.60.1 

nrcmd> zone example.com. addRR boston NS bostonDNSserv1.example.com. 
100 Ok 
boston					IN		NS		engDNSserv1.example.com. 
nrcmd> zone example.com. addRR bostonDNSserv1 A 192.168.40.1 
100 Ok 
bostonDNSserv1					IN		A		192.168.40.1 

If you use the zone name listRR command for the parent zone, the NS and glue A records should appear.

nrcmd> zone example.com. listRR 
100 Ok 
Static Resource Records 
...
bostondnsserv1					IN		A		192.168.40.1 
boston					IN		NS		bostonDNSserv1.example.com. 

Using the GUI


Step 1 Create a subzone of a parent zone, as described in the "Adding a Primary Forward Zone" section. The subzone is just another zone.

Step 2 Display the properties of the parent zone.

Step 3 In the Primary Zone dialog box, click the Resource Records tab.


Note If you are connected to a Network Registrar database version earlier than 6.0, use the Subzones tab in this dialog box. For a description of how connecting to an earlier database changes the functionality of the GUI dialog box, see the "Configuring Subzones" section.


Step 4 Click Add to open the Add Resource Record dialog box.

Step 5 Click the NS tab to create an NS record for the subzone's server. In the Name field, enter the subzone name. In the Server field, enter the fully qualified name of the server. Click OK.

Step 6 Click Add again and click the A tab to create a glue A record for the subzone server's address. In the Name field, enter the fully qualified domain name of the subzone name server. In the Address field, enter the IP address of the subzone's name server. Click OK.

Step 7 Click OK in the Primary Zone dialog box.

Step 8 Reload the DNS server.


Undelegating a Subzone

If you undelegate a subzone, remove any associated NS and glue A records from the parent zone.

Using the Web UI


Step 1 On the Primary Navigation bar, click the Zone tab. See the Network Registrar Web UI Guide for details.

Step 2 On the Secondary Navigation bar, click the Zones tab to open the List/Add Zones page.

Step 3 Click the View icon () in the Configuration RRs column of the parent zone name to open the List/Add Static Resource Records for Zone page.

Step 4 Remove the NS resource record for the subzone by clicking the Delete icon () next to the subzone NS record in the list, then confirm the deletion on a Confirm Delete page.

Step 5 Remove the glue A resource record for the subzone's server host by clicking the Delete icon () next to the subzone server's A record in the list, then confirm the deletion on a Confirm Delete page.


Using the CLI

Use the zone name removeRR NS and zone name removeRR A commands to remove the subzone's NS and glue A records.

nrcmd> zone example.com. removeRR boston NS 
100 Ok 
nrcmd> zone example.com. removeRR bostonDNSserv1 A 
100 Ok

Using the GUI


Step 1 In the Server Manager window, choose the zone for which you want to remove a subzone, then click Show Properties.

Step 2 In the Primary Zone dialog box, click the Resource Records tab.


Note If you are connected to a Network Registrar database version earlier than 6.0, use the Subzones tab in this dialog box. For a description of how connecting to an earlier database changes the functionality of the dialog box, see the "Configuring Subzones" section.


Step 3 Remove the NS and any glue A records for the subzone.

Step 4 Click OK.

Step 5 Reload the DNS server.


Editing a Delegated Subzone

You can edit the subzone's resource records.

Using the Web UI


Step 1 On the Primary Navigation bar, click the Zone tab. See the Network Registrar Web UI Guide for details.

Step 2 On the Secondary Navigation bar, click the Zones tab to open the List/Add Zones page.

Step 3 Click the View icon () in the Configuration RRs column of the zone name to open the List/Add Static Resource Records for Zone page.

Step 4 Edit the NS resource record for the subzone by clicking the Edit icon () next to the record to open the Edit Resource Record in Zone page. Edit the NS record data and click Modify Resource Record.

Step 5 Edit the glue A resource record for the subzone's server in the same way as the previous step.

Step 6 Reload the DNS server.


Using the CLI

Use the zone name removeRR command to delete the NS and glue A records, then use the zone name addRR command to replace them. Reload the DNS server.

nrcmd> zone example.com. removeRR boston NS 
100 Ok 
nrcmd> zone example.com. removeRR bostonDNSserv1 A 
100 Ok
nrcmd> zone example.com. addRR boston NS bostonDNSserv2.example.com. 
100 Ok 
boston					IN		NS		engDNSserv2.example.com. 
nrcmd> zone example.com. addRR bostonDNSserv2 A 192.168.40.2 
100 Ok 
bostonDNSserv2					IN		A		192.168.40.2 
nrcmd> dns reload 
100 Ok

Using the GUI


Step 1 In the Server Manager window, choose the zone for which you want to edit a subzone and click Show Properties.

Step 2 In the Primary Zone dialog box, click the Resource Records tab.


Note If you are connected to a Network Registrar database version earlier than 6.0, use the Subzones tab in this dialog box. For a description of how connecting to an earlier database changes the functionality of the dialog box, see the "Configuring Subzones" section.


Step 3 Edit the NS and any glue A records for the subzone.

Step 4 Click OK.

Step 5 Reload the DNS server.


Configuring Resource Records

Resource records comprise the data within a DNS zone. Although there is no fixed limit to the number of resource records a zone may own, in general, a zone may own one or more resource records of a given type (it always has an SOA record). There are some exceptions depending on the types involved.

All resource records have the entries described in Table 6-2.

Table 6-2 Resource Record Common Entries 

Resource Record Entry
Description

Name

Owner of the record, such as a zone or host name.

Class (not required for all formats)

Network Registrar supports only the IN (Internet) class.

TTL (time to live)

Amount of time to store the record in a cache, in seconds. If you do not include a TTL, Network Registrar uses the zone default TTL, defined as a zone attribute.

Type

Type of the record, such as A, NS, SOA, and MX. There are many types that various RFCs define, although ten or fewer are in common use.

Record data

Data types whose format and meaning varies with record type.


This section describes how to add, remove, edit, and filter resource records.

Adding Resource Records

You can add resource records for a zone. For details on the resource record syntax, see "Resource Records."

Using the Web UI


Step 1 On the Primary Navigation bar, click the Zone tab. See the Network Registrar Web UI Guide for details.

Step 2 On the Secondary Navigation bar, click the Zones tab to open the List/Add Zones page.

Step 3 Click the View icon () in the Configuration RRs column of the zone name to open the List/Add Static Resource Records for Zone page. Alternatively, click the View icon in the Active Server RRs column to open the List/Add DNS Server Resource Records for Zone page.

Step 4 Add the resource record name, TTL, type, and data as is appropriate.

Step 5 Click Add Resource Record.

Step 6 Click Return to Zone List.


Using the CLI

Use the zone name addRR command to add a resource record of a certain type. You can specify the name as either the relative name, if the owner is in the same domain, as an absolute name (by supplying the FQDN), or the same name as the zone name (by using the "@" symbol).

nrcmd> zone example.com. addRR ftp CNAME green.example.com. 
100 Ok 
ftp			IN		CNAME			green.example.com. 
nrcmd> zone example.com. addRR @ NS ns1.example.com. 
100 Ok 
@			IN		NS			ns1.example.com. 

Using the GUI


Step 1 In the Server Manager window, choose the zone and click Show Properties on the toolbar.

Step 2 In the Primary Zone dialog box, click the Resource Records tab.

Step 3 Click Add. This opens the Add Resource Record dialog box.

Step 4 Click the appropriate resource record tab—Generic, A, CNAME, MX, NS, or PTR. If you choose Generic, you must choose the resource record type in the Type field.

Step 5 Enter the name, optional TTL value, and the remaining data appropriate to the resource record type. For example, for an MX record, enter the preference and mail host name.

Step 6 Click Apply to continue to add resource records, or click OK to finish.


Removing Resource Records

You can remove resource records from a zone.

Using the Web UI


Step 1 On the Primary Navigation bar, click the Zone tab. See the Network Registrar Web UI Guide for details.

Step 2 On the Secondary Navigation bar, click the Zones tab to open the List/Add Zones page.

Step 3 Click the View icon () in the Configuration RRs column of the zone name to open the List/Add Static Resource Records for Zone page. Alternatively, click the View icon in the Active Server RRs column to open the List/Add DNS Server Resource Records for Zone page.

Step 4 To remove an entire record name set, click the Delete icon () next to the record set name in the list, then confirm the deletion on a Confirm Delete page. To remove individual records from the set, click the name of the record set to open the Edit Resource Record Set page, click the Delete icon next to the individual record in the list, then confirm the deletion on a Confirm Delete page.


Using the CLI

Use the zone name removeRR command to remove static resource records. You must specify the owner. If you omit the data, Network Registrar removes all records of the specified type for the specified owner. Similarly, if you omit the type, Network Registrar removes all records for the specified owner. Confirm the removal using the zone name listRR command.

nrcmd> zone example.com. removeRR examplehost1 MX 
100 Ok 

Using the GUI

On the Resource Records tab, click the name of the record that you want to remove, then click Remove.

Adding Dynamic Records

The DNS server must be running to add dynamic records. Changes take effect immediately; you do not need to reload the server after adding the record. However, the zone must be active on the server, which requires a reload after creating the zone.

Using the Web UI


Step 1 Create the zone and reload the DNS server.

Step 2 On the Primary Navigation bar, click the Zone tab. See the Network Registrar Web UI Guide for details.

Step 3 On the Secondary Navigation bar, click the Zones tab to open the List/Add Zones page.

Step 4 Click the View icon () in the Active Server RRs column to open the List/Add DNS Server Resource Records for Zone page.

Step 5 The state of the resource record is indicated as dynamic. Add the resource record name, TTL, type, and data as is appropriate.

Step 6 Click Add Resource Record.

Step 7 Click Return to Zone List.


Using the CLI

Use the zone name addDynRR command to add dynamic resource records. You can specify resource records just by owner; owner and type; or owner, type, and data (and you can include a TTL value). The only types of dynamic records you can add are A, TXT, PTR, CNAME, or SRV records. To determine whether dynamic DNS is working and what dynamic entries are in the system, see the "Filtering Records" section.

nrcmd> zone example.com. addDynRR bob A 192.168.70.99 
100 Ok 
bob			IN		A		192.168.70.99 

Removing Dynamic Records

The DNS server must be running to remove dynamic records. Changes take effect immediately; you do not need to reload the server. However, the zone must be active on the server, which requires a reload after you create the zone.

Using the Web UI


Step 1 On the Primary Navigation bar, click the Zone tab. See the Network Registrar Web UI Guide for details.

Step 2 On the Secondary Navigation bar, click the Zones tab to open the List/Add Zones page.

Step 3 Click the View icon () in the Active Server RRs column to open the List/Add DNS Server Resource Records for Zone page.

Step 4 To remove an entire record name set, click the Delete icon () next to the record set name in the list, then confirm the deletion on a Confirm Delete page. To remove individual records from the set, click the name of the record set to open the Edit Resource Record Set page, click the Delete icon next to the individual record in the list, then confirm the deletion on a Confirm Delete page.


Using the CLI

Use the zone name removeDynRR command to remove dynamic resource records. You can specify resource records just by owner; owner and type; or owner, type, and data. Specifying a type without data removes the entire resource record set; including the data removes the specific dynamic resource record only. To determine whether dynamic DNS is working and what dynamic entries are in the system, see the "Filtering Records" section.

nrcmd> zone example.com. removeDynRR bob A 
100 Ok

Removing Cached Records

Removing cached records removes nonauthoritative resource records from both in-memory and persistent (nonauthoritative) cache. The DNS server must be running to remove cached records. Changes take effect immediately; you do not need to reload the server.

Using the Web UI or GUI

This function is not currently available in the Web UI or GUI.

Using the CLI

Use the zone name removeCachedRR command to remove cached resource records in the memory and persistent caches. With the type omitted, this removes the entire name set; if included without data, this removes the resource record set; with both type and data included, this purges the specific record.

nrcmd> zone example.com. removeCachedRR bob A 

Listing Records

You can display all the resource records, or the static or dynamic ones. The server must be operating to display the dynamic records.

Using the Web UI


Step 1 On the Primary Navigation bar, click the Zone tab. See the Network Registrar Web UI Guide for details.

Step 2 On the Secondary Navigation bar, click the Zones tab to open the List/Add Zones page.

Step 3 Click the View icon () in the Configuration RRs column of the zone name to open the List/Add Static Resource Records for Zone page. Alternatively, click the View icon in the Active Server RRs column to open the List/Add DNS Server Resource Records for Zone page

Step 4 View the records on the page.

Step 5 Click Return to Zone List.


Using the CLI

The zone name listRR command displays resource records in the named zone.

nrcmd> zone example.com. listRR 
100 Ok 
Static Resource Records 
@			172800			IN		SOA		exampleDNSserv1.example.com. hostmaster.example.com. 
1 10800 3600 604800 86400 
@						IN		NS		exampleDNSserv1.example.com. 
@						IN		NS		ns1.example.com. 
examplehost1						IN		A		192.168.50.101 
dnshost1						IN		CNAME		exampleDNSserv1.example.com. 
examplehost99						IN		A		192.168.50.199 
bostondnsserv1						IN		A		192.168.40.1 
ftp						IN		CNAME		green.example.com. 
Dynamic Resource Records 

Using the GUI

All resource records are listed when you click the Resource Records tab on the Add Primary DNS Zone or Edit Primary Zone dialog box.


Note If you are connected to a Network Registrar 6.0 database, resource records are listed in DNSSEC order, which you cannot sort. If you are connected to an earlier database, the records are listed in a different order, which you can sort by clicking the Name column header in the GUI dialog box. For a description of how connecting to an earlier database changes the functionality of the dialog box, see the "Configuring Subzones" section.


Filtering Records

You may want to filter records to display only one type of record, such as an A or PTR record.

Using the Web UI

Filter records by entering part of its name in the search field at the bottom of the List/Add Resource Records page and clicking the Search () icon. To reduce the number of records displayed, change the page size value, then click Change Page Size.

Using the CLI

You can use the following switches to filter records. This helps you determine whether dynamic DNS is working and what dynamic entries are in the system:

all—Displays all records (the default)

static—Displays only static records

dynamic—Displays only dynamic records

This example displays only dynamic records:

nrcmd> zone example.com. listRR dynamic 

Using the GUI

This function is not available when connected to a Network Registrar 6.0 database. However, it is available when connected to an earlier version database. For a description of how connecting to an earlier database changes the functionality of the dialog box, see the "Configuring Subzones" section.

Deleting Leftover Zone Records After Recreating a Zone

You can delete leftover static zone records after you delete a zone and then recreate it. Dynamic resource records are automatically deleted when you recreate the zone.

Using the Web UI or GUI

This function is currently not available in the Web UI or GUI.

Using the CLI

Use the zone name cleanRR command if you periodically delete and re-import zones, which can cause your database to grow. This command uses the DNS server's historical zone data to determine what part to remove. It does not print a list of records to be deleted or prompt you for confirmation. You can safely run it any time.

nrcmd> zone example.com. cleanRR 
100 Ok

The behavior of the cleanRR keyword depends on the presence or absence of a new zone:

Deleting and then recreating the zone—Purges the entire old copy of the zone.

Deleting and not recreating the zone—Although the zone no longer exists, its resource records remain (but are marked deleted). In this case, using the cleanRR keyword does not affect the deleted zone and does not delete the records.

Using Server (SRV) Records

Windows 2000 domain controllers use the server (SRV) resource record to advertise services to the network. This resource record is defined in the RFC 2782, "A DNS RR for specifying the location of services (DNS SRV)." The RFC defines the format of the SRV record (DNS type code 33) as:

_service._protocol.name ttl class SRV priority weight port target 

There should always be an A record associated with the SRV record's target so that the client can resolve the service back to a host. In the Microsoft Windows 2000 implementation of SRV records, the records might look like this:

myserver.example.com A 10.100.200.11
_ldap._tcp.example.com SRV 0  0  389  myserver.example.com
_kdc._tcp.example.com SRV 0  0  88  myserver.example.com
_ldap._tcp.dc._msdcs.example.com SRV 0  0  88  myserver.example.com

An underscore always precedes the service and protocol names. In the example, _kdc is the Kerberos Data Center. The priority and weight help you choose between target servers providing the same service (the weight differentiating those with equal priorities). If the priority and weight are all set to zero, the DNS server orders the clients randomly. For more information on SRV records, see "Resource Records."

Using NAPTR Records

Network Registrar supports Naming Authority Pointer (NAPTR) resource records. These records help with name resolution in a particular namespace and are processed to get to a resolution service. Because NAPTR records are a proposed standard, RFC 2915, Network Registrar only validates their numeric record fields. However, the proposed standard requires a value for each field, even if it is null (""), and there are no default values. See "Resource Records" for the syntax of NAPTR records.

When using a NAPTR record to locate a Session Initiation Protocol (SIP) proxy, see the proposed standard, RFC 2916, or the SIP standard, RFC 2543. In RFC 2916, the ENUM working group of the Internet Engineering Task Force specifies NAPTR records to map E.164 addresses to Universal Resource Identifiers (URIs). Using the NAPTR record resolves a name in the E.164 international public telecommunication namespace to a URI, instead of providing the name of a service to use as a resolver. The U flag was added to the NAPTR record for this purpose.

For example, to specify a SIP proxy for the phone number +4689761234, add a NAPTR record at the name 4.3.2.1.6.7.9.8.6.4.e164.arpa. with this content:

100 10 "u" "sip+E2U" "/^.*$/sip:info@tele2.se/" .

This sets these fields of the NAPTR record:

order = 100 
preference = 10 
flags = "u" 
service = "sip+E2U" 
regexp = "/^.*$/sip:info@tele2.se/" 
replacement = . 

After you configure these fields, the DNS client dealing with phone number +4689761234 can now find an SIP service URI by replacing the number with the "sip:info@tele2.se" string. The E.164 zone mostly uses the NAPTR record for wholesale replacement of the "input" telephone number. Section 3.2.3 of RFC 2916 includes an example of one transformation to a Lightweight Directory Access Protocol (LDAP) query that preserves some of the digits. The E.164 zone does not map to server (SRV) records is that it wants to obtain a SIP URL that is more humanly readable to the left of the "at" (@) symbol.

Using the Web UI


Step 1 On the Primary Navigation bar, click the Zone tab. See the Network Registrar Web UI Guide for details.

Step 2 On the Secondary Navigation bar, click the Zones tab to open the List/Add Zones page.

Step 3 Click the View icon () in the Configuration RRs or Active Server RRs column.

Step 4 To add an NAPTR record, add the owner of the record in the Name field, set the TTL (if necessary), click NAPTR in the Type drop-down list, then add the data. The data is the order, preference, flags, service, regular expression, and replacement string, in quotes and separated by spaces. For example, the data could be:

"100 10 u sip+E2U /^.*$/sip:info@tele2.se/ ." 

Step 5 Click Add Resource Record.

Step 6 Refresh the list if necessary.


Using the CLI

Use the zone name addRR command. Then, reload the server.

nrcmd> zone 8.6.4.e164.arpa addRR 4.3.2.1.6.7.9 naptr 100 10 u sip+E2U 
/^.*$/sip:info@tele2.se/ . 
nrcmd> dns reload 

Using the GUI

Select the zone requiring the NAPTR record, open the Add Resource Record dialog box, and click the Generic tab. Add the owner of the NAPTR record, select NAPTR in the type field, and enter the six-field value—order, preference, flag, service, regular expression, and replacement string, separated by spaces—in the Data field. Then, reload the DNS server.

Setting Advanced Server Properties

You can set these advanced server properties:

Prefetch glue records

Report lame delegation

Enable relaxed dynamic update

Set cache time limits and size

Set local and external port numbers

Handle rogue A record queries

Set debug

All of the steps in the following subsections require you to be on the Advanced tab of the DNS Server Properties dialog box.

Prefetching Glue Records

A glue record is a DNS A record that specifies the address of a zone's or subzone's authoritative name server. It is an informational record in a query response. For example, most answers include NS records, which then cause the inclusion of A records to resolve the NS record name into an address. These A records are the glue records. Choosing the Prefetch glue records option tells the server to find records that it would not normally find, so that it can include them in answers to subsequent queries.

Using the Web UI

On the Primary Navigation bar, click the Zone tab. On the Secondary Navigation bar, click the DNS Server tab and the name of the server to open the Edit DNS Server page. Under the Miscellaneous Options and Settings attributes category, ensure that Don't fetch missing glue records is set to disabled. See the Network Registrar Web UI Guide for details.

Using the CLI

Use the dns disable no-fetch-glue command to enable prefetching glue records (the default).

nrcmd> dns disable no-fetch-glue 
100 Ok
no-fetch-glue=disabled 

Using the GUI

On the Advanced tab of the DNS Server Properties dialog box, ensure that the Prefetch glue records box is checked (the default).

Reporting Lame Delegation

Lame delegation occurs when a DNS server listed in the parent's delegation of a zone does not know that it is authoritative for the zone. The server can detect and report this when, in the process of tracking down an answer, it is referred to a server that in turn refers to another server for a domain closer to the root (actually farther from the answer). Lame delegation does not indicate a problem with the DNS configuration, but with the configuration at the DNS server you are querying. You cannot do anything to correct lame delegation at other domains, unless you happen to be authoritative for the domain as well.

Note that setting the Report lame delegations (lame-deleg-notify) attribute has the same effect as setting the DNS log setting lame-delegation.

Using the Web UI

On the Primary Navigation bar, click the Zone tab. On the Secondary Navigation bar, click the DNS Server tab and the name of the server to open the Edit DNS Server page. Under the Miscellaneous Options and Settings attributes category, ensure that Report lame delegations is set to enabled. See the Network Registrar Web UI Guide for details.

Using the CLI

Use the dns enable lame-deleg-notify command to enable lame delegation notification (the default).

nrcmd> dns enable lame-deleg-notify 
100 Ok 
lame-deleg-notify=enabled 

Using the GUI

On the Advanced tab of the DNS Server Properties dialog box, ensure that the Report lame delegation box is checked (the default).

Enabling Relaxed Dynamic Update

You can choose to enable relaxing the RFC 2136 restriction on the dynamic update zone name record. This property allows the name to be any name in an authoritative zone. For details, see the "Configuring Dynamic DNS for a Scope" section.

Setting Maximum Negative Cache Time

To ensure a quick response to repeated requests for the same information, the DNS server maintains a cache of data it learns from other servers on behalf of its clients. This includes negative information, such as "no such name" or "no such data," as specified by RFC 2308. It is important to discard this information at some point to accommodate namespace changes at the authoritative source.

The maximum negative cache time establishes an upper bound on the time a negative cache entry can be valid. This value should be obtained from the SOA record in the negative response. If the originating zone has an abnormally large TTL value, the maximum negative cache time value reduces that value, limiting the time that the entry remains negatively cached. Choose this value carefully to balance the need to eliminate long negative cache entries with the desire to cache negative answers meaningfully.

Note that you can effectively reduce the maximum negative cache time through the maximum cache TTL value, because this value applies to all cache entries, positive and negative. See the "Setting Maximum Cache TTL" section.

Using the Web UI

On the Primary Navigation bar, click the Zone tab. On the Secondary Navigation bar, click the DNS Server tab and the name of the server to open the Edit DNS Server page. Under the Miscellaneous Options and Settings attributes category, set the Max. negative answer caching TTL value; the default is one hour. See the Network Registrar Web UI Guide for details.

Using the CLI

Use the dns set max-negcache-ttl command to set the negative cache time (the default is 60 minutes).

nrcmd> dns set max-negcache-ttl=5m 
100 Ok 
max-negcache-ttl=5m 

Using the GUI

On the Advanced tab of the DNS Server Properties dialog box, enter the Negative cache time value, in seconds.

Setting Maximum Cache TTL

The Maximum Cache TTL property specifies the maximum time that you want Network Registrar to retain cached information. TTL is the amount of time that any name server is allowed to cache data learned from other name servers. Each record added to the cache arrives with some TTL value. When the TTL period expires, the server must discard the cached data and get new data from the authoritative name servers the next time it sends a query. This parameter limits the lifetime of records in the cache whose TTL values are very large. The default value is seven days (604800 seconds).

Using the Web UI

On the Primary Navigation bar, click the Zone tab. On the Secondary Navigation bar, click the DNS Server tab and the name of the server to open the Edit DNS Server page. Under the Miscellaneous Options and Settings attributes category, set the Max. resource record caching TTL value; the default is one week. See the Network Registrar Web UI Guide for details.

Using the CLI

Use the dns set max-cache-ttl command to set the maximum cache TTL value.

nrcmd> dns set max-cache-ttl=5d 
100 Ok 
max-cache-ttl=5d 

Using the GUI

On the Advanced tab of the DNS Server Properties dialog box, enter the maximum cache TTL value, in seconds.

Setting Maximum Memory Cache Size

The maximum memory cache size property specifies how much memory space you want to reserve for the DNS in-memory cache. The more memory that you allocate for the cache, the less frequently the server uses disk cache. The default is 200 KB. One entry is approximately 100 bytes.

Using the Web UI

On the Primary Navigation bar, click the Zone tab. On the Secondary Navigation bar, click the DNS Server tab and the name of the server to open the Edit DNS Server page. Under the Miscellaneous Options and Settings attributes category, set the Max. memory cache size value; the default is 200 KB. See the Network Registrar Web UI Guide for details.

Using the CLI

Use the dns set mem-cache-size command to set the maximum memory cache size, in kilobytes.

nrcmd> dns set mem-cache-size=100 
100 Ok 
mem-cache-size=100 

Using the GUI

On the Advanced tab of the DNS Server Properties dialog box, enter the maximum memory cache size value, in kilobytes.

Flushing DNS Cache

The Network Registrar cache flushing function lets you stop the disk cache file from growing. However, the actual behavior depends on whether the DNS server is running or stopped. If you flush the cache:

While the server is running, Network Registrar clears all expendable entries from the cache database file. Flushing the cache does not shrink the file because of the nature of the database, but does create free space in it. Because the memory cache is unaffected by this operation, recently used cache entries are not lost, and performance is not significantly affected.

With the server stopped, Network Registrar interprets the request to flush all entries and removes the cache file. It then re-initializes the database when you restart the server.

To clear a cache that grew too large, or when changing a resolution exception, stop the server, enter the command, then restart the server. Stopping the server does not terminate the server process, but stops it from handling further requests. For details on resolution exception, see the "Specifying an Exception List" section.

Using the Web UI

This function is not currently available in the Web UI.

Using the CLI

Use the dns flushCache command to stop the disk cache file from growing.

nrcmd> dns flushCache 
100 Ok 

Using the GUI

On the Advanced tab of the DNS Server Properties dialog box, click Flush now to stop the disk cache from growing, then click OK. To completely clear a cache that has grown too large, stop the server, then click Flush now.

Handling Rogue Address Records and Other Cache Attributes

You may become victim of a suspicious quality-of-service attack where a rogue host targets Address (A) resource record queries to a caching DNS server. These A record queries contain names that resemble IP addresses. To avoid overloading the DNS server's cache.db file with negative responses from the root, the server no longer tries to resolve these queries. The fake-ip-name-response DNS attribute (Fake Responses for IP address-like names in the Web UI) is enabled by default to effect this. When the server receives a query for a nonauthoritative name, it consults its memory cache and, if it cannot resolve the query there, queries its cache.db file. If the server cannot resolve the A record type query in either place, it parses the record value and, if the value resembles an IP address (four decimals each separated by a dot with no trailing or preceding characters), does not forward the query. Instead, the server responds with a NXDOMAIN status and does not include the negative respond in its caches.

The server acts on the save-negative-cache-entries (Save negative cache entries to disk in the Web UI) and cache-write-ttl-threshold attributes when it evicts entries from its memory cache to the cache.db file. It typically evicts positive and negative query responses from in-memory cache when the in-memory cache is full and the server needs to inserts a new entry. The server evicts the least-recently-used entry. If you disable save-negative-cache-entries, the server does not store evicted negative entries in the cache.db file, but simply discards them from in-memory server cache. If the cache-write-ttl-threshold value is non-zero (it is zero by default), the server only persists entries from the in-memory cache to the cache.db file if the entry's TTLs are greater than this value. Otherwise, the server discards the (soon to be, but not yet expired) resource record. A zero value causes the server to always persist unexpired resource records.

Using the Web UI

On the Primary Navigation bar, click the Zone tab. On the Secondary Navigation bar, click the DNS Server tab and the name of the server to open the Edit DNS Server page. Under the Advanced Options and Settings attribute category, set Fake responses for IP address-like names to enabled (the default) and Save negative cache entries to disk to disabled (it is enabled by default). See the Network Registrar Web UI Guide for details.

Using the CLI

You can set the fake IP name response attribute and adjust the cache attributes to handle rogue A records.

nrcmd> dns enable fake-ip-name-response 
100 Ok 
fake-ip-name-response=enabled 
nrcmd> dns disable save-negative-cache-entries 
100 Ok 
save-negative-cache-entries=disabled 

Using the GUI

This function is not available in the GUI.

Setting Local and External Port Numbers

If you are experimenting with a new group of name servers, you might want to use nonstandard ports for answering requests and asking for remote data. The local port and external port settings control the TCP and UDP ports on which the server listens for name resolution requests, and to which port it connects when making requests to other name servers. The standard value for both is port 53. If you change these values during normal operation, the server will appear to be unavailable.

Using the Web UI

On the Primary Navigation bar, click the Zone tab. On the Secondary Navigation bar, click the DNS Server tab and the name of the server to open the Edit DNS Server page. Under the Network Settings attribute category, set Listening port and Remote DNS servers port to different ports than the default value of 53. See the Network Registrar Web UI Guide for details.

Using the CLI

Use the dns set local-port-num and dns set remote-port-num commands to set the ports.

nrcmd> dns set local-port-num=45 remote-port-num=40 
100 Ok 
local-port-num=45 
remote-port-num=40 

Using the GUI

On the Advanced tab of the DNS Server Properties dialog box, enter the Local port and External port.

Tuning DNS Properties

Here are some suggestions to tune some of the DNS server properties:

The Notify send min. interval attribute on the DNS Server page in the Web UI, or the dns set notify-min-interval command in the CLI—Minimum interval required before sending notification of consecutive changes on the same zone to a server. The default is two seconds. For very large zones, you might want to increase this value to exceed the maximum time to send an outbound full zone transfer. This is recommended for secondary servers that receive inbound incremental zone transfers and send out full transfers to other secondaries. These include older BIND servers that do not support incremental zone transfers. Inbound incremental transfers may abort outbound full transfers.

nrcmd> dns set notify-min-interval=2 
100 Ok 
notify-min-interval=2s 

The Notify delay between servers attribute on the DNS Server page in the Web UI, or the dns set notify-send-stagger=5s command in the CLI—Interval to stagger notification of multiple servers of a change. The default is one second, but you may want to raise it to up to five seconds if you need to support a large number of zone transfers distributed to multiple servers.

nrcmd> dns set notify-send-stagger=5 
100 Ok 
notify-send-stagger=5s 

The Notify wait for more changes attribute on the DNS Server page in the Web UI, or the dns set notify-wait=15s command in the CLI—Time to delay, after an initial zone change, before sending change notification to other name servers. The default is five seconds, but you may want to raise it to 15, for the same reason as given for the notify-min-interval attribute.

nrcmd> dns set notify-wait=15 
100 Ok 
notify-wait=15s 

The Max. memory cache size attribute on the DNS Server page in the Web UI, or the dns set mem-cache-size=1000 command in the CLI—Size of the in-memory record cache, in kilobytes. The default is 200 KB, but you may want to raise it to 1000 KB for larger networks.

The Report lame delegations attribute on the DNS Server page in the Web UI, or the dns enable lame-deleg-notify command in the CLI—Network Registrar should notice and log when a DNS server listed in a parent-zone's delegation of subzones does not know that it is authoritative for the zone. This is normally disabled, but you may want to enable it. You must set the session visibility to 3 before using the CLI command; always reset the visibility back to 5 afterward. This attribute has the same effect as using dns set log-setting=lame-delegation.

The remote-dns address/mask create ixfr=true or ixfr=false command in the CLI—Whether you enable or disable incremental transfer, Network Registrar looks for the most specific match, that is, it matches the machine with the longest mask. Use this feature to specify a group of servers with a single command. Note that a netmask of 32 is equivalent to no netmask.