DNS module

8.3. DNS module#

Deployment — Kubernetes & UCS appliance

The DNS management module appears in both deployments. However, administrators mostly use it in the context of the UCS appliance with its network management capabilities.

Nubus offers the DNS management module to manage forward and reverse lookup of hostnames and IP addresses. In the module, you can manage the following aspects around DNS:

This section provides a reference for the fields used in the DNS management module.

Nubus stores DNS information in the cn=dns,base DN container. It saves forward and reverse lookup zones directly in the container, and records in the respective zones, such as pointer records.

Important

In the DNS management module, always use the relative or the fully qualified domain name (FQDN) in the fields for computers, and not the computer’s IP address. Always end the FQDN with a period (.), otherwise DNS adds the domain name.

You find the DNS management module in the Domain category in the Management UI. The left column of the DNS management module shows a list of forward and reverse lookup zones. To add a DNS object to a zone, for example an alias record to a forward zone, select the corresponding zone. To create a DNS object in the selected zone, click Add.

To create a forward or reverse zone, select All DNS zones, and click Add. DNS objects within zones label the zone as superordinate object.

Each DNS zone has at least one authoritative, primary DNS server whose information governs the zone. Subordinate DNS servers synchronize themselves with the authoritative server through zone transfers. The DNS terminology calls entries that define a zone, Start Of Authority or SOA records. To manage the SOA records for the zones, see the following sections:

8.3.1. Forward lookup zone#

Forward lookup zones contain information that the DNS uses to resolve DNS names into IP addresses. You manage forward lookup zones in the DNS management module.

To add a forward lookup zone, select All DNS zones and choose Add ‣ DNS: Forward lookup zone. Fig. 8.1 shows the configuration dialog for a DNS forward zone. It has the following tabs:

Configuration of a DNS forward lookup zone in the DNS management module

Fig. 8.1 Configuration of a DNS forward lookup zone in the DNS management module#

8.3.1.1. General tab - DNS forward lookup zone#

Zone name

The complete name of the DNS domain that the zone is responsible for. The domain name must not end in a . in zone names.

Zone time to live

The time to live specifies how long other DNS servers cache the DNS information.

Name servers

The fully qualified domain name with a . at the end of the relative domain name of the responsible name server. The first entry in the line is the primary name server for the zone.

8.3.1.2. Start of authority tab - DNS forward lookup zone#

Contact person

The email address of the person responsible for administering the zone—with a . at the end.

Serial number

Other DNS servers use the serial number to recognize changes of zone data. The secondary DNS server compares the serial number of its copy with the serial number on the primary DNS server. If the serial number on the secondary DNS server is lower than the serial number on the primary DNS server, the secondary DNS server copies the changed DNS information.

Serial numbers use the following common patters:

  • Start with 1 and increment the serial number with each change.

  • Include the date in the number in the YYYYMMDDNN format with the following elements:

    Y:

    for year.

    M:

    for month.

    D:

    for day.

    N:

    for the number of the change of this day.

If you don’t change the serial number manually, Nubus increases it automatically with every change.

Refresh interval

The time span after which the secondary DNS server verifies that its copy of the zone data is up-to-date.

Retry interval

The time span after which the secondary DNS server retries to verify that its copy of the zone data is up-to-date after an unsuccessful attempt to update. Set this time span to a value less than or equal to the Refresh interval.

Expiry interval

The time span after which the copy of the zone data on the secondary DNS server becomes invalid if it couldn’t validate if it’s up-to-date.

Example

An expiration interval of one week means that if all requests to update fail within one week, the copy of the zone data becomes invalid. After the expiry interval, Nubus assumes that the files are too outdated to continue using the data. The secondary DNS server can no longer respond to name resolution requests for this zone.

Negative time to live

The negative time to live specifies how long other DNS servers can cache no-such-domain (NXDOMAIN) answers. The default value is 3 hours. Nubus doesn’t allow to set the value to more than 3 hours.

8.3.1.3. IP addresses tab - DNS forward lookup zone#

IP addresses

Specify one or more IP addresses that the DNS server returns when resolving the name of the zone. Microsoft Windows clients in AD compatible domains query these IP addresses.

8.3.1.4. MX records tab - DNS forward lookup zone#

Priority

A numerical value between 0 and 65535. If several mail servers are available for the MX record, the requesting clients attempt to engage the mail server with the lowest priority value first.

Mail server

The mail server responsible for this domain as fully qualified domain name with a . at the end. Only use canonical names and no alias names.

8.3.1.5. TXT records tab - DNS forward lookup zone#

TXT record

A descriptive text for the zone. TXT records must not contain umlauts or other special characters.

8.3.2. Reverse lookup zone#

Reverse lookup zones contain information that DNS uses to resolve IP address to host names. You manage reverse lookup zones in the DNS management module.

To add a reverse lookup zone, select All DNS zones and choose Add ‣ DNS: Reverse lookup zone. The management module for reverse lookup zones has the following tabs:

8.3.2.1. General tab - DNS reverse lookup zone#

Subnet

The IP address of the network for which the reverse lookup zone applies.

Example

If the network consists of the IP addresses 192.0.2.0 to 192.0.2.255, you enter 192.0.2 here.

Zone time to live

The time to live specifies how long other DNS servers cache the DNS information. The value is in seconds.

8.3.2.2. Start of authority tab - DNS reverse lookup zone#

Contact person

The email address of the person responsible for administering the zone—with a . at the end.

Name servers

The fully qualified domain name with a . at the end or the relative domain name of the primary DNS server.

Serial number

See Serial number.

Refresh interval

See Refresh interval.

Retry interval

See Retry interval.

Expiry interval

See Expiry interval.

Negative time to live

See Negative time to live.

8.3.3. CNAME alias records#

You can manage CNAME records, also know as alias records, in the DNS management module. To create a CNAME record, select the forward lookup zone in the left column, and click Add ‣ DNS: Alias record.

Alias

The alias name as fully qualified domain name with a . at the end or as a relative domain name that must point to the canonical name.

Canonical name

The canonical name of the computer that the alias points to. The value is a fully qualified domain name with a . at the end or a relative domain name.

8.3.4. A/AAAA host records#

You can manage A/AAAA host records in the DNS management module. To create a A/AAAA record, select the forward lookup zone in the left column and click Add ‣ DNS: Host record.

When you add or edit a computer object, the Computer management module automatically creates or edits the A/AAAA record. For more information, see General tab - Computer management.

Hostname

The fully qualified domain name with a . at the end or the relative domain name of the name server.

IP addresses

The IPv4 and/or the IPv6 addresses to which the host record refers.

Time to live

The time to live specifies how long other DNS servers cache the DNS information.

8.3.5. Service records#

You can manage DNS service records in the DNS management module. To create a service record, select the forward lookup zone in the left column and click Add ‣ DNS: Service record. Fig. 8.2 shows the configuration dialog for a DNS service record.

Configuration of a DNS service record

Fig. 8.2 Configuration of a DNS service record#

A DNS forward lookup zone always needs a DNS service record. You can therefore only assign it to a DNS forward lookup zone or a subordinate container.

Service

The name under which the service is reachable.

Protocol

The protocol through which network devices can access the service. You can choose one of the following values:

  • TCP

  • UDP

  • MSDCS

  • SITES

Extension

Specify additional parameters for the service record.

Priority

An integer number between 0 and 65535. If more than one DNS servers offer the same service record, the client approaches the server with the lowest priority value first.

Weighting

An integer number between 0 and 65535. DNS servers use weighting to balance the DNS load between DNS servers with the same priority. If ore than one DNS servers offer the same service record and have the same priority, DNS servers distribute the load across the DNS servers in relation to the weighting.

Example

Server1 has a priority of 1 and a weighting of 1 Server2 also has a priority of 1, but has a weighting of 3. In this case, clients use Server2 three times as often as Server1. The load is measured depending on the service, for example, as the number of requests or connection.

Port

The port of the service on the server. Valid values are integer numbers from 1 to 65535.

Server

The name of the server on which the service is available, The value is a fully qualified domain name with a . at the end or a relative domain name. For each service you can enter multiple servers.

Time to live

The time to live specifies how long other DNS services cache the DNS information.

8.3.6. Pointer record#

You can manage DNS pointer records in the DNS management module. To create a pointer record, select the reverse lookup zone in the left column and click Add ‣ DNS: Pointer record.

Address

The last octet of the computer’s IP address, depending on the network prefix. See the following examples for the pointer:

Pointer

The computer’s fully qualified domain name with a . at the end.

Example 24-bit network prefix

In a network with a 24-bit network prefix, and a 255.255.255.0 subnet mask, you can create a pointer for the client001 computer with the IP address 192.0.2.101. Use the value 101 in the Address field and client001.example.com in the Pointer field.

Example 16-bit network prefix

For a network with a 16-bit network prefix, and a 255.255.0.0 subnet mask, use the last two octets in reverse order for the computer, in the example 101.1. Use client001.company.com. in the Pointer field.