Versions Compared

Version Old Version 2 New Version Current
Changes made by

Naveen J Oommen

Panna .

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

DNS resource records provide information about objects and hosts. DNS servers use these records to respond to queries for hosts and objects. The appliance supports IDNs for all DNS resource records. For information about IDNs, see Support for Internationalized Domain Names. Note that the appliance does not decode the IDN of a resource record to punycode. In other words, a record that contains a domain name in punycode is displayed in punycode and a record that contains an IDN is displayed in its native characters.

...

Table of Contents
class
minLevel1
maxLevel1
includeoutlinefalse
indentManaging A Records
styledefault
excludetypelist
printabletrue

Managing A Records

An A (address) record is a DNS resource record that maps a domain name to an IPv4 address. To define a specific name-to-address mapping, you can add an A record to a previously defined authoritative forward-mapping zone. If the zone is associated with one or more networks, the IP address must belong to one of the associated networks. For example, if the A record is in the corpxyz.com zone, which is associated with 10.1.0.0/16 network, then the IP addresses of the A record must belong to the 10.1.0.0/16 network. For information about associating zones and networks, see Associating Networks with Zones.

The appliance also supports wildcard A records. For example, you can use a wildcard A record in the corpxyz.com domain to map queries for names such as www1.corpxyz.com, ftp.corpxyz.com, main.corpxyz.com, and so on to the IP address of a public-facing web server. Note that wildcard names only apply when the domain name being queried does not match any resource record.

NIOS allows superusers to add A records with a blank name. Limited-access users must have read/write permission to Adding a blank A/AAAA record to add A records with a blank name. You can assign global permission for specific admin groups and roles to allow limited-access users to add blank A records. For more information, see Administrative Permissions for Adding Blank A or AAAA Records.

...

  1. From the Data Management tab, select the DNS tab, expand the Toolbar and click Add -> Record -> CAA Record.

  2. In the Add CAA Record wizard, complete the following fields:

    • Name: Enter a name for the CAA record. Click Select Zone to select a zone. When there are multiple zones, Grid Manager displays the Zone Selector dialog box. Click Clear to clear the zone that you have entered.

    • DNS View: The DNS view associated with the selected DNS zone is displayed.

    • Flag: Select a checkbox to set the flag value. When the flag is set to Bit 0 (Critical), it tells the CA that it must completely understand the property tag to proceed. A CA does not issue certificates for any domain when the flag is set to Bit 0 (Critical) and the property tag is not understood. NIOS considers the flag value as zero, if you do not select any checkbox.

      Note that the flags are unsigned integers between 0 and 255. Infoblox represents these integers in the form of bits. When you select the checkbox for Bit 0 (Critical), the flag value is set to binary 10000000, which is decimal 128. Example: CAA 128 xyz “Unknown”. 
      You can select only Bit 0 (Critical) as the flag value and the remaining checkboxes are reserved for future use. The appliance displays a warning message when you select a checkbox other than Bit 0 (Critical).

      Consider the following example with two CAA records:

      • CAA 0 issue “ca.example.net; policy=ev”

      • CAA 128 xyz “Unknown”

      In the above example, the property tag xyz is flagged as unknown. The CA associated with example.net or any other issuer cannot issue a certificate unless the processing rules for the xyz property tag are clearly understood by the CA.

    • Type(Tag): Indicates the type of CAA record. The supported CAA record types are:

      • Issue: Select this to explicitly authorize a single CA to issue a certificate for the domain and subdomains of the specified domain.

      • Issuewild: Select this to explicitly authorize a single CA to issue a wildcard certificate for the domain. It allows the domain holder or anyone acting under the authority of the domain holder to issue wildcard certificates for the domain.

        Note that Issue wild type takes precedence over Issue.

      • Iodef: Select this to specify an email address or URL of the web service to report invalid certificate requests or issued certificates that violate your CAA policy.
        Infoblox allows you to enter a new CAA record type other than those displayed in the drop-down list. The maximum length allowed is 255 characters.

    • Certificate Authority: Indicates the CA that is authorized to issue a certificate for the domain. The maximum length for certificate authority is 8192 characters.  You can also specify the email address or the URL to report CAA policy violation for the domain. This is valid for Iodef only. Infoblox recommends that you add either the http:// or https:// prefix to the domain name. You must explicitly add "mailto" when specifying the email address. For example, "mailto:admin@example.com".

    • Comment: Optionally, enter a descriptive comment for the CAA record.

    • Disable: Clear the checkbox to enable the record. Select the checkbox to disable it.

  3. Save the configuration or click Next to define extensible attributes. For information, see Managing Extensible Attributes.

  4. Save the configuration or click Next to schedule this task. Click Now in the Schedule Change panel to immediately execute this task or click Later and specify a date, time, and time zone. For information about how to schedule a task, see Scheduling Tasks.

  5. Click Save & Close to complete the configuration.

...

  1. From the Data Management tab, select the DNS tab, expand the Toolbar and click Add -> Record -> Unknown Record.

  2. In the Add Unknown Record wizard, complete the following fields:

    • Domain Name: Click Select Zone to select a zone. When there are multiple zones, Grid Manager displays the Zone Selector dialog box. Click Clear to clear the zone that you have entered.

    • DNS View: The DNS view associated with the selected DNS zone is displayed.

    • Type: Enter the type that the unknown record belongs to. You can either enter the type in the textual mnemonic format or in the "TYPEnnn" format where "nnn" indicates the numeric type value. For example, for a record of type RP, you can either enter "RP" or "TYPE17". 

  3. Click the + icon to specify the details for the record you are creating:

    • Field Type: Select the field type that the record data must assume. Field types can be of the following:

      • Base64-encoded DataBASE64 encoded binary data

      • Hexadecimal SequenceHexadecimal encoded binary data

      • 8-bit unsigned integer: Unsigned 8-bit integer

      • 16-bit unsigned integerUnsigned 16-bit integer

      • 32-bit unsigned integerUnsigned 32-bit integer

      • IPv4 Address: IPv4 address in numerical form. For example, 192.0.1.1 

      • IPv6 Address: IPv6 address in numerical form. For example, 2001:db8::abcd

      • ASCII String: ASCII text

      • Domain Name: Domain name

      • Presentation: Standard textual form of record data, as shown in a standard master zone file. This type is specifically intended to be used for standard types of records that cannot easily be represented as a sequence of fields of the other types. Such record types include LOC and APL. If you choose this field type, it must be the only field to represent the record

    • Value: Value of the field data. Before entering a value, see the Guidelines for Creating Unknown Records section.

    • Length: Format in which to specify the length of the field value. The length can only be None for fields of 8-bit unsigned integer, 16-bit unsigned integer, 32-bit unsigned integer, IPv4  Address, IPv6 Address, Domain Name, and Presentation types. For fields of type Base64-encoded Data, ASCII String, and Hexadecimal Sequence, the value of the Length field can be either None or 8 bits or 16 bits depending on the requirement of the corresponding record type.

      Irrespective of the field type you select, there is an implementation-specific limitation on the length of the record data. Specifically, the data is internally converted to a textual form that appears in a standard DNS master file, and it is rejected if the converted text exceeds 8192 bytes. Although unlikely, some extremely large data can be rejected because of this limitation.

  4. Click Add. The record details are added to the table below.

  5. In the Comment field, optionally enter a descriptive comment for the record.

  6. Clear the Disable checkbox to enable the record. Select the checkbox to disable it.

  7. Save the configuration or click Next to define extensible attributes. For information, see Using Extensible Attributes.

  8. Click Save & Close.

Guidelines for Creating Unknown Records

Make note of the following guidelines when you create an unknown record:

  • You cannot enter a record type that already exists in NIOS. For example, A, AAAA, ANY, CAA, CNAME, DHCID, DNAME, DNSKEY, DS, MX, NAPTR, NS, NSEC, NSEC3, NSEC3PARAM, PTR, RRSIG, SOA, SRV, TLSA, TXT.

  • If the record contains an ASCII String field type and you include double quotes, you must escape it with a backslash. For example, to obtain a value of "a"b", specify the string as \"a\"b\".

  • Ensure that you use the correct syntax when entering the value of the record. 

  • If you want to modify the field type of an unknown record, you have to delete the field type and then add it again.

  • If you create an unknown record of a specific type and later on the record type is supported by NIOS, the record continues to exist as an unknown record. You will need to migrate the record to the newly supported type.

  • If you add an unknown record that is not supported by the Microsoft server to the zone, you may encounter issues with the MS server synchronization.

  • You cannot create records of type MD and MF.

...

When you modify an unknown record, you can change the information you previously entered in the General tab. You can also enter or edit information in the TTL, Extensible Attributes and Permissions tabs. For information on modifying and deleting resource records, see Modifying, Disabling, and Deleting Host and Resource Records below.

Prohibited Records

The following record types are prohibited as part of a zone, irrespective of whether or not they are defined as Unknown records:

  • Type 0: Do not allocate it for ordinary use.

  • Type 41 (OPT): Pseudo type 

  • Types 128-255: Meta type 

  • Types 55555, 55556, 55557, 65432, 65433: Used internally in NIOS

  • Type 65533: Private use

  • Type 3 (MD) and 4 (MF): Obsolete type

...