/
Managing DNS Zones
Document toolboxDocument toolbox

Managing DNS Zones

Owned by Comala Publishing for Confluence Cloud
Jan 07, 2025
9 min read

This section explains how to view DNS views, zones records and subzones, to modify views, zones, records, subzones, check which key-signing keys are due for a rollover, and restrict synchronization of DNS views and zones.

Listing DNS Views

To list zones, navigate to the Data Management tab -> DNS tab -> Zones tab. This panel lists the DNS views. This panel displays the following information:

  • DNS View: The name of the dns view.

  • Network View: The network view to which the DNS view belongs.

  • Grid: The name of the Grid managed by the Multi-Grid Manager, or the Grid to which the DNS view belongs.

  • Comment: Comments about the DNS view.

  • Site: Values that were entered for this pre-defined attribute. This is one of the predefined extensible attributes.

  • Disabled: This field displays Yes if the view is disabled. Otherwise, this field displays No.

Modifying DNS Views

To modify the DNS views, you can edit the comments and extensible attributes:

  1. From the Data Management tab, click the DNS tab > Zones tab >Select DNS View > Click Edit icon.

    • In the DNS View editor, select the General tab >.

      • DNS View : Displays the name of the dns view.

      • Comment: You can update the comments about the DNS view.

    • In the Extensible Attributes tab, you can modify the attributes.

    • To schedule this task, click the Schedule icon at the top of the wizard. In the Schedule Change panel, click Later, and then specify a Start Date, Start Time, and Time Zone.

  2. Save and close the editor.

Managing DNS Zones

To list the DNS zones, navigate to the Data Management tab -> DNS tab -> Zones tab> drill down the DNS View to list zones. This panel displays the following information:

  • Name: The domain name of the zone. This field displays the domain name of the zone in non-English characters, if the domain name was originally entered either in the native character set or in punycode. For example, the domain name of the zone can be displayed as ‘зоны’ (Russian).

  • Type: The zone type. Possible values are Authoritative, Forward, Stub and Delegation.

  • Grid Primary Server: The primary name server configured for an authoritative zone in the DNS zone.

  • Signed: This field displays Yes if the zone is a DNSSEC-signed zone. Otherwise, this field displays No.

  • Comment: Comments that were entered for the zone.

  • Site: Values that were entered for this pre-defined attribute.

  • Disabled: This field displays Yes if the zone is disabled. Otherwise, this field displays No.

Modifying DNS Zones

You can only modify the comment and extensible attributes:

  1. From the Data Management tab, click the DNS tab > Zones tab> DNS View > select default view > zones checkbox -> Edit icon.

    • In the Zone editor, select the General tab:

      • Name: Displays the name of the zone.

      • Type: Displays the zone type.

    • Comment: You can update the comments about the DNS zone.

  2. In the Extensible Attributes tab, you can modify the attributes.

  3. To schedule this task, click the Schedule icon at the top of the wizard. In the Schedule Change panel, click Later, and then specify a Start Date, Start Time, and Time Zone.

  4. Save and close the editor.

Viewing DNS Records

To list the DNS records, navigate to the Data Management tab, click the DNS tab -> Zones tab -> DNS View > Zone → Drill down to the Records tab. This panel displays the following information:

  • Name: The name of the record, if applicable.

  • Type: The resource record type.

  • Data: Data that the record contains.

  • Comment: Comments that were entered for the resource record.

  • Disabled: Indicates if the record is disabled.

  • Creation Time: The time at which the DNS resource record was created

  • Site: Values that were entered for this pre-defined attribute.

Modifying DNS Records

To modify or disable can a record, you can edit the comments and extensible attributes:

  1. From the Data Management tab, click the DNS tab -> Zones tab -> DNS View > Zone → Drill down to the Records tab. Select the record you want to modify and click the edit icon.

    • In the Host editor, select the General tab>

      • Name: Displays the name of the DNS records.

      • Comment: You can update the comments about the DNS record.

    • In the Extensible Attributes tab, you can modify the attributes.

    • To schedule this task, click the Schedule icon at the top of the wizard. In the Schedule Change panel, click Later, and then specify a Start Date, Start Time, and Time Zone.

  2. Save and close the editor.

Viewing DNS Subzones

To list the DNS subzones, navigate to the Data Management tab, click the DNS tab -> Zones tab -> DNS View > Zone → Drill down to the Subzones tab. This panel displays the following information:

  • Name: The domain name of the subzone.

  • Type: The subzone type.

  • Grid Primary Server: The primary name server configured for an authoritative zone in the DNS zone.

  • Signed: This field displays Yes if the zone is a DNSSEC-signed zone. Otherwise, this field displays No.

  • Comment: Comments that were entered for the subzone.

  • Site: Values that were entered for this pre-defined attribute.

  • Disabled: This field displays Yes if the zone is disabled. Otherwise, this field displays No.

Modifying DNS Subzones

To modify the DNS subzones, you can edit the comments and extensible attributes:

  1. From the Data Management tab, click the DNS tab -> Zones tab -> DNS View > Zone → Drill down to the Subzones tab.

  2. Select the subzone you want to modify and click the edit icon.

    • In the Zone editor, select General tab>

    • Name: The domain name of the subzone.

    • Type: Displays the zone type.

    • Comment: Update the comments about the subzone.

    • In the Extensible Attributes tab, you can modify the attributes.

    • To schedule this task, click the Schedule icon at the top of the wizard. In the Schedule Change panel, click Later, and then specify a Start Date, Start Time, and Time Zone.

  3. Save and close the editor.

Checking the Key-Signing Key Rollover Due

To check which key-signing keys are overdue for a rollover:

  1. From the Data Management tab, select the DNS tab.

  2. Expand the Toolbar and click KSK Rollover Due -> KSK Rollover Due.

  3. The KSK Rollover Due dialog box lists the key-signing keys that are due to rollover. It includes the Grid name, DNS View, Zone Name, and the number of days until the rollover.

  4. Click Close.

Restricting Synchronization

You can restrict synchronization of DNS views, and zones from the managed Grid to the Multi-Grid Master. You can do this when you are configuring or modifying them.

Restrict Synchronization on DNS Views

To restrict synchronization while configuring a DNS View:

  1. Log in to the managed Grid. Make sure that the Grid remains joined with the Multi-Grid Master.

  2. From the Data Management tab, select the DNS tab -> DNS View tab -> and then click the Add icon.
    The DNS View editor contains the following basic tabs:

    • DNS View: Enter the name of the DNS view. It can be up to 64 characters long and can contain any combination of printable characters. Each DNS view must have a unique name. You cannot create two DNS views with the same name, even if they are associated with different network views. This field accepts the name in the native character set.

    • Comment: Optionally, enter information regarding the DNS view. You can enter up to 256 characters.

    • Enable Recursion: This field's initial default state is inherited from the Grid. It is inactive and greyed out until you click Override. After you click override, you can select or clear the checkbox to define a setting that applies to the DNS view only.

      Note that a DNS view actually inherits its recursion setting from the Grid members that serve its zones. When you first create a DNS view though, it does not have any zones and therefore inherits its setting from the Grid. After you create zones in the DNS view, Grid Manager can then determine the associated members and display the resulting inheritance. If a DNS view has multiple zones served by multiple members with different recursion settings, you can view the different settings in the Multi-Inheritance viewer. You can click Inherit to have the DNS view inherit its recursion setting from the Grid.

      If the set rpz_recursive_only command is set to no for a DNS view or zone, you can deselect the Enable Recursion checkbox even if the RPZ zone is configured as the Grid secondary. In a single DNS view, if the set rpz_recursive_only command is set to no for one zone and not set to no for another zone, then you cannot disable recursion. Ensure that there is no conflict between set rpz_recursive_only yes, none, and no settings in different zones in the same view when you disable recursion. If a scheduled Grid upgrade is in progress, then you cannot deselect the Enable Recursion checkbox.

    • Disable: Select this checkbox to disable this DNS view. Note that disabling a DNS view may take a longer time to complete depending on the size of the data.

    • Disable sync to MGM: Select this option to disable synchronization of the selected DNS View from the managed Grid to the Multi-Grid Master. By default, the Disable sync to MGM checkbox is enabled.

  3. Save the changes.

To restrict synchronization while modifying a DNS View:

  1. Log in to the managed Grid. Make sure that the Grid remains joined with the Multi-Grid Master.

  2. From the Data Management tab, select the DNS tab -> DNS View tab -> DNS View section -> and then click the Edit icon.
    The DNS View editor contains the following basic tabs from which you can modify data:

    • General Basic: You can modify the following fields:

      • Comment: The information you entered for the network.

      • Disabled: This field is displayed only if the selected network is a network without a child network under it. You can disable and enable existing networks instead of removing them from the database, if the selected network does not have a child subnet. This feature is especially helpful when you have to move or repair the server for a particular network.

      • Disable sync to MGM: Select this option to disable synchronization of the selected DNS View from the managed Grid to the Multi-Grid Master. By default, the Disable sync to MGM checkbox is enabled.

  3. Save the changes. 

Restricting Synchronization on DNS Zones at the Subgrid level

To restrict synchronization while configuring a DNS Zone (This is applicable for Authoritative, Forward, Stub and Delegation zone types):

  1. Log in to the managed Grid. Make sure that the Grid remains joined with the Multi-Grid Master.

  2. From the Data Management tab, select the DNS tab -> DNS View tab -> DNS Zones > Zone section and then click the Add icon.
    The DNS Zone editor contains the following basic tabs:

    • Name: The domain name of the zone.

    • DNS View: This field displays only when there is more than one DNS view in the current network view. Select a DNS view from the drop-down list.

    • Comment: Enter a descriptive comment about the zone.

    • Disable: Select this option to temporarily disable this zone. Note that disabling a zone may take a longer time to complete depending on the size of the data.

    • Lock: Select this option to lock the zone so that you can make changes to it and prevent others from making conflicting changes.

    • The Sync to MGM is used for synchronizing the selected zone from the managed Grid to the Multi-Grid Master and is available only on the managed Grid when it remains joined with the Multi-Grid Master. Select one of the following from the Sync to MGM drop-down list:

      • Use Inherited Setting: Select this to inherit synchronization settings from the parent level, i.e. the DNS view.

      • Yes: Select this to enable synchronization of zones between the managed Grid and Multi-Grid Master.

        No: Select this to disable synchronization of zones between the managed Grid and Multi-Grid Master.
        Note:   If you have selected No at the parent level i.e. DNS view (disabled synchronization) and if you try to select Yes when adding a zone, the appliance returns an error. This means that you cannot override the settings at the child level if you have already restricted synchronization at the parent level.

  3. Save the changes.

To restrict synchronization while modifying DNS zone:

  1. Log in to the managed Grid. Make sure that the Grid remains joined with the Multi-Grid Master.

  2. From the Data Management tab, select the DNS tab -> DNS View tab -> DNS Zones > Zone section and then click the Edit icon.

  3. The DNS Zone editor contains the following basic tabs from which you can modify data:

    • General Basic: You can modify the comments:

      • Name: The name of the DNS zone.

      • Type: Displays the zone type.

      • Comment: Optionally, enter information regarding the DNS zone.

      • Disable: Select this checkbox to disable this dns zone. Note that disabling a dns zone may take a longer time to complete depending on the size of the data.

      • Lock: Select this checkbox to lock the zone to make changes to the zone.

      • Disable sync to MGM: Select this option to disable synchronization of the selected zones and its records and subzones with the Multi-Grid Master.
        Note that the option to Disable sync to MGM is available exclusively for the first level, for the root zone, it can be accessed at two levels.

        • Click Override. Note that you can override only when you have not disabled synchronization at the DNS View level.

  4. Save the changes.