Chapter 17 Configuring DNS Services
This chapter provides general information about DNS service properties. The topics in this chapter include:
- Configuring DNS Service Properties
- Configuring DNS Access Control
- About Time To Live Settings
- Configuring Hostname and Server ID Options
- Enabling and Disabling DNS Health Check Monitor
- Adding an Email Address to the SOA Record
- Notifying External Secondary Servers
- Enabling the Configuration of RRset Orders
- Specifying Port Settings for DNS
- Deleting PTR Records associated with A or AAAA Records
- Specifying Minimal Responses
- Starting and Stopping the DNS Service
- About DNS Cache
- Using Forwarders
- Controlling DNS Queries
- Enabling Recursive Queries
- Controlling AAAA Records for IPv4 Clients
- About NXDOMAIN Redirection
- Detecting and Mitigating DNS DDoS Attacks
- Automated Mitigation of Phantom Domain Attacks
- Detecting NXDOMAIN Attacks
- Mitigating Possible NXDOMAIN Attacks
- Support for RRL (Response Rate Limiting)
- About Blacklists
- Enabling Zone Transfers
- About Root Name Servers
- About Sort Lists
- Configuring a DNS Blackhole List
- Specifying Hostname Policies
- About DNS64
- DNS Record Scavenging
- Monitoring DNS Queries
- Configuring DNS Traffic Control Properties
Configuring DNS Service Properties
You can configure general DNS service properties and change some default values. The DNS service is disabled by default. To enable the member to provide DNS service, you must start the DNS service. For information about how to start and stop the DNS service Starting and Stopping the DNS Service . The following sections describe the DNS service properties that you can configure:
- Configuring DNS Access Control
- About Time To Live Settings
- Configuring Hostname and Server ID Options
- Adding an Email Address to the SOA Record
- Notifying External Secondary Servers
- Specifying Port Settings for DNS
- Specifying Minimal Responses
- Starting and Stopping the DNS Service
Configuring DNS Access Control
You can add ACEs (access control entries) or use a named ACL (access control list) to determine which hosts can perform specific DNS tasks. For information about how to define a named ACL, see Defining Named ACLs. When you add ACEs or a named ACL to Grid DNS properties, the configuration overrides member and object access control for DNS zone transfers, dynamic DNS updates, DNS queries and recursive queries, blackhole lists, and AAAA filtering. For a full list of operations that support access control, see Operations that Support Access Control.
To configure DNS access control:
- From the Data Management tab, select the DNS tab, expand the Toolbar and click Grid DNS Properties.
- In the Grid DNS Properties editor, click Toggle Advanced Mode, and select one of the following tabs for specific DNS tasks:
- Updates tab: Define ACEs or a named ACL to control Grid level dynamic DNS updates, as described in Enabling DNS Servers to Accept DDNS Updates.
- Queries tab: Define ACEs or a named ACL to control Grid level DNS queries, recursive queries, and AAAA filtering, as described in Controlling DNS Queries , Enabling Recursive Queries , and Controlling AAAA Records for IPv4 Clients.
- Zone Transfers tab: Define ACEs or a named ACL to control Grid level DNS zone transfers, as described in Enabling Zone Transfers. This does not apply to zone transfers for Microsoft servers. For information about Microsoft servers, see Setting Zone Properties.
- Blackhole tab: Configure ACEs or a named ACL to define IP addresses and networks that you do not want to include during the DNS resolution process, as described in Configuring a DNS Blackhole List .
- DNS64 tab: Configure ACEs or a named ACL for clients to which the appliance sends synthesized AAAA records DNS64 groups, as described in Setting DNS64 Group Properties.
- Save the configuration.
You can override the Grid settings at the member and object levels.