User Tools

Site Tools


userguide:dns:dnsmanager

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
userguide:dns:dnsmanager [2014/07/22 05:54]
chris@virtbiz.com
userguide:dns:dnsmanager [2014/07/24 05:33] (current)
chris@virtbiz.com
Line 11: Line 11:
   * [[#Zone Format|Zone Format]]   * [[#Zone Format|Zone Format]]
   * [[#Auto DNS|Auto DNS]]   * [[#Auto DNS|Auto DNS]]
 +
 ---- ----
-===Edit Primary Services===+ 
 +**[[userguide:​dns:​primarydns|Edit Primary Services]]**:
 Click this button to manage DNS records for domains and networks that this server is registered to serve. Primary DNS service is also called Master DNS service.  ​ Click this button to manage DNS records for domains and networks that this server is registered to serve. Primary DNS service is also called Master DNS service.  ​
  
-===Edit Secondary Services===+**[[userguide:​dns:​secondarydns|Edit Secondary Services]]**:
 Click this button to manage secondary DNS service for domains and networks. ​ Secondary service is that which is "​slaved"​ from another DNS server. Click this button to manage secondary DNS service for domains and networks. ​ Secondary service is that which is "​slaved"​ from another DNS server.
 ---- ----
Line 37: Line 39:
   * **Open DNS Server**: __NOT RECOMMENDED!__ ​ If you tick this box, your DNS server will be entirely open and will resolve DNS for anyone and everyone. //That is a really bad idea.// This exposes yourself and others to the risks of DDoS attacks. So if you need a DNS server to resolve domains which you are not authoritative for, then you should either use the DNS server of your provider, or (if you still want to use your own DNS server for that!) you should only allow query access for localhost (127.0.0.1/​32) on this DNS server, or selected and trustworthy network address ranges.   * **Open DNS Server**: __NOT RECOMMENDED!__ ​ If you tick this box, your DNS server will be entirely open and will resolve DNS for anyone and everyone. //That is a really bad idea.// This exposes yourself and others to the risks of DDoS attacks. So if you need a DNS server to resolve domains which you are not authoritative for, then you should either use the DNS server of your provider, or (if you still want to use your own DNS server for that!) you should only allow query access for localhost (127.0.0.1/​32) on this DNS server, or selected and trustworthy network address ranges.
   * **Allow Cache access from these Networks**: You can limit which address ranges can query your server to specific IP addresses or ranges, but doing so will prevent other servers than those that are included in the IP range(s) you provide from accessing your DNS.    * **Allow Cache access from these Networks**: You can limit which address ranges can query your server to specific IP addresses or ranges, but doing so will prevent other servers than those that are included in the IP range(s) you provide from accessing your DNS. 
 +    * Enabling caching, also called recursion, allows resolution of domains and network zones that other name servers are authoritative for. Disabling caching is useful when operating this server on a private network.
   * **Forwarding Servers**: Forwarding domain name servers are used when Allow DNS Cache Access is enabled and when root domain name servers are not directly accessible due to a limited or restricted Internet connection. Please enter a series of four numbers between 0 and 255 separated by periods. For example, 192.168.1.1 is a valid entry.   * **Forwarding Servers**: Forwarding domain name servers are used when Allow DNS Cache Access is enabled and when root domain name servers are not directly accessible due to a limited or restricted Internet connection. Please enter a series of four numbers between 0 and 255 separated by periods. For example, 192.168.1.1 is a valid entry.
-  ​* **Zone Transfer Access by IP Address**: Enter the IP addresses that are allowed to download all records maintained by this domain name server through zone transfers. Zone transfers are used by secondary domain name servers to synchronize their records with primary domain name servers. ​The default ​value is to leave this field empty to refuse ​zone transfer requests.+    * If the BlueOnyx server is being used on a private network or in conjunction with a restrictive firewall, you can specify a forwarding DNS server(s) by IP address. If a DNS server cannot answer a DNS query, it forwards the query to the forwarding DNS server to get the needed response, then answers back to the client.  
 +  ​* **Zone Transfer Access by IP Address**: Enter the IP addresses that are allowed to download all records maintained by this domain name server through zone transfers.  
 +    * A zone transfer allows another DNS server to download the complete list of hosts maintained by your DNS server. Zone transfers are used by secondary domain name servers to synchronize their records with primary domain name servers. 
 +By default, zone transfers are not allowed ​to any domain. You must explicitly enter any domain names that are allowed ​to perform ​zone transfers, or no domain will be able to perform zone transfers.
 ==DNS Rate Limits== ==DNS Rate Limits==
 DNS Response Rate Limiting (DNS RRL) is an experimental protection feature for domain name servers. This mechanism keeps BIND 9 from being used in amplifying reflection denial of service attacks as well as partially protecting BIND 9 itself from some denial of service attacks. By default it should be enabled. DNS Response Rate Limiting (DNS RRL) is an experimental protection feature for domain name servers. This mechanism keeps BIND 9 from being used in amplifying reflection denial of service attacks as well as partially protecting BIND 9 itself from some denial of service attacks. By default it should be enabled.
Line 52: Line 58:
 ===Auto DNS=== ===Auto DNS===
 Add additional host names for Auto DNS. This will allow you to setup domains in a snap. Add additional host names for Auto DNS. This will allow you to setup domains in a snap.
-  * **Host Names**: Enter the  +  * **Host Names**: Enter the default hostnames that you wish to be added to a domain'​s DNS configuration. ​  All of the hostnames entered here will generate A records pointing to the configured IP address of the site. 
-  * **Mail Server Host Name**: ​+  * **Mail Server Host Name**: ​Enter the default hostname of the mailserver for the domain. ​ As new sites are added, an MX record will be added for the domain based on this entry.
  
userguide/dns/dnsmanager.1405972452.txt.gz · Last modified: 2014/07/22 05:54 by chris@virtbiz.com