OverviewThe commands associated with zone management (located in the DNS context of the Web Application or the in the Management Console) are only available when a specific DNS server or DNS zone is selected. In other words, actions for the DNS zone are only available when DNS zones are listed. The default for the DNS context is displaying all zones. (In the Management Console, when DNS Zones is selected in the Object Browser, all DNS zones are listed on all servers.) However, when a particular name server is selected, only the zones being managed on that server are listed. Show
The Web Application’s DNS context displays zone types in the second column.
Zone ViewingAll Zones on All ServersYou can use the Web Application to view all of the existing DNS zones at once, regardless of the server to which they belong. In the Web Application, click the DNS on the top. This causes all existing zones (to which you have access) to appear in the grid. Single Name Server ZonesIn the filtering sidebar or through of the Web Application, locate the DNS server that owns the zones you want to view and click on it. This will list all zones on the server. (In Server Management when a server is selected, select Show zones from the ellipsis menu to display all zones residing on the server.) Tip The navigation indicator in the bottom left displays the name of the DNS server. Zone ContentsThe Inspector window on the right provides a detailed look at the data inside of a zone. The header record (a.k.a. Start of Authority or SOA record) displays as a collection of fields above the resource records. To view the contents of a particular zone, double-click on it. This opens the Zone tab. SOASince the SOA record is seldom modified after it is created, the Inspector windows has a built-in control to allow you to hide the SOA data from view. On the right edge of the Inspector, next to the ‘edit’ button, you’ll notice the open/close button (> and v, respectively) to show/hide the SOA information. SOA Fields
Zone Analysis (Management Console)Note Importing DNS data into the Web Application (see Import DNS Records) will automatically validate the data. The DNS Expert Zone Analysis engine allows zones to be analyzed for correctness in the Management Console. To analyze a zone, do any of the following:
The results of the zone analysis are shown in a new window: To perform the analysis again, press F5 or click the Analyze button. FilteringIt is possible to filter out messages of a certain type. When the checkbox Don’t show filtered messages is selected, the filtering is active and these messages are not shown in the message list. Deselecting the checkbox disables the filtering and all messages are shown in the message list. Quick FilterThe Quick filter works the same as it does in other windows. MessagesThe message list shows the results of the zone analysis. Messages are either warnings or errors (as indicated by the icon next to the message). Selecting a message will display detailed information about the message at the bottom of the window. FixWhen the application can fix an error, the Fix menu item becomes available. Selecting this menu item will display more information about the fix for the error. Filter out messages of this typeSelecting this item, will suppress the display of the selected error type unless the Don’t show filtered messages checkbox is unselected. NOTE: This setting is global and it is applied to all subsequent analysis in all zones. If you right-click a filtered message, this item will read as Don’t filter out messages of this type. If the zone you are analyzing is open, an icon with an exclamation mark is shown in the bottom left corner of the window. Clicking this icon will display the errors found during the analysis in a list at the bottom of the Zone tab. Closing the analysis window will clear the error message list in the Zone tab. Access/Access for Non-Master for Zone(s)Refer to Global Access. Delete zoneUse this command to delete a zone from one or more servers. Before using this command, select the zone you want to delete from the Management Console; the Delete Zone dialog box displays and shows a list of servers on which that zone resides. By default, the zone will be removed from all servers (i.e., all servers are checked). If you want to keep it on one or more servers, clear the checkbox next to that server. Click the Delete button to remove the zone from the selected servers.
Warning The Delete Zone dialog, showing each zone you selected and a list of servers that currently serve that zone, is only available in the Management Console. There you are able to keep the zone on particular server(s) by clearing the checkbox next to that server(s). Disable/Enable (Management Console)Note This function is only available in the Management Console. Disabling a Zone(s)This function is only available for static master zones that have no slave zones. (For other types of zones (dynamic or AD integrated) the command is not visible. The Disable command deactivates the entire zone without deleting it. When disabled, the server ignores the contents of the zone. The zone can still be edited while disabled, but changes will not take effect until the zone is re-enabled.
Zones that are disabled appear faded in the Object List. They are still fully accessible and editable, but they will not be active until you re-enable them. Enabling a Zone(s)Use the following procedure to re-activate a zone that has been disabled.
Duplicate (Management Console)Tip In the Web Application, you can duplicate DNS zones by selecting Migrate zone from the ellipsis menu, or using and leaving the Remove original zone checkbox unchecked. In the Management Console, use the following procedure to create a new zone that is an exact duplicate of an existing one, including master and slave servers, zone data and zone options.
Zone Migration WizardThe Zone Migration Wizard allows users to migrate one or more zones from one server to another, including all data in the zone. To migrate a zone, do the following:
Edit Preferred Servers (Management Console)This option is only available when working with AD integrated zones. (See AD Sites and Subnets.) It is used to specify the server to use when opening an AD integrated zone. It is also possible to specify which server to use if the preferred server becomes unavailable—e.g., the server on the top of the list is tried first and, if that server is unavailable, the second server is tried, and so on.
Export (Management Console)Use this command to export DNS zone files to standard format.
FoldersRefer to Object Folders for details on this function. Forward ZoneFor creating a forward zone in the Web Application, see Creating a DNS zone. For creating a forward zone in the Management Console, see Forward Zone. Import (Management Console)Note This is a function that allows importing DNS zones. To import DNS records see Import DNS Records.) Through this function, you can import multiple DNS zones at one time.
If you happen to select an invalid zone, the following error message dialog box displays:
Master ZoneFor creating master zones in the Web Application, see Creating a DNS zone. For creating master zones in the Management Console, see Master Zone (Management Console). DNS Response Policy Zones (BIND only) (Management Console)The ISC BIND name server (9.8 or later) supports DNS Response Policy Zones (RPZ). You can find more information on RPZ at dnsrpz.info You can manage RPZ zones from within Micetro with the Management Console. When you open the Options dialog box for a master zone on a BIND server you will see the Response Policy Zone checkbox. To specify zone as an RPZ zone, just click the checkbox. Note To use RPZ, a response-policy statement must exist in the DNS server options file. The Response Policy Zone checkbox is disabled if a response-policy statement is not present. For example 1options { 2 ... 3 response-policy {zone "rpzzone.com" ;}; 4 ... 5}; DNSSEC Zones (Management Console)Note DNSSEC signed zones can be listed in the Web Application by selecting DNSSEC signed in the filtering sidebar on the left. Zones containing DNSSEC records are labeled as “Signed” in the DNSSEC column in the zone list. When DNSSEC zones are opened, the system ignores most DNSSEC records unless the system setting to include DNSSEC records has been set. Note All DNSSEC record types, with the exception of the DS and NSEC3PARAM record types, are read-only. DNSSEC Management on Windows Server 2012You can use Micetro to manage DNSSEC on Windows Server 2012. You can sign and unsign zones. You can customize the zone signing parameters and add, edit and remove Key Signing Keys (KSK) and Zone Signing Keys (ZSK). The details of DNSSEC are beyond the scope of this documentation. For more information on Windows Server 2012 and DNSSEC, see the Microsoft web site http://www.microsoft.com. Signing Zones using DNSSECTo sign a zone on a Windows Server 2012, do the following:
Signs the zone with a new set of zone signing parameters. When this option is selected you can choose or create new Key Signing Keys (KSK) and Zone Signing Keys (ZSK). Sign the zone with parameters of an existing zone.Signs the zone using parameters from an existing signed zone. To use this option, you must enter the name of the zone containing the parameters to use. Use default settings to sign the zone.Signs the zone with the default zone signing parameters.
Unsigning Zones using DNSSECTo unsign a zone on a Windows Server 2012, do the following:
Options (Management Console)Note Using the Web Application’s Properties you can edit custom properties that’s been configured for DNS zones. The Zone Options dialog box is where you can configure individual settings for a specific zone on each server. Zone Options (Windows and BIND)To access the zone options for a specific zone only, do the following:
Master zonesAllow Zone Transfers.When enabled, zone transfers will occur according to the method indicated by the radio buttons below. You must select at least one of these methods. Slave ZonesAllow Zone Transfers.When enabled, zone transfers will occur according to the method indicated by the radio buttons below. You must select at least one of these methods. To any server.When selected, the zone transfer will be performed to any requester. Only to listed name servers in the zone.When selected, the zone will be transferred from the server to any other name server listed in the zone. Only to the following servers.When selected, the zone will only be transferred to the servers you specify in the list below. To enter a server, click in the first available row and enter its IP Address. IP Addresses of master.Type the IP Address of the master servers for the zone. Stub/Forward ZonesType the IP Address of the master servers for the zone. BIND ServersThe Zone Options dialog box lets you specify an IP Address (or an address block) from which zone transfers can be allowed, or disallowed. The top section of the Options dialog box lets you designate the zone as either Static or Dynamic. Newly created zones are static by default, but can be changed to a dynamic zone (and vice versa) using this option. Refer to Dynamic Zones for more information on dynamic zones versus static zones. Addresses that have already been setup to handle (i.e., allow or disallow) zone transfers are listed in the lower area of the Zone Options dialog box. If you want to change the settings associated with an address that is already listed here, select it and click on the Edit button. To remove the access control completely, select it from the list and click the Remove button. To specify a new address (or block) on which you want to implement access controls, do the following:
3, Click OK to save the selection. The new address is now listed in the Zone Options dialog box. Note BIND uses journal files to keep track of changes to dynamic zones. The data in the journal files is merged with the zone data file at a designated interval. It is not possible to manually merge the data from the journal files to the zone data file. This means that if there is data in the zone’s journal file when the zone type is changed to a static zone, the entries in the journal file will not be visible in the Management Console. Slave Zones on BIND ServersWhen a slave zone is hosted on a BIND server, the Options dialog box will look like the one below. Besides being able to setup the access control (as described in the previous section), you can also specify the IP Address of one or more master servers for the zone. The master servers are specified in the lower half of the Zone Options dialog box. To add a new server to the list, simply click in the white space and enter the IP Address of the master server you are assigning. To change the address of an existing server, click on it and make the desired edits. Advanced Options DNS Administrators can now access the BIND configuration files directly to edit DNS server and zone options that are not available in the GUI. Refer to Advanced Server Options for details. Options for a zone (Management Console)If a zone exists on more than one server (e.g., in a master/slave configuration), it is possible to select the zone instance for which you want to set options.
Promote Slave to MasterThe Promote Zone feature makes it possible to change a slave zone to a master zone. This might be necessary in emergency situations, for example if the master zone becomes unavailable for an extended period of time. This feature is only available for DNS Administrators. When a slave zone is promoted, the following actions are performed:
To promote a slave zone to a master zone, do the following:
Zone Controls (BIND only) (Management Console)The Zone Controls feature allows you to create and edit $GENERATE statements in static zones on BIND DNS servers.
Note The fields for each $GENERATE statement must be separated by a tab. Reload (Management Console)Sends a command to the DNS server instructing it to reload the zone data. Set FolderAllows you to add or remove zones from folder. Warning If you remove a zone from a folder, there is no way to undo this action.
SearchFor search in the Web Application, see Quick command. For searching in the DNS zone tab in the Management Console, see Search (DNS) (Management Console). Slave ZoneFor creating slave zones in the Web Application, see Creating a DNS zone. For creating slave zones in the Management Console, see Slave Zone (Management Console). Stub ZoneFor creating stub zones in the Web Application, see webapp-create-dns-zones. For creating stub zones in the Management Console, see Stub Zone (Management Console). View HistoryOpens the History window and displays a log of all changes that have been made to the zone, including the date and time of the change, the name of the user who made it, the actions performed, and any comments entered by the user. Refer to History for the Web Application and Object Change History for the Management Console. Which zone of DNS is responsible for updating the changes in DNS to Active Directory?Stub zone. As the name suggests, a stub zone contains partial data from another zone. It is often the records required to find an authoritative server, which could be a primary or secondary zone containing the DNS zone files. The biggest advantage of the stub zone is that it automatically updates its records.
How do you automatically update DNS records?Open the DHCP properties for the server. Click DNS, click Properties, click to select the Enable DNS dynamic updates according to the settings below check box, and then click Always dynamically update DNS A and PTR records.
What is the name of a DNS server that maintains the address of other DNS servers within a top level domain?A root name server is a name server for the root zone of the Domain Name System (DNS) of the Internet. It directly answers requests for records in the root zone and answers other requests by returning a list of the authoritative name servers for the appropriate top-level domain (TLD).
How does DNS server get updated?When you update the nameservers for a domain, it may take up to 24-48 hours for the change to take effect. This period is called DNS propagation. In other words, it is a period of time ISP (Internet service provider) nodes across the world take to update their caches with the new DNS information of your domain.
|