4.4 Using the Java-Based Management Console to Configure DNS

This section provides information about configuring DNS, and importing and exporting database information by using the Java-based Management Console.

4.4.1 DNS Prerequisites

Complete the following prerequisites before setting up DNS:

  • Install NetWare 6.5 on the selected servers.

  • Install the Novell Client™ software on client computers that will be used to administer DNS and DHCP.

  • Install the Management Console on client computers that will be used to administer DNS and DHCP.

For detailed information about installing client software, refer to Launching the Java-Based Management Console.

NOTE:You must use a client workstation that is bound to TCP/IP to use the Management Console. Using the Management Console on the client workstations that are bound to IPX-only networks results in Server objects being displayed as inactive, and also disables the Start and Stop Service button and the Audit Trail/Event Log buttons.

NOTE:Options for DNS Key and dsfw - update policy will appear in NetWare DNS tab, but should not be configured. They are applicable for Linux DNS only.

4.4.2 Logging In to the Tree for DNS Setup

In order to use the Management Console to configure the DNS objects, you must first log in to the tree that contains the DNS objects.

  1. Right-click Network Neighborhood and select NetWare Login on a Windows client workstation where the Management Console is installed.

  2. Under the Login tab, provide your username and password, then click Advanced.

  3. To log in, enter the tree, context, and server names.

  4. Click OK.

4.4.3 DNS Server Management

DNS Server Management involves the following tasks:

Creating a DNS Server Object

  1. Click the DNS Service tab of the Management Console, if necessary.

  2. Click Create create on the toolbar.

  3. Select DNS Server in the Create New DNS Object dialog box, then click OK.

    The Create New DNS Server dialog box is displayed, prompting you to select an NCP Server object.

  4. Specify the desired server's name or use the browse button to select the server.

  5. Specify the server's Domain name.

  6. Click the Define Additional Properties check box to view the newly created server property pages.

  7. Click Create.

    The DNS Server object is created and displayed in the lower pane of the Management Console.

Viewing or Modifying a DNS Server Object

To modify an existing DNS Name Server object, click the object's icon in the lower pane of the DNS Service window to display detailed information in the right pane. A DNS Name Server object's detailed information window displays six tab pages:

Zones

On this page, the zone list contains a list of all zones and the role each zone serves for the selected DNS Name Server object.

To change the zone information, you must modify the specific Zone object. This information cannot be modified from the server page.

The DNS Server IP Address field is read-only and is received from the DNS Server.

Forwarding List

This page displays a list of all forwarding IP addresses.

  • To add an address to the list, click Add. Specify the IP address in the Add Forward IP Address field, then click OK.

  • To delete an address from the list, select an IP address and click Delete.

No-Forward List

This page displays a list of all domain names to which queries are not sent.

  • To add a domain name to the No-Forward List, click Add. Specify the domain name into the No-Forward Name field, then click OK.

  • To delete a domain name from the list, select the domain name from the list and click Delete.

Options

This page allows you to configure audit and event logging. SNMP traps, maximum cache size, and max recursion lookups can be configured only for a new DNS Server. You can configure the SNMP traps options.

Control Lists

This page displays various lists that can be configured to control the behavior of the DNS Server. You can configure the zone out filter, allow recursion, and query filter as address match lists. You can also configure the also notify and blacklisted servers as a list of IP addresses.

  • To add an element to the address match list, click Add. Specify the element to be added and click OK.

    To delete elements from the list, select the element to be deleted and click Delete.

  • To add an address to the list, click Add. Specify the IP address and click OK.

    To delete an address from the list, select the address to be deleted and click Delete.

Advanced

This page displays all advanced configuration options. It displays the configured values and the default values for each option. The default value that is displayed is the value that the server assumes if it is not configured.

  • To modify the options, click Modify and specify the new value, then click OK.

  • To clear the configured values, select the option, then click Clear.

The allow-notify and listen-on options are multi-valued. You can also specify a port value, which is optional for listen-on.

  • To add an element to the list, specify the address, then click Add. This populates the list with the new entry.

  • To delete elements from the list, select the elements to be deleted, then click Delete.

  • Click Modify to modify the configured elements.

  • Click OK to populate the Configured Value column with the elements.

Deleting a DNS Server

  1. Select the DNS Server from the lower pane of the Management Console.

  2. Click Delete delete on the toolbar and confirm the deletion.

Starting or Stopping a DNS Server

The DNS server (named.nlm) must be loaded before you can start or stop the server activity.

The Start/Stop service can be used to load zone data along with the modified configuration without unloading and reloading the DNS server. When you stop the DNS server using this option, it is still loaded in the memory. However, no services are provided. You can use the iManager Management utility or the Java-Based Management Console to update the zone data. When you restart the DNS server using this option, the server is reconfigured with the new configuration settings and the zone data is also reloaded.

This option can also be used to remotely start and stop the DNS server.

  1. Select the DNS Server from the lower pane of the Management Console.

  2. Click Start/Stop Service start on the toolbar.

  3. Depending on the state of the DNS Server module, one of the following operations occurs:

    • Start action: If the DNS Server module is loaded but is in Stop mode, it is started.

    • Stop action: If the DNS Server module is loaded and is in Start mode, it is stopped.

Configuring DNS Auditing

To configure a DNS server to audit activities:

  1. Log in to the tree containing the service you want to begin auditing, launch the Management Console, then click the DNS Service tab.

  2. Select the desired server to perform auditing, then click the Options tab.

  3. Under Event Log, select Major Events or All.

  4. Click the Enable Audit Trail Log check box.

  5. Click Save save on the toolbar.

NOTE:Auditing is supported for DNS servers running on prior versions of Netware 6.5 only.

Viewing or Saving the DNS Audit Trail Log

To view the audit trail log, csatpxy.nlm must be running on the server.

  1. Log in to the desired tree, launch the Management Console, then click the DNS Service tab.

  2. Select the server that has been configured to perform auditing, then click View Audit Trail audit on the toolbar.

    The Events Period-Audit Trail Log dialog box displays the start and end dates of the current audit trail log.

  3. Click OK to view the audit trail log for the period displayed, or modify the dates as desired and click OK.

    The audit trail log is displayed, showing the entry time, type, IP address, and domain name DNS transaction.

  4. Click Display Options to select the time period to view or to view one or more specific transaction types.

    The DNS audit trail logs the following types of transactions:

    • Agent Ready: The Simple Network Management Protocol (SNMP) agent is ready to receive or transmit requests.

    • Query Received: The DNS server acknowledges receipt of a query by making an entry in the log file.

    • Query Forwarded: The DNS server has forwarded a query to a client or another DNS server.

    • Response Received: The DNS server has responded to a query from a client or another DNS server.

  5. Click Save to save the audit log information.

Viewing or Saving the DNS Event Log

To view the event log, csatpxy.nlm must be running on the server.

  1. Log in to the desired tree, launch the Management Console, then click the DNS Service tab.

  2. Select the server that has been configured to perform event logging and click View Events/Alerts events on the toolbar.

    The Events Period-Events Log dialog box displays the start and end dates of the current Event Log.

  3. Click OK to view the event log for the period displayed, or modify the dates as desired and click OK.

    The events log is displayed, showing the entry time, severity, state, and description of each logged event.

  4. Click Display Options to modify the time period to view or to view a specific event's severity and state.

    The Display Options dialog box is displayed, enabling you to change the start and end dates, display one or more types of event severity, and view specific operational states.

  5. Click Save to save the audit log information.

Moving a DNS Server

This task enables you to move the DNS Services from one NCP server to another NCP server. You can also convert a DNS server to a cluster-enabled DNS server by moving it to a virtual NCP server.

This feature is supported for DNS servers running on NetWare 6.5 or later.

  1. Select the DNS Server name from the bottom panel.

  2. Click the Move DNS Server move dns icon on the toolbar.

  3. In the Move DNS Server dialog box, select the NCP server that the DNS services will be moved to, then click Move.

4.4.4 Zone Management

The following sections give details on zone management information.

Creating a Zone Object

The DNS Zone object is an eDirectory container object that comprises Resource Record Set (RRSet) objects and resource records.

To create a zone object:

  1. Click the DNS Service tab of the Management Console.

  2. Click Create create on the toolbar, select Zone, then click OK.

  3. Click Create New Zone to create a forward zone.

  4. Use the browse button to select the eDirectory context for the zone.

  5. Specify a name for the Zone object in the Zone Domain Name field.

  6. Select the zone type.

    Novell DNS servers act as primary or secondary depending on the zone type that you select.

  7. If you select the zone type as secondary, specify the IP address of the master DNS server that will provide zone out transfers for this secondary zone.

    Select a DNS server to act as an authoritative DNS server for this zone.

  8. Click Create.

    A message is displayed indicating that the new zone has been created. If you have created a primary zone, you are reminded to create the Address record for the host server domain name and corresponding Pointer record in the IN-ADDR.ARPA zone (if you have not already done so).

Creating an IN-ADDR.ARPA Object

After you create a DNS server object, you can use the Management Console to create and set up an IN-ADDR.ARPA Zone object.

  1. Click the DNS Service tab of the Management Console.

  2. Click Create create on the toolbar, select Zone, then click OK.

    The Create Zone dialog box is displayed. The default setting is to create a new, primary zone.

  3. Select Create IN-ADDR.ARPA.

  4. Use the browse button to select the eDirectory context for the zone.

  5. Specify the network address in the Network Address field.

    For example, specify 143.72.155 only for 155.72.143.IN-ADDR.ARPA.

    After you specify the IP address, it is reversed and prepended to .INADDR. ARPA and reflected in the Zone Domain Name field.

  6. Under the Zone Type, select Primary or Secondary.

    If you select Secondary, you must specify the IP address of the DNS Name server that will provide zone out transfers to this zone.

  7. In the Assign Authoritative DNS Server field, select a DNS server.

    After you have selected an authoritative DNS server, the Name Server Host Name field is filled with the name of the authoritative DNS server.

  8. Click Create.

Viewing or Modifying a Zone Object

To modify an existing Zone object, click the Zone object to be modified in the left pane of the DNS Service window. A Zone object's detailed information window displays the following tab pages:

Attributes

This page allows you to configure the zone type and zone servers.

  • To change a primary zone to a secondary zone, click the secondary zone box and specify the IP address of the primary DNS server in the Zone Master IP Address field.

  • To assign a server to the zone, select the server to which the zone should be assigned from the Available DNS Servers and click Add. The server is then displayed in the Authoritative DNS Servers field. To delete a DNS server assignment to a zone, select the server to be removed from the Authoritative DNS Servers field, then click Remove.

  • To configure one of the DNS servers as the designated server for the zone, select the server from the Designated Primary field in the case of a primary zone. This server is responsible for DHCP updates for the zone.

    For a secondary zone, select the server from the Designated Secondary field. This server is responsible for receiving the zone-in transfers.

  • You can enter new comments or modify existing comments for the zone.

Zone Out Filter

This page allows you configure the zone out filters for the zone.

  • To add an entry into the list, click Add.

    Specify the subnet address and the subnet mask for the network, then click OK.

  • To delete the elements in the list, select the elements to be deleted, then click Delete.

SOA Information

This page allows you to configure zone master, e-mail address, serial number, refresh, retry, expire, and minimum TTL values.

Control Lists

This page displays various lists that can be configured for the Zone. You can configure the query filter, also notify, and allow update options.

The query filter and allow update options can be configured as address match lists.

  • To add an element, click Add. Specify the element to be added, then click OK.

  • To delete elements from the list, select the element to be deleted, then click Delete.

The also notify option can be configured as a list of IP addresses.

  • To add an address into the list, click Add. Specify the IP address, then click OK.

  • To delete an address from the list, select the address to be deleted, then click Delete.

Advanced

This page displays all advanced configuration options for the zone. It displays the configured values for each option. If any option is not configured at the zone level, the default behavior is server-specific. The value configured for the zone will overrides the server value. If no value is configured at the server, then the default value specified for the server is used.

  • To modify the option, click Modify, specify the value, then click OK.

  • To add an element, specify the address, then click Add. This populates the new entry into the list.

  • To delete elements from the list, select the elements to be deleted, then click Delete. Click OK to populate the Configured Value column with the elements.

  • To clear the configured values for the options, select the option, then click Clear.

Deleting a Zone Object

  1. Select the Zone object you want to delete.

  2. Click Delete delete on the toolbar.

    A warning message is displayed to confirm the zone deletion. You can also delete subzones by selecting the option from the message window.

NOTE:Creation, modification or deletion of a Forward Zone is not supported.

Importing a Zone Object

Use the Import dialog box to convert BIND-formatted DNS files and transfer them into the eDirectory database.

To import a Zone object:

  1. Click the DNS Service tab of the Management Console.

  2. Click Import DNS Database import on the toolbar.

  3. Specify the DNS BIND formatted filename in the field provided. You can browse to select filenames from the File Selection dialog box.

  4. Click Next to select the context where the zone object should be created.

  5. Click Next to select the server name that manages the zone.

    You can select an existing DNS server or an NCP server where the DNS server object will be created. The selected DNS server must have DNS/DHCP services installed on it. If you select this zone type as primary, this DNS server will act as a designated primary; or if you select zone type as secondary, it will act as a designated secondary.

    If you do not want to assign a DNS server for this zone at this point, leave this field blank.

  6. Click Next to specify this zone type.

    If you select the zone type as primary, Novell DNS servers act as primary servers for this zone; if you select secondary, they act as secondary DNS servers.

  7. Click Next to view the configuration that you have selected.

  8. Click Import to start the import operation.

    If the import operation encounters any errors while transferring data, the Details button is enabled. Click Details to view the errors.

    If some resource records are not transferred because of incorrect data, you can create them by clicking Create create on the toolbar.

  9. Click Finish to complete the import operation.

Exporting a Zone Object

Use the Export dialog box to copy the eDirectory database to a text file. The text file enables you to save the DNS zone data to BIND master file format files. These files can be imported to other applications, including BIND servers, or they can be imported back into the eDirectory database by using the Management Console.

  1. Click the DNS Service tab of the Management Console.

  2. In the DNS Service window, select the zone you want to export and click Export Database export on the toolbar.

  3. In the Export - DNS window, specify the name of the destination file or browse to select a filename from the dialog box.

  4. Click Export to export the database into a file.

NOTE: Importing or Exporting a Forward Zone is not supported.

4.4.5 Resource Record Management

Creating Resource Records

A resource record is a piece of information about a domain name that contains information about a particular piece of data within the domain.

Every domain name in the zone has a corresponding RRset object under that zone container object. An RRset is not created directly. Initially, when a resource record is created and is assigned a unique domain name within a zone, the corresponding RRset is created first; then, the RR is associated with the RRset.

If you select an existing RRset and click Create on the toolbar to create a new RR, the Management Console sets the new RR domain name to read-only and will assigns the newly created resource record to the selected RRset. Resource records cannot be created in a secondary zone. All changes to the resource record data should be done at the master server; the secondary servers will receive the changes through zone transfers.

To create resource records:

  1. In the DNS Service window, select the zone in which the resource record will be created. If you want to add another resource record to an already existing RRset, select that RRset.

  2. Click Create create on the toolbar.

  3. In the Create New DNS Object window, select the resource record, then click OK.

  4. If you have selected an RRset, the owner name field is filled with the RRset name. This field does not need to be edited.

    If you have selected a zone and want to create a new RRset, specify the domain name of that resource record in the owner name field.

    The zone name part of the domain name will already be filled. Only the remaining portion need to be filled.

    If you are creating a resource record to zone domain name, the owner name field does not need to be filled because the zone domain name is already present.

  5. In the Create Resource Record window, select the RR type to be created.

  6. Specify the required data for the selected resource record, then click Create.

NOTE:Start of Authority (SOA) is defined as part of a Zone object attribute. A Pointer (PTR) record is created automatically when any new A resource record is created and if a primary INADDR.ARPA zone exists to which the IP address belongs. Similarly, an A type resource is created when any new PTR record is created and if a primary zone exists to which the domain name pointed by PTR record belongs.

Several resource record types correspond with a variety of data stored in the domain namespace. For a list and description of resource record types, see Section A.2, Types of Resource Records.

Viewing or Modifying Resource Records

When you select an existing resource record in the left pane of the DNS Service window, the detailed information for the object is displayed in the right pane. You can modify the resource record data and save changes by clicking Save on the toolbar.

You can modify resource record data and the associated comments for all resource records except the AAA, A6, SRV, LOC and HINFO records.

Deleting Resource Records

You can delete one, more than one, or all resource records and RRsets, using the multi-select deletion feature in the Management Console. RRsets and resource records in a secondary zone cannot be deleted. They should be deleted from a primary server.

  1. Click the DNS Service tab of the Management Console.

  2. From All Zones, select the domain that contains the host or RRSet.

  3. Select the item to be deleted.

    You can delete either the entire RRSet or one or more resource records in the RRSet.

    To delete one or more objects:

    • Press the Shift key and select the objects.

    • Click Delete.

    NOTE:When the A and PTR type resource records are deleted, the corresponding PTR and A resource records will also be deleted.

4.4.6 Command Line Options

The following are the command line options that can be specified while launching the java-based Management console:

Table 4-1 Command Line Options for Java-based Management Console

Option

Use

-c

Specifies the context in which the DNS/ DHCP locator object is present. When you use this option, you can eliminate the search for the DNS/DHCP Locator object, and the DNS/DHCP Management Console starts more quickly.

-p

Specifies the port to which the audit and event log request will be sent. By default, the csatpxy.nlm listens on port 2000, so the Management Console also sends its requests to port 2000 by default. If you change the port used by csatpxy.nlm, specify that value here by using this option.

-s

Limits the administrative scope of the DNS/DHCP Management console. If you manage only objects under the ctp.novell context, you can set this option as –s ctp.novell and launch the management Console. With this option set, you can view only those DNS/DHCP objects that are under ctp.novell eDirectory context.

Using this option might improve the server performance because not all DNS/DHCP objects are read. If you do not set this option, all the DNS/DHCP objects present in the tree are displayed.

-mx

Specifies the maximum heap size to be used by the DNS/DHCP management console. The default heap size is 64 MB. If you have a large amount of DNS/DHCP objects to be displayed, you can increase the maximum heap size by using this option. To specify 100 MB as the heap size, you can set this option as –mx 100m.

You can edit the target of the Management Console shortcut to permanently set these options instead of specifying them every time you launch the management Console. For example, you can set the above options by editing the target as shown below:

“C:\program files\novell\dnsdhcp\dnsdhcp.exe" -c dnsdhcp.novell -p 1000 -s ctp.novell -mx 100m