Adding DNS deployment roles - BlueCat Integrity - 26.1.0

You can add multiple DNS deployment roles to a single server.

1. Where it's available, select the Deployment roles tab.
   Note: You can set DNS deployment roles for IPv4 and IPv6 blocks, IPv4 and IPv6 networks, DNS views, and DNS zones.
2. For a view or zone, select New. For a block or network, select New > DNS deployment role.
3. Under General, select one of the following DNS deployment roles from the Role drop-down menu:
   • Primary—deploys files and settings to create a DNS primary server.
   • Hidden primary—deploys files and settings to create a DNS primary, but without name server and glue records, thus hiding the server from DNS queries.
     Note: When adding a Hidden primary deployment role, make sure to also add at least one secondary deployment role. Lack of a secondary server may result in the deployment of NS records to the Hidden Primary.
   • Secondary—deploys files and settings to create a DNS secondary server.
   • Stealth secondary—deploys files and settings to create a DNS secondary but, without name server and glue records, thus hiding the server from DNS queries.
     Note: When adding a Stealth secondary deployment role to an existing Hidden primary, make sure to also add at least one Secondary deployment role. Lack of a Secondary server may result in the deployment of NS records to the Hidden primary.
   • Forwarder—deploys a forwarding zone in BIND, or conditional forwarding in Microsoft DNS, to forward queries for a specific zone to one or more DNS servers. Forwarding requires that recursion be enabled; recursion is automatically enabled when you select the Forwarder role.
   • Stub—deploys a zone that contains only the name server records for a domain. Stub zones don't contain user-selected settings or options.
   • Recursion—used when creating a caching-only DNS server that accepts recursive queries, but doesn't host any zones. This role must be set at the view level; required deployment options are set automatically when you deploy the configuration.
   • Multi-primary—deploys files and settings to create a multi-primary DNS server. You can only configure this role on a multi-primary server group. For more information on server groups, refer to Configuring server groups.
   • Hidden multi-primary—deploys files and settings to create a multi-primary DNS server, but without name server and glue records, thus hiding the server from DNS queries. You can only configure this role on a multi-primary server group. For more information on server groups, refer to Configuring server groups.
   • None—clears all data from the server to which it's applied.
4. (Optional) if you are adding a DNS deployment role at the block or network level, the View drop-down menu is displayed. Select a DNS view which is the container object for DNS zones and resource records. If you are adding a DNS deployment role at the view or zone level, go to step 5.
   Note: Address Manager supports multiple views, so selecting a DNS view when adding a DNS deployment role to an IP Space associates an IP block or network to a specific DNS view.
5. When you select the Primary, Hidden primary, Secondary, Stealth secondary, Forwarder, or Stub option from the Role drop-down menu, a Service interface drop-down menu will be available. Select a server for the deployment role:
6. When you select the Multi-primary or Hidden Multi-primary option from the Role drop-down menu, a Server group drop-down menu will be available. Select a server group for the deployment role.
   Attention: You can only configure a multi-primary DNS deployment role from the DNS space. You cannot configure a multi-primary DNS deployment role from the IP space.
7. When you select the Primary, Hidden primary, Multi-primary, or Hidden multi-primary option from the Role drop-down menu, a Name server record section will be available below General. In the Name server record section, select the time-to-live value for name server and glue records that are deployed via deployment roles:
   • 1 day (recommended)—this option is selected by default when adding a DNS Primary, Hidden primary, Multi-primary, or Hidden multi-primary deployment role.
   • Use zone default settings—if selected, the zone TTL value will be used. Upgraded roles will use this option by default.
   • Custom—select this option to manually set the time-to-live value for the record. Enter a value in the field, then select either Seconds, Minutes, Hours, or Days from the drop-down menu. If you have upgraded roles from a previous version, you can use this option to change the value.
8. When you select the Secondary, Stealth secondary, Forwarder, or Stub option from the Role drop-down menu, the Zone transfer interface drop-down menu appears after you select a server interface. Select a server with the server interface that you want zone transfers to go over.
   Note:

   • When creating a Secondary or Stealth secondary role, select the server interface for the secondary server's primary. When you deploy the zone, the IP address for the server interface you select opens in the primary list in the zone’s .conf file.
   • When creating a Forwarder role, select the server to which the forwarding zone forwards queries. When you deploy the zone, the IP address for the server interface you select opens in the forwarders list in the zone’s .conf file.
   • When creating a Stub role, select the server to which the stub zone resolves. When you deploy the zone, the IP address for the server interface you select here opens in the primary list in the zone’s .conf file.
9. In the Change control section, add comments if required.
10. Select Create to create the DNS deployment role and return to the Deployment roles table, or select Create and add another to create the DNS deployment role and re-open the Create DNS deployment role window.