Adding DNS deployment roles - BlueCat Integrity - 9.5.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.5.0

You can add multiple DNS deployment roles to a single server.

The most local role takes precedence for any section of the configuration. At a minimum, DNS roles must be applied at the view level for DNS deployment to occur. For reverse DNS, a DNS deployment role must be applied to either a block or network to create the reverse DNS settings for that object and its children.

Note: Creation of a primary-secondary relationship between an IPv4-only DNS/DHCP server and IPv6-only DNS/DHCP server is not a valid configuration. Deployment will be successful but zone transfers and resolution of records on the secondary will fail.

To add or edit a DNS deployment role:

  1. Where it's available, click the Deployment Roles tab.
  2. Under Deployment Roles, click New and select DNS Role.
  3. Under Role, select a DNS deployment role from the Type drop-down menu:
    Note: The View drop-down menu will only be available when you are adding a DNS role to IP Space.
    • Primary—deploys files and settings to create a DNS primary server.
    • Hidden Primary—deploys files and settings to create a DNS primary, but without name server and glue records, thus hiding the server from DNS queries.
      Note: When adding a Hidden Primary deployment role, make sure to also add at least one secondary deployment role. Lack of a secondary server may result in the deployment of NS records to the Hidden Primary.
    • Secondary—deploys files and settings to create a DNS secondary server.
    • Stealth Secondary—deploys files and settings to create a DNS secondary but, without name server and glue records, thus hiding the server from DNS queries.
      Note: When adding a Stealth Secondary deployment role to an existing Hidden Primary, make sure to also add at least one Secondary deployment role. Lack of a Secondary server may result in the deployment of NS records to the Hidden Primary.
    • Forwarder—deploys a forwarding zone in BIND, or conditional forwarding in Microsoft DNS, to forward queries for a specific zone to one or more DNS servers. Forwarding requires that recursion be enabled; recursion is automatically enabled when you select the Forwarder role.
    • Stub—deploys a zone that contains only the name server records for a domain. Stub zones don't contain user-selected settings or options.
    • Recursion—used when creating a caching-only DNS server that accepts recursive queries, but doesn't host any zones. This role must be set at the view level; required deployment options are set automatically when you deploy the configuration.
    • None—clears all data from the server to which it's applied.
  4. (Optional) From the View drop-down menu, select a DNS view which is the container object for DNS zones and resource records. If you are adding a DNS deployment role at the view or zone level, go to step 5.
    Note: Address Manager supports multiple views, so selecting a DNS view when adding a DNS deployment role to an IP Space associates an IP block or network to a specific DNS view.
  5. Under Server Interface, set the servers for the deployment role:
    • Click Select Server Interface.
    • Click a server name to display a list of server interfaces. Click Up to return to the list of servers.
    • Select the button for the server interface that you want to add.
    • Click Add. The selected server interface opens in the Servers section.
    • Click Remove to remove a server from the list.
  6. When you select the Primary or Hidden Primary option in the Role section, a Name server record section will be available. Under Name server record, select the time-to-live value for name server and glue records that are deployed via deployment roles.
    • Recommended (1 day)—this option is selected by default when adding a DNS Primary or Hidden Primary deployment role.
    • Use Zone Default Setting—if selected, the zone TTL value will be used. Upgraded roles will use this option by default.
    • Specify—select this option to manually set the time-to-live value for the record. Enter a value in the field, then select either Seconds, Minutes, Hours, or Days from the drop-down menu. If you have upgraded roles from a previous version, you can use this option to change the value.
  7. When you select the Secondary, Stealth Secondary, Forwarder, or Stub option in the Role section, a Zone Transfers section opens after you select a server interface.
    • Click Select Server Interface.
    • Click a server name to display a list of server interfaces. Click Up to return to the list of servers.
    • Under Server Interfaces, select the button for the server interface that you want zone transfers to go over.
    • Click Add. The selected server interface opens in the Zone Transfers section.
    • Click Remove to remove a server from the list.
    Note:
    • When creating a Secondary or Stealth Secondary role, select the server interface for the secondary server's primary. When you deploy the zone, the IP address for the server interface you select opens in the primary list in the zone’s .conf file.
    • When creating a Forwarder role, select the server to which the forwarding zone forwards queries. When you deploy the zone, the IP address for the server interface you select opens in the forwarders list in the zone’s .conf file.
    • When creating a Stub role, select the server to which the stub zone resolves. When you deploy the zone, the IP address for the server interface you select here opens in the primary list in the zone’s .conf file.
  8. Under Change Control, add comments, if required.
  9. Click Add or Add Next to add another deployment role.