Domain Name System (DNS)¶
DNS configuration is vital to the functioning of the local network authentication (implemented with Kerberos since the Zentyal 3.0 version), the network clients query the local domain, their SRV and TXT records to find servers with ticket authentication. As mentioned before, this domain is preconfigured to resolve Kerberos services since the installation. For additional information regarding directory services, check Users and Computers.
BIND  is the de facto DNS server on the Internet, originally developed at the University of California, Berkeley and currently maintained by the Internet Systems Consortium. BIND version 9, rewritten from scratch to support the latest features of the DNS protocol is used by Zentyal’s DNS module.
DNS cache server configuration with Zentyal¶
Zentyal’s DNS module always works as a DNS cache server for networks marked as internal, so if you only want your server to cache DNS queries, simply enable the module.
Sometimes, this DNS cache server might need to be queried from internal networks that are not directly configured in Zentyal. Although this case is quite rare, it may occur in networks with routes to internal segments or VPN networks.
After restarting the DNS module the changes will be applied.
When Zentyal’s DNS server is installed and enabled, Zentyal’s DNS client (Network –> DNS) first solver option will be pointed automatically to the local server, 127.0.0.1. In other words, it will always query the local DNS zones first if present.
If there are no configured forwarders, Zentyal’s DNS cache server will query root DNS servers directly to find out which authoritative server will solve the DNS request. Then it will store the data locally during the time period set in the TTL field. This feature reduces the time required to start every network connection, giving the users a sensation of speed and reducing the overall Internet traffic.
The search domain is basically a string that is added to the request in case a user defined string is unresolvable. The search domain is set on the clients, but it can be provided automatically by DHCP, so that when the clients receive the initial network configuration, they can also receive the search domain.
For example, your search domain could be foocorp.com. When a user tries to access the host example; as it is not present among its known hosts, the name resolution will fail, then the user’s operating system will automatically try to resolve example.foocorp.com.
In Network ‣ Tools you have a tool for Domain Name Resolution, that shows the query details using dig of a DNS query to the server you have set in Network ‣ DNS.
Transparent DNS Proxy¶
Zentyal’s transparent DNS Proxy gives you a way to force the use of your DNS server without having to change the clients’ configuration. When this option is enabled, all the DNS requests that are routed through your server are redirected to Zentyal’s internal DNS server. The clients have to use Zentyal as its gateway to make sure the requests will be forwarded. To have this option available, the firewall module must be enabled.
The redirectors or forwarders are external DNS servers that will support your server . First your server will search in the local cache, among the registered domains and previously cached queries; in case there is no answer, it will query the redirectors. For example, the first time you query www.google.com, Zentyal’s DNS server will query redirectors and store the request in cache if the domain google.com is not registered to your server.
In case forwarders are not configured, Zentyal’s DNS server will use the DNS root servers  to solve queries that are not stored.