Domain Name System (DNS)¶
Introduction to DNS¶
BIND [4] is the de facto DNS server on the Internet, originally developed at the University of California, Berkeley and currently maintained by the Internet Systems Consortium. BIND version 9, rewritten from scratch to support the latest features of the DNS protocol is used by Zentyal’s DNS module.
[4] | http://www.isc.org/software/bind |
DNS cache server configuration with Zentyal¶
Zentyal’s DNS module always works as a DNS cache server for networks marked as internal, so if you only want your server to perform cache DNS queries, simply enable the module.
Sometimes, this DNS cache server might need to be queried from internal networks that are not directly configured in Zentyal. Although this case is quite rare, it may occur in networks with routes to internal segments or VPN networks.
Zentyal allows configuration of the DNS server to accept queries from these subnets by a configuration file. You can add these networks to the file /etc/zentyal/80dns.conf with the option intnets=:
# Internal networks allowed to do recursive queries
# to Zentyal DNS caching server. Localnetworks are already
# allowed and this settings is intended to allow networks
# reachable through static routes.
# Example: intnets = 192.168.99.0/24,192.168.98.0/24
intnets =
And after restarting the DNS module the changes will be applied.
Zentyal’s DNS cache server will ask root DNS servers directly, which one will provide an authoritative resolution for each DNS request. Then it will store the data locally during the time period set in the TTL field. With this functionality you can reduce the time required to start each network connection, therefore increasing the look-up speed for users and reducing the overall Internet traffic.
To set the Zentyal server to use its own DNS cache server, which you just configured, go to Network ‣ DNS and set 127.0.0.1 as the first DNS server.
The search domain is basically a string that is added to a search in case a user defined string is unresolvable. The search domain is set on the clients, but it can be provided automatically by DHCP, so that when the clients receive the initial network configuration, they can also receive the search domain.
For example, your search domain could be foocorp.com. When a user tries to access the host example; as it is not present among its known hosts, the name resolution will fail, then the user’s operating system will automatically provide example.foocorp.com, resulting in successful name resolution.
In Network ‣ Diagnosis tools you have a tool for Domain Name Resolution, which by using dig shows the details of a DNS query to the server you have set in Network ‣ DNS.
Transparent DNS Proxy¶
Zentyal’s transparent DNS Proxy gives you a way to force the use of your DNS server without having to change the clients’ configuration. When this option is enabled, all the DNS requests that are routed through your server are redirected to Zentyal’s internal DNS server. The clients have to use Zentyal as its gateway to make sure the requests will be forwarded. To have this option available, the firewall module must be enabled.
DNS Forwarders¶
DNS Forwarders are the DNS servers that your server will check first. Only if the forwarders are not able to answer the request, your server will try to resolve it.
The main use of the forwarders is to give your server access to the private domain server. Given that these private domains are not accessible from the Internet, you need specific name server. If you do not want to resolve private domains, this feature is not needed.
Configuration of an authoritative DNS server with Zentyal¶
In addition to DNS cache, Zentyal can act as an authoritative DNS server for a list of configured domains. As an authoritative server, it will respond to queries about these domains coming both from internal and from external networks, so that not only local clients, but anyone can resolve these configured domains. Cache servers only respond to queries from internal networks.
The configuration of this module is done through the DNS menu, where you can add as many domains and subdomains as required.
To configure a new domain, display the form by clicking on Add new. From here, you can configure the Domain name and optionally the IP address which will be referenced by the domain.
Once the domain has been created, you can define as many names as required within the table Hostnames. For each one of these names Zentyal will automatically configure reverse resolution. Moreover, for each name you can define as many Alias as necessary.
Normally the names point to the host where the service is running and the aliases to the services hosted in it. For example, the host amy.example.com has the aliases smtp.example.com and mail.example.com for mail services and the host rick.example.com has the aliases www.example.com and store.example.com, amongst others, for web services.
Additionally, you can define the mail servers responsible for receiving messages for each domain. In Mail exchangers you will choose a server from the list defined at Names or an external list. Using Priority, you can set the server that will attempt to receive messages from other servers. If the preferred server fails, the next one in the list will be queried.
It is also possible to set NS records for each domain or subdomain using the table Name servers.
Note that when you add a new domain the field called Dynamic contains a value which is set to false. A domain is set as dynamic when it is updated automatically by an external process without restarting the server. If a domain is set to dynamic it can not be configured through the interface. In Zentyal, dynamic domains are automatically updated by DHCP with the names of the hosts that have been assigned an IP address, see Dynamic DNS updates.
The text records are DNS registers that will offer additional information about a domain or a hostname using plain text. This information could be useful for human use or, more frequently, to be consumed by software. It is extensively used in several anti-spam applications (SPF or DKIM).
To create a text record, go to the field TXT records of the domain. You can choose whether this record is associated with a specific hostname or the domain and its contents.
It is possible to associate more than one text record to each domain or hostname.
The service records provide information about the services available in your domain and which hosts are providing them. You can access the list of service records through the field Services of the domain list. In each service record you can configure the Service name and its Protocol. You can identify the host that will provide the service with the fields Target and Target port. To provide better availability and/or balance the load you can define more than one record per service, in which case the fields Priority and Weight will define the server to access each time. The less priority, the more likely to be chosen. When two machines have the same priority level the weight will be used to determine which machine will receive more workload. The XMPP protocol, used mainly for instant messaging, uses these records extensively.