4PSA DNS Manager 4.0.0
Architecture Overview

Manual Version 77835.3 at 2011/03/07 15:05:51

For suggestions regarding this manual contact: docs@4psa.com

All rights reserved.

Distribution of this work or derivative of this work is prohibited unless prior written permission is obtained from the copyright holder.

DNS Manager is a registered trademark of 4PSA (Rack-Soft, Inc.).

Linux is a registered trademark of Linus Torvalds.

All other trademarks and copyrights are property of their respective owners.

Table of Contents

New Export Utilities Dump Format
New Dump Export Utilities
4PSA DNS Manager Daemons
Interface access and disk location
New RPM based packaging
Contact and Support
15 minutes
It will take about 15 minutes to an intermediate user to read this document and follow the steps highlighted here.

New Export Utilities Dump Format

4PSA DNS Manager 4 uses a new and improved format for importing DNS zones from other servers. On 4PSA DNS Manager 1.x series, two formats existed, a complete and a simple format. One was used to import full zone files and the second one to import slave zone names. In 4PSA DNS Manager 4, the new dump file format supports both operations.

Most important dump file improvements are described below:

  • Zones are classified according to type. If a zone type is missing, then the zone is treated as master.
  • Master server IP addresses can be included in the dump on slave zones
  • Allow-transfer server IP addresses can be included in the dump on master zones
  • SOA records can be included in the dump on master zones. If the SOA records are not found in the dump, they are inherited from the client or system defaults.
  • Classless IN-ADDR.ARPA delegation support for zone names and records (RFC 2317)

Dump record examples:

domain.ltd.|master {
    |REFRESH| |108002| || ||
    |RETRY| |36002| || ||
    |EXPIRE| |604802| || ||
    |MIN_TTL| |86402| || ||
    |DEFAULT_TTL| |86402| || ||
    |SERIAL| |1271668821| || ||
    |ALLOW_TRANSFER| |4.3.2.1| || ||
    |NS| |domain.ltd.| |ns1.domain.ltd.| ||
    |NS| |aa.domain.ltd.| |ns.domain.ltd.| ||
    |CNAME| |cname.domain.ltd.| |canonical.name.| ||
    |CNAME| |somedir.domain.ltd.| |domain.ltd.| ||
    |CNAME| |ftp| |domain.ltd.| ||
    |A| |mail.domain.ltd.| |192.168.10.32| ||
    |AAAA| |sub.domain.ltd.| |2001:db8:85a3:88:8a2e:370:7334:89| ||
    |MX| |zone.domain.ltd.| |email.exchanger| |10|
    |TXT| |txt.domain.ltd.| |v=spf1 exists:%{ir}.%{v}.arpa -all | ||
    |TXT| |some-text.domain.ltd.| |any text| ||
    |TXT| |domain.ltd.| |sometext| ||
    |TXT| |private._domainkey.domain.ltd.| |k=rsa; p=MEwwDQYerwqEWwE| ||
}
testdomain.com.|master {
    |$ORIGIN| |com.| || ||
    |TXT| |testdomain| |v=spf1 a mx ptr mx:mail.testdomain.com ~all| ||
    |NS| || |ns1.test-web| ||
    |NS| || |ns2.test-web| ||
    |A| || |64.85.2.56| ||
}

If the zone type is missing, it is assumed to be a master zone definition.

domain.ltd.{
    |REFRESH| |108002| || ||
    |RETRY| |36002| || ||
    |EXPIRE| |604802| || ||
    |MIN_TTL| |86402| || ||
    |DEFAULT_TTL| |86402| || ||
    |SERIAL| |1271668821| || ||
    |ALLOW_TRANSFER| |4.3.2.1| || ||
    |NS| |domain.ltd.| |ns1.domain.ltd.| ||
    |NS| |aa.domain.ltd.| |ns.domain.ltd.| ||
    |CNAME| |cname.domain.ltd.| |canonical.name.| ||
    |CNAME| |somedir.domain.ltd.| |domain.ltd.| ||
    |CNAME| |ftp| |domain.ltd.| ||
    |A| |mail.domain.ltd.| |192.168.10.32| ||
    |AAAA| |sub.domain.ltd.| |2001:db8:85a3:88:8a2e:370:7334:89| ||
    |MX| |zone.domain.ltd.| |email.exchanger| |10|
    |TXT| |txt.domain.ltd.| |v=spf1 exists:%{ir}.%{v}.arpa -all | ||
    |TXT| |some-text.domain.ltd.| |any text| ||
    |TXT| |domain.ltd.| |sometext| ||
    |TXT| |private._domainkey.domain.ltd.| |k=rsa; p=MEwwDQYerwqEWwE| ||
}

Slave zones are defined as follows:

3.2.1.in-addr.arpa.|slave {
    |MASTER| |6.7.8.9| || ||
}
aa.com.|slave {
    |MASTER| |6.7.8.9| || ||
}

The rules mentioned above also apply to the reverse DNS zones. Below are explained full DNS zones with /24 /28 and /32 subnet mask.

4.3.2.in-addr.arpa.|master {
    |REFRESH| |10800| || ||
    |RETRY| |36000| || ||
    |EXPIRE| |604800| || ||
    |MIN_TTL| |86400| || ||
    |DEFAULT_TTL| |86400| || ||
    |SERIAL| |1271668821| || ||
    |NS| |4.3.2.in-addr.arpa.| |ns1.name.com.| ||
    |NS| |0/25.4.3.2.in-addr.arpa.| |ns.domain.com.| ||
    |PTR| |5.4.3.2.in-addr.arpa.| |zone.name.| ||
    |PTR| |5.4.3.2.in-addr.arpa.| |dom1.com.| ||
    |PTR| |5.4.3.2.in-addr.arpa.| |dom2.com.| ||
    |PTR| |5.4.3.2.in-addr.arpa.| |dom3.com.| ||
    |CNAME| |10.4.3.2.in-addr.arpa.| |10.0/25.4.3.2.in-addr.arpa.| ||
    |TXT| |host.4.3.2.in-addr.arpa.| |value| ||
    |TXT| |4.3.2.in-addr.arpa.| |sometext| ||
}
4/28.3.2.1.in-addr.arpa.|master {
    |REFRESH| |10800| || ||
    |RETRY| |3600| || ||
    |EXPIRE| |60480| || ||
    |MIN_TTL| |86400| || ||
    |DEFAULT_TTL| |86400| || ||
    |SERIAL| |1271668821| || ||
    |ALLOW_TRANSFER| |7.8.9.10| || ||
    |NS| |4/28.3.2.1.in-addr.arpa.| |aa.com.| ||
    |PTR| |6.4/28.3.2.1.in-addr.arpa.| |zone.c.om.| ||
    |PTR| |6.4/28.3.2.1.in-addr.arpa.| |dom1.com.| ||
    |PTR| |6.4/28.3.2.1.in-addr.arpa.| |dom2.com.| ||
    |TXT| |a.4/28.3.2.1.in-addr.arpa.| |text value| ||
    |TXT| |4/28.3.2.1.in-addr.arpa.| |sometext| ||
}
4.3.2.1.in-addr.arpa.|master {
    |REFRESH| |10800| || ||
    |RETRY| |3600| || ||
    |EXPIRE| |60480| || ||
    |MIN_TTL| |86400| || ||
    |DEFAULT_TTL| |86400| || ||
    |SERIAL| |1271668821| || ||
    |ALLOW_TRANSFER| |7.8.9.10| || ||
    |NS| |4.3.2.1.in-addr.arpa.| |aa.com.| ||
    |PTR| |4.3.2.1.in-addr.arpa.| |zone.c.om.| ||
    |TXT| |abc.4.3.2.1.in-addr.arpa.| |sometext| ||
}

The "@" character is accepted when defining zones.

testdomain.com.|master {
    |NS| |@| |ns.isdomain.com.| || 
    |NS| || |new| ||
    |MX| |@| |mail.testdomain.com.| |10|
    |MX| |test| |mail1.testdomain.com.| |15|
    |TXT| |@| |this is not a test| ||
    |CNAME| |*.new| |newtest.com.| ||
}

The "-" character is also accepted when defining reverse zones.

4-28.3.2.1.in-addr.arpa.|master {
    |REFRESH| |10800| || ||
    |RETRY| |3600| || ||
    |EXPIRE| |60480| || ||
    |MIN_TTL| |86400| || ||
    |DEFAULT_TTL| |86400| || ||
    |SERIAL| |1271668821| || ||
    |ALLOW_TRANSFER| |7.8.9.10| || ||
    |NS| |4-28.3.2.1.in-addr.arpa.| |aa.com.| ||
    |PTR| |6.4-28.3.2.1.in-addr.arpa.| |zone.com.| ||
    |PTR| |6.4-28.3.2.1.in-addr.arpa.| |dom1.com.| ||
    |PTR| |6.4-28.3.2.1.in-addr.arpa.| |dom2.com.| ||
    |TXT| |a.4-28.3.2.1.in-addr.arpa.| |text value| ||
    |TXT| |4-28.3.2.1.in-addr.arpa.| |sometext| ||
}

If the SOA records are not found in the zone definition, they are inherited from the client, if the client has SOA records defined. If the client has no SOA records defined, the system wide SOA settings defined by the administrator are used.

domain.ltd.|master {
    |ALLOW_TRANSFER| |4.3.2.1| || ||
    |NS| |domain.ltd.| |ns1.domain.ltd.| ||
    |NS| |aa.domain.ltd.| |ns.domain.ltd.| ||
    |CNAME| |cname.domain.ltd.| |canonical.name.| ||
    |CNAME| |somedir.domain.ltd.| |domain.ltd.| ||
    |CNAME| |ftp| |domain.ltd.| ||
    |A| |mail.domain.ltd.| |192.168.10.32| ||
    |MX| |zone.domain.ltd.| |email.exchanger| |10|
    |TXT| |txt.domain.ltd.| |v=spf1 exists:%{ir}.%{v}.arpa -all | ||
    |TXT| |some-text.domain.ltd.| |any text| ||
    |TXT| |private._domainkey.domain.ltd.| |k=rsa; p=MEwwDQYerwqEWwE| ||
    |TXT| |domain.ltd.| |text value| ||
}
4/28.3.2.1.in-addr.arpa.|master {
    |NS| |4/28.3.2.1.in-addr.arpa.| |aa.com.| ||
    |PTR| |6.4/28.3.2.1.in-addr.arpa.| |zone.com.| ||
    |PTR| |6.4/28.3.2.1.in-addr.arpa.| |dom1.com.| ||
    |PTR| |6.4/28.3.2.1.in-addr.arpa.| |dom2.com.| ||
    |TXT| |a.4/28.3.2.1.in-addr.arpa.| |text value| ||
    |TXT| |4/28.3.2.1.in-addr.arpa.| |sometext| ||
}

Example for an E.164 reverse zone that contains all three supported record types, NS, PTR and TXT:

6-28.3.2.1.IN-ADDR.ARPA.|master {
    |REFRESH| |10800| || ||
    |RETRY| |3600| || ||
    |EXPIRE| |604800| || ||
    |MIN_TTL| |86400| || ||
    |DEFAULT_TTL| |86400| || ||
    |NS| |6-28.3.2.1.IN-ADDR.ARPA.| |test.com.| ||
    |PTR| |14.6-28.3.2.1.IN-ADDR.ARPA.| |example.net.| ||
    |TXT| |17.6-28.3.2.1.IN-ADDR.ARPA.| |Some text| ||
}

Example for an IP6.ARPA reverse zone that contains both supported record types, NS and PTR:

1.2.3.IP6.ARPA.|master {
    |REFRESH| |10800| || ||
    |RETRY| |3600| || ||
    |EXPIRE| |604800| || ||
    |MIN_TTL| |86400| || ||
    |DEFAULT_TTL| |86400| || ||
    |NS| |1.2.3.IP6.ARPA.| |example.net.| ||
    |PTR| |1.2.3.4.5.6.7.8.9.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.2.3.IP6.ARPA.| |test.com.| ||
}

New Dump Export Utilities

  • The export command line utilities have been rewritten to support the new dump file format. Due to 4PSA DNS Manager 4 remote update features, only one export script is required.
    • Exemplifying on Plesk:
      • In 4PSA DNS Manager two utilities existed:
            plesk_complete.sh
            plesc_zones.sh
      • In 4PSA DNS Manager 4, there is only one:
            plesk_export.sh
  • New dump scripts are provided for major control panels on the market. The new dump scripts can export both master and slaves zones. Export settings are set in the script as variables or in the configuration file.
  • You will notice that CPanel and Direct Admin export scripts are no longer available. This is because the bind_export.sh script has been improved to support all kinds of zone records, so it should be used instead.
  • Below you can find the list of directive options available on Plesk scripts.
    # Dump type can be <masters/slaves/both>
    dump="both"
    # Converts master zones to slaves in dump (for DNS Manager 3 acting as slave for a bind server)
    # Works only when
    # dump=masters/both
    # dump_allow_transfers=yes/no
    # dump_masters=yes/no
    masters2slaves="no"
    # Dump 'master' records from existing slave zones and includes them in the dump
    # Works only when:
    # dump=slaves/both
    # masters2slaves=yes/no (Zones transformed from master2slave can not have a masters record because it does not exist in database!)
    # dump_allow_transfers=yes/no
    dump_masters="yes"
    # Dump 'allow-transfer' servers from existing zones and includes them in the dump
    # Works only when:
    # dump=master/both
    # dump_masters=yes/no
    # masters2slaves=yes/no
    dump_allow_transfers="yes"
    # Dump reverse zones
    dump_reverse="yes"
    # Ignore the zone status in the Plesk database (zone and/or domain can be disabled in Plesk)
    ignore_dns_zones_status="no"
    # Dump SOA records from Plesk database  
    dump_soa="no"

    Note

    Some variables might not be present on some of the scripts (like ignore_dns_zones_status, dump_soa e.t.c.)

4PSA DNS Manager Daemons

4PSA DNS Manager 4 comes with powerful new import daemons that replace the old cron scripts. Below you can find a list of all daemons on a DNS Manager 4 server.

  • HTTP interface daemon
    • Name - dnsmanager
    • Short description - The demon is responsible for running 4PSA DNS Manager web interface.
    • Init script - Usually located in /etc/init.d/dnsmanager
  • Zone management daemon
    • Name - zonemngd
    • Short description - The daemon synchronizes the bind configuration file with interface and remote updates
    • Init script - Usually located in /etc/init.d/zonemngd
  • Remote import daemon
    • Name - updateurld
    • Short description - The daemon synchronizes DNS Manager local database with remote updates
    • Init script - Usually located in /etc/init.d/updateurld
  • BIND daemon
    • Name - bind
    • Short description - BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.
    • Init script - /etc/init.d/named

    Note

    All daemons and locations based on Redhat Enterprise Linux 5.1 paths and naming conventions.

  • Round Robin daemon
    • Name - rrmonitd
    • Short description - Automates the DNS Round Robin disqualification and qualification when a resource associated with a resource record becomes unavailable / available again. By resource we understand a protocol that can be monitored for service availability, like: HTTP, SMTP or POP3.
    • Init script - /usr/sbin/rrmonitd

Interface access and disk location

4PSA DNS Manager 4 comes with a dedicated HTTP interface. In order to login to the 4PSA DNS Manager 4 web interface you must point the browser to:

https://your_server_ip:8550

To login to the interface for the first time you must supply these login credentials:

user: admin
password: welcome

The new interface can now be found in:

DNSMANAGER_ROOT_D /admin/htdocs/

The skin directory can be found in:

DNSMANAGER_ROOT_D/admin/htdocs/skins

The language pack directory can be found in:

DNSMANAGER_ROOT_D/admin/htdocs/language

Note

All important paths are defined in /etc/dnsmanager/dnsmanager.conf

New RPM based packaging

4PSA DNS Manager 4 is now packed in RPM files. The supplied installed has the only role to ease the installation/upgrade by resolving dependencies and fixing most common issues. For more details check the command line installation instructions.

Contact and Support

For online help and support please visit:

For mailing addresses and phone numbers from our offices:

http://www.4psa.com/contactus

If you have any question, do not hesitate to contact us.