Architecture Overview
This document is an overview of the DNS Manager architecture.
DNS RFC Compliance
DNS Manager complies to the RFC listed below.
| Aspect | RFC |
|---|---|
| A record | RFC 1035 |
| AAAA record | RFC 3596 |
| CNAME record | RFC 1035 |
| MX record | RFC 1035 |
| NAPTR record | RFC 3403 RFC 2915 |
| CAA record | RFC 6844 |
| NS record | RFC 1035 |
| PTR record | RFC 1035 |
| SRV record | RFC 2782 |
| TXT record | RFC 1035 |
| TXT structured | RFC 1464 |
| SOA record | RFC 1912 |
| SERIAL | RFC 1912 |
| Classless delegation | RFC 2317 |
| E.164 | RFC 3761 |
| IPv6 zones | RFC 4291 |
| Mask delimiters | RFC 4183 |
| SRV services and protocols | RFC 3958 |
| IPv6 format | RFC 5952 |
| Dynamic Delegation Discovery System (DDDS) | RFC 3401 RFC 3402 RFC 3403 RFC 3404 |
| Straightforward-NAPTR (S-NAPTR) Specification | RFC 3958 |
| DomainKeys Identified Mail (DKIM) | RFC 4871 |
| List of accepted services for SRV and NAPTR records | IANA Service Names Registry |
| Wildcard usage in IPv6 reverse DNS | RFC 4472 |
| Split value of long TXT record in 255 characters strings | RFC 4408 |
Zone Dump
The zone dump file format that is used by DNS Manager remote update protocol has been improved with:
- Zones are classified according to type, if a zone type is missing, then the zone is treated as master
- Master server IP addresses can be included in the dump on slave zones
- Allow-transfer server IP addresses can be included in the dump on master zones
- SOA records can be included in the dump on master zones, if the SOA records are not found in the dump, they are inherited from the client or system defaults;
- Classless IN-ADDR.ARPA delegation for zone names and records (RFC 2317)
- Reverse DNS lookups for IPv6 addresses
- $ORIGIN, @ and blank substitution
- Both / and - as mask delimiters for reverse zones
- The primary nameserver may be tagged to be imported correctly
Dump File Examples
Master zones examples
domain.ltd.|master {
|SERIAL| |2011110802| || ||
|DEFAULT_TTL| |86400| || ||
|REFRESH| |10800| || ||
|RETRY| |3600| || ||
|EXPIRE| |604800| || ||
|MIN_TTL| |86400| || ||
|ALLOW_TRANSFER| |4.3.2.1| || ||
|NS| |domain.ltd.| |ns1.domain.ltd.| ||
|NS| |aa.domain.ltd.| |ns.domain.ltd.| ||
|CNAME| |cname.domain.ltd.| |canonical.name.| ||
|CNAME| |somedir.domain.ltd.| |domain.ltd.| ||
|CNAME| |ftp| |domain.ltd.| ||
|A| |mail.domain.ltd.| |192.168.10.32| ||
|AAAA| |sub.domain.ltd.| |2001:db8:85a3:88:8a2e:370:7334:89| ||
|MX| |zone.domain.ltd.| |email.exchanger| |10|
|TXT| |txt.domain.ltd.| |v=spf1 exists:%{ir}.%{v}.arpa -all | ||
|TXT| |some-text.domain.ltd.| |any text| ||
|TXT| |domain.ltd.| |sometext| ||
|TXT| |private._domainkey.domain.ltd.| |k=rsa; p=MEwwDQYerwqEWwE| ||
|NAPTR| |mail.domain.ltd.| |!^.*$!mailto:info@domain.ltd!i| |6| |5| || || |SMTP| |A| ||
|SRV| |_sip._tcp.domain.ltd.| |.| |5| |25| |12345| ||
|SRV| |_sip._tcp.domain.ltd.| |anotherdomain.com.| |10| |20| |5560| ||
|SRV| |_h323._udp.domain.ltd.| |sub.domain.ltd.| |15| |25| |8550| ||
}
testdomain.com.|master {
|$ORIGIN| |com.| || ||
|TXT| |testdomain| |v=spf1 a mx ptr mx:mail.testdomain.com ~all| ||
|NS| || |ns1.test-web| ||
|NS| || |ns2.test-web| ||
|A| || |64.85.2.56| ||
|CAA| |test.testdomain.com.| |test.com| |issue| |2|
}Default zone type is master
domain.ltd.{
|REFRESH| |108002| || ||
|RETRY| |36002| || ||
|EXPIRE| |604802| || ||
|MIN_TTL| |86402| || ||
|DEFAULT_TTL| |86402| || ||
|SERIAL| |1271668821| || ||
|ALLOW_TRANSFER| |4.3.2.1| || ||
|NS| |domain.ltd.| |ns1.domain.ltd.| ||
|NS| |aa.domain.ltd.| |ns.domain.ltd.| ||
|CNAME| |cname.domain.ltd.| |canonical.name.| ||
|CNAME| |somedir.domain.ltd.| |domain.ltd.| ||
|CNAME| |ftp| |domain.ltd.| ||
|A| |mail.domain.ltd.| |192.168.10.32| ||
|AAAA| |sub.domain.ltd.| |2001:db8:85a3:88:8a2e:370:7334:89| ||
|MX| |zone.domain.ltd.| |email.exchanger| |10|
|TXT| |txt.domain.ltd.| |v=spf1 exists:%{ir}.%{v}.arpa -all | ||
|TXT| |some-text.domain.ltd.| |any text| ||
|TXT| |domain.ltd.| |sometext| ||
|TXT| |private._domainkey.domain.ltd.| |k=rsa; p=MEwwDQYerwqEWwE| ||
}Slave zones example
If the zone type is missing, it is assumed to be a master zone definition.
3.2.1.in-addr.arpa.|slave {
|MASTER| |6.7.8.9| || ||
|MASTER| |1999:db8:a0b:12f0:a1b2:c3d4:f5e6:1234| || ||
|ALLOW_TRANSFER| |2002:a96:b95::a96f:b95| || ||
|ALLOW_TRANSFER| |69.41.170.223| || ||
}
foo.com.|slave {
|MASTER| |1999:db8:a0b:12f0:a1b2:c3d4:f5e6:1234| || ||
|ALLOW_TRANSFER| |69.41.170.223| || ||
}Classless delegation
The rules mentioned above also apply to reverse DNS zones. You can see below full DNS zones with /24 /28 and /32 subnet mask.
4.3.2.in-addr.arpa.|master {
|REFRESH| |10800| || ||
|RETRY| |36000| || ||
|EXPIRE| |604800| || ||
|MIN_TTL| |86400| || ||
|DEFAULT_TTL| |86400| || ||
|SERIAL| |1271668821| || ||
|NS| |4.3.2.in-addr.arpa.| |ns1.name.com.| ||
|NS| |0/25.4.3.2.in-addr.arpa.| |ns.domain.com.| ||
|PTR| |5.4.3.2.in-addr.arpa.| |zone.name.| ||
|PTR| |5.4.3.2.in-addr.arpa.| |dom1.com.| ||
|PTR| |5.4.3.2.in-addr.arpa.| |dom2.com.| ||
|PTR| |5.4.3.2.in-addr.arpa.| |dom3.com.| ||
|CNAME| |10.4.3.2.in-addr.arpa.| |10.0/25.4.3.2.in-addr.arpa.| ||
|TXT| |host.4.3.2.in-addr.arpa.| |value| ||
|TXT| |4.3.2.in-addr.arpa.| |sometext| ||
}
4/28.3.2.1.in-addr.arpa.|master {
|REFRESH| |10800| || ||
|RETRY| |3600| || ||
|EXPIRE| |60480| || ||
|MIN_TTL| |86400| || ||
|DEFAULT_TTL| |86400| || ||
|SERIAL| |1271668821| || ||
|ALLOW_TRANSFER| |7.8.9.10| || ||
|ALLOW_TRANSFER| |2002:a96:b95::a96f:b95| || ||
|NS| |4/28.3.2.1.in-addr.arpa.| |aa.com.| ||
|PTR| |6.4/28.3.2.1.in-addr.arpa.| |zone.c.om.| ||
|PTR| |6.4/28.3.2.1.in-addr.arpa.| |dom1.com.| ||
|PTR| |6.4/28.3.2.1.in-addr.arpa.| |dom2.com.| ||
|TXT| |a.4/28.3.2.1.in-addr.arpa.| |text value| ||
|TXT| |4/28.3.2.1.in-addr.arpa.| |sometext| ||
}
4.3.2.1.in-addr.arpa.|master {
|REFRESH| |10800| || ||
|RETRY| |3600| || ||
|EXPIRE| |60480| || ||
|MIN_TTL| |86400| || ||
|DEFAULT_TTL| |86400| || ||
|SERIAL| |1271668821| || ||
|ALLOW_TRANSFER| |7.8.9.10| || ||
|ALLOW_TRANSFER| |2002:a96:b95::a96f:b95| || ||
|NS| |4.3.2.1.in-addr.arpa.| |aa.com.| ||
|PTR| |4.3.2.1.in-addr.arpa.| |zone.c.om.| ||
|TXT| |abc.4.3.2.1.in-addr.arpa.| |sometext| ||
}$ORIGIN, @ and Blank Substitution
The "@" character is accepted when defining zones. It is substituted with:
- The last $ORIGIN directive encountered in the file, or
- If no $ORIGIN directive is present - it is generated automatically.
Blank Substitution - with the last valid name (or label) or $ORIGIN if there are no previous names (labels).
testdomain.com.|master {
|NS| |@| |ns.isdomain.com.| ||
|NS| || |new| ||
|MX| |@| |mail.testdomain.com.| |10|
|MX| |test| |mail1.testdomain.com.| |15|
|TXT| |@| |this is not a test| ||
|CNAME| |*.new| |newtest.com.| ||
}Mask delimiter
Both "-" and "/" character are accepted when defining reverse zones. The zones are different!
4-28.3.2.1.IN-ADDR.ARPA.|master {
|NS| |4-28.3.2.1.IN-ADDR.ARPA.| |aa.com.| ||
|PTR| |6.4-28.3.2.1.IN-ADDR.ARPA.| |zone.com.| ||
|PTR| |6.4-28.3.2.1.IN-ADDR.ARPA.| |dom1.com.| ||
|PTR| |6.4-28.3.2.1.IN-ADDR.ARPA.| |dom2.com.| ||
|TXT| |a.4-28.3.2.1.IN-ADDR.ARPA.| |text value| ||
|TXT| |4-28.3.2.1.IN-ADDR.ARPA.| |sometext| ||
}
4/28.3.2.1.IN-ADDR.ARPA.|master {
|NS| |4/28.3.2.1.IN-ADDR.ARPA.| |aa.com.| ||
|PTR| |6.4/28.3.2.1.IN-ADDR.ARPA.| |zone.com.| ||
|PTR| |6.4/28.3.2.1.IN-ADDR.ARPA.| |dom1.com.| ||
|PTR| |6.4/28.3.2.1.IN-ADDR.ARPA.| |dom2.com.| ||
|TXT| |a.4/28.3.2.1.IN-ADDR.ARPA.| |text value| ||
|TXT| |4/28.3.2.1.IN-ADDR.ARPA.| |sometext| ||
}SOA records
If the SOA records are not found in the zone definition, they are inherited from the client preferences, if the client has SOA records defined. If the client has no SOA records defined, the system wide SOA settings defined by the administrator are used.
domain.ltd.|master {
|ALLOW_TRANSFER| |4.3.2.1| || ||
|ALLOW_TRANSFER| |2002:a96:b95::a96f:b95| || ||
|NS| |domain.ltd.| |ns1.domain.ltd.| ||
|NS| |aa.domain.ltd.| |ns.domain.ltd.| ||
|CNAME| |cname.domain.ltd.| |canonical.name.| ||
|CNAME| |somedir.domain.ltd.| |domain.ltd.| ||
|CNAME| |ftp| |domain.ltd.| ||
|A| |mail.domain.ltd.| |192.168.10.32| ||
|MX| |zone.domain.ltd.| |email.exchanger| |10|
|TXT| |txt.domain.ltd.| |v=spf1 exists:%{ir}.%{v}.arpa -all | ||
|TXT| |some-text.domain.ltd.| |any text| ||
|TXT| |private._domainkey.domain.ltd.| |k=rsa; p=MEwwDQYerwqEWwE| ||
|TXT| |domain.ltd.| |text value| ||
}
4/28.3.2.1.in-addr.arpa.|master {
|NS| |4/28.3.2.1.in-addr.arpa.| |aa.com.| ||
|PTR| |6.4/28.3.2.1.in-addr.arpa.| |zone.com.| ||
|PTR| |6.4/28.3.2.1.in-addr.arpa.| |dom1.com.| ||
|PTR| |6.4/28.3.2.1.in-addr.arpa.| |dom2.com.| ||
|TXT| |a.4/28.3.2.1.in-addr.arpa.| |text value| ||
|TXT| |4/28.3.2.1.in-addr.arpa.| |sometext| ||
}E164.ARPA reverse zone
Check the below example of E.164 reverse zone that contains all the supported record types, NS and NAPTR:
1.2.3.1.E164.ARPA.|master {
|SERIAL| |1330507579| || ||
|REFRESH| |10800| || ||
|RETRY| |3600| || ||
|EXPIRE| |604800| || ||
|MIN_TTL| |86400| || ||
|DEFAULT_TTL| |86400| || ||
|ALLOW_TRANSFER| |134.222.123.123/27| || ||
|ALLOW_TRANSFER| |2002:a96:b95::a96f:b95| || ||
|NAPTR| |2.3.4.5.1.2.3.1.E164.ARPA.| |!regex!replace!| |10| |20| || || |service| |S| |mydomain.tst.|
|NAPTR| |9.1.2.3.1.E164.ARPA.| |!^.*$!mailto:info@example.com!i| |10| |20| || || |email| |S| ||
|NS| |1.2.3.1.E164.ARPA.| |ns1.example.com.| |1|
|NS| |1.2.3.1.E164.ARPA.| |ns2.example.com.| ||
}IP6.ARPA reverse zone
Check this example of IP6.ARPA reverse zone that contains both supported record types, NS and PTR:
1.2.3.4.5.6.7.8.9.0.1.2.3.4.5.6.7.8.9.0.2.1.2.A.A.2.2.IP6.ARPA.|master {
|SERIAL| |2018071302| || ||
|REFRESH| |10800| || ||
|RETRY| |3600| || ||
|EXPIRE| |604800| || ||
|MIN_TTL| |86400| || ||
|DEFAULT_TTL| |86400| || ||
|NS| |1.2.3.4.5.6.7.8.9.0.1.2.3.4.5.6.7.8.9.0.2.1.2.A.A.2.2.IP6.ARPA.| |ns1.bar.com.| ||
|NS| |1.2.3.4.5.6.7.8.9.0.1.2.3.4.5.6.7.8.9.0.2.1.2.A.A.2.2.IP6.ARPA.| |ns3.bar.com.| |1|
|PTR| |9.8.7.6.5.1.2.3.4.5.6.7.8.9.0.1.2.3.4.5.6.7.8.9.0.2.1.2.A.A.2.2.IP6.ARPA.| |foo.com.| ||
|PTR| |9.9.9.9.9.1.2.3.4.5.6.7.8.9.0.1.2.3.4.5.6.7.8.9.0.2.1.2.A.A.2.2.IP6.ARPA.| |bar.com.| ||
|PTR| |*.1.2.3.4.5.6.7.8.9.0.1.2.3.4.5.6.7.8.9.0.2.1.2.A.A.2.2.IP6.ARPA.| |newtest.tst.| ||
}Primary NS
The primary NS record is marked with 1 in the dump file. If missing the NS order is random.
bar.com.|master {
|NS| |bar.com.| |ns1.first.co.uk.| ||
|NS| |bar.com.| |ns2.first.co.uk.| |1|
}Dump Export Utilities
Command Line Utilities
The export command line utilities support the new dump file format. These utilities help you set the DNS Manager server to act as slave DNS for other servers. The dump export utility should be copied on the primary server. To find out more details about how to configure Primary/Secondary Server Setup with DNS Manager read this KB article.
Dump Scripts
New dump scripts are provided for major control panels on the market. The new dump scripts can export both master and slaves zones. Export settings are set as variables in the script or in the configuration file. Use this command to find the DNSMANAGER_ROOT_D path:
#> grep DNSMANAGER_ROOT_D /etc/dnsmanager/dnsmanager.conf
DNSMANAGER_ROOT_D /usr/local/dnsmanagerBelow you can find the list of export scripts available:
| Zones management software | Folder | DNS Manager Script |
|---|---|---|
| Bind generic | DNSMANAGER_ROOT_D | bind_export.sh |
| DNS Manager | DNSMANAGER_ROOT_D | dnsmanager_export.sh |
| Plesk Linux | DNSMANAGER_ROOT_D | plesk_export.sh plesk_export.pl |
| Plesk Windows | DNSMANAGER_ROOT_D | plesk_win_export.exe |
| PowerDNS | DNSMANAGER_ROOT_D | powerdns_export.sh |
| Helm Control Panel for Windows | DNSMANAGER_ROOT_D | helm_complete.exe helm_export.exe helm_zones.exe |
| InterWorx Hosting Control Panel | DNSMANAGER_ROOT_D | iworx_complete.php iworx_zones.php |
| Ensim | DNSMANAGER_ROOT_D | ensim_complete.sh ensim_zones.sh |
Services
Please find below a list of all services on a DNS Manager 4 server.
Web interface service
- Name:
dnsmanager - Short description: The service is responsible for running DNS Manager web interface
- Init script: Usually located in
/etc/init.d/dnsmanager
Zone management service
- Name:
zonemngd - Short description: The service synchronizes the bind configuration file with updates (received using any means)
- Init script: Usually located in
/etc/init.d/zonemngd
Remote import service
- Name:
updateurld - Short description: The service synchronizes DNS Manager local database with remote updates.
- Init script: Usually located in
/etc/init.d/updateurld
NAMED service
- Name:
named - Short description: BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols; BIND includes a DNS server (named), which resolves host names to IP addresses, a resolver library (routines for applications to use when interfacing with DNS), and tools to verify that the DNS server is operating properly.
- Init script: Usually located in
/etc/init.d/namedor/etc/init.d/named-chroot
Round robin service
- Name -
rrmonitd - Short description - Automates the DNS Round Robin disqualification and qualification when a resource associated with a resource record becomes unavailable again.
- Init script - Usually located in
/etc/init.d/rrmonitd
Interface Access and Disk Location
DNS Manager comes with a dedicated web management interface, accessible in the browser at:
http
https:// <your_server_ip>To log in to the interface for the first time, you must supply the following login credentials:
INFO
user: admin
password: welcome
The skin directory can be found in:
INFO
DNSMANAGER_ROOT_D/admin/htdocs/skins
The language pack directory can be found in:
INFO
DNSMANAGER_ROOT_D/admin/htdocs/language
All important paths are defined in /etc/dnsmanager/dnsmanager.conf