DNS Administration

Adonis allows administrators to make common changes to many Adonis servers at once, avoiding the data reconfiguration of each individual server.
Server Group Management enables key functions and features of multiple Adonis appliances to be managed as a single group (Adonis 1750R/1000/500/250/XMB), yet enables specific configuration changes to each individual server or service level for customized requirements.

Use Transaction Signatures (TSIGs) to secure zone transfers and updates between DNS name servers. A configured Adonis appliance uses TSIGs to authenticate updates and zone transfers, ensuring that DNS information purporting to be from a certain server is actually sourced from that server. TSIGs authenticate dynamic updates as coming from an approved client, or to authenticate responses as coming from an approved recursive name server. Using a shared secret key between two Adonis appliances, or the Adonis appliance and another DNS server, the Adonis Management Console computes a “hash value” to determine the authenticity of the zone transfer request. The hash value provides a point-to-point authentication and verification for DNS transactions. Once authenticated and verified that the DNS data can be trusted, a trust relationship established between the two servers. If not, the Adonis Management Console rejects the request.

 

 

 

BIND views enable a single name server to be configured to return a different response, based on who performs the query. With BIND views, a single Adonis appliance can return an intranet response if the query originates from within the corporation. A query received from an external address will return a response with an external address. For example, you can run your company's internal and external DNS data on the same server, instead of configuring separate sets of name servers. Prior to BIND 9, presenting one view of a zone to one community of hosts and a separate view to others called for a very complex configuration, running multiple sets of name servers, or multiple name server processes on a single host.

Adonis can disable and enable zones intelligently. Network administrators can create “live” configurations, serving only DNS data for zones that are fully prepared with online web, email, and database servers that are ready for production. When a zone is disabled, Adonis will selectively disable dependent records outside the zone without manual intervention of the administrator.

The delegation of classless IP blocks (IN-ADDR.ARPA) requires additional CNAME records that can be difficult to maintain. Adonis’ Subnet Delegation Wizard simplifies the creation and maintenance of the organized blocks. Maintain delegated IP space on a local or external server, and maintain the records through the Subnet Delegation Wizard conforming to RFC 2317.

Delegation Only Zones are useful when filtering out wildcard or synthesized data from Network Address Translation (NAT) servers, or authoritative name servers containing un-delegated zone data of no interest. Root Delegation Only is a server option enabled directly from the Adonis Management Console, used to enforce delegation only in top-level domains (TLD) and root zones, with the option to add specific domains to exclude or load the default list.

When a zone is disabled, the Adonis Management Console will selectively disable dependent records outside the zone without the manual intervention of the administrator.

Auto Generate can be used where a BIND $GENERATE statement is employed, and creates a series of resource records differing only by an “iterator,” for easily generating the record sets required to support sub-/24 reverse delegations described in RFC 2317:Classless IN-ADDR.ARPA delegation. The process of automatically generating resource records creates a single host entry in the configuration file. When synchronized, Adonis creates the actual records on the server.

Existing DNS configurations can be migrated with the Adonis Management Console, eliminating tedious recreation and re-entering zone data. Configuration Migration imports DNS files created with both current and earlier releases of the BIND software (including versions 4.x, 8.x, and 9.x). Microsoft® Windows DNS configurations can be extracted with the Adonis Extraction Tool. After importing the existing configuration into the Adonis Management Console, check for previous configuration errors and perform data validation using Data Checker, and the Live Data Check and Validation tools.

The Start of Authority (SOA) resource record for a zone identifies which primary master name server is “authoritative”, meaning the best source of information for the zone. SOA records contain important settings for refreshing the data in the zone. One of these settings is the serial number, a unique identifying number that applies to all data in the zone. This option is set by default to “auto,” enabling a special algorithm to determine the correct setting.

Generate a statistical summary of your DNS configuration using the Adonis Management Console. Statistics on the number of servers, zones, and addresses provide useful data on the size of your network infrastructure.

Adonis is fully compliant with the following DNS RFC’s: 1034, 1035, 1531, 1534, 1886, 1995, 1996, 2131, 2132, 2136, 2317, 2845, 2874, 3226, 3363, 3364, 3646.