Managing DNS resource records

Managing DNS resource records

 

 What are domain Resource Records (RR)? 


Resource Records (RRs) are the fundamental information elements of the Domain Name System (DNS). Each RR defines a specific piece of information about the domain. Here are the general components of an RR:
  1. Name: The domain name to which this record pertains.

  1. Type: The type of the resource record, which defines the type of data contained in the record (e.g., A, MX, CNAME).

  1. TTL: Time to Live, which specifies how long the record should be cached by DNS resolvers.

  1. RDATA: Resource Data, the data of the resource record, varies according to the type (e.g., the IP address for an A record).

The combination of these elements within a DNS record allows DNS servers to accurately resolve queries by clients for various services related to a domain, such as website addresses, email servers, and service locations.

 

The following are the types of  resource records supported by ManageEngine DDI:

  1. A (IPv4): Address record that maps a domain name to an IPv4 address, allowing a domain to be associated with a physical machine or resource on an IPv4 network.

  1. AAAA (IPv6): Address record similar to the A record but for IPv6 addresses, mapping a domain name to an IPv6 address.

  1. CAA (Certificate Authority Authorization): Specifies which certificate authorities (CAs) are allowed to issue certificates for a domain, enhancing security by restricting which CAs can issue certificates.

  1. CNAME (Canonical Name): Redirects one domain name to another domain name, allowing multiple DNS records to map to the same server without specifying IP addresses.

 

  1. DS (Delegation Signer): Holds the cryptographic signature for a DNSSEC-secured domain, which is used to securely delegate a subdomain to another DNS server or manager.

 

  1. MX (Mail Exchange): Directs email to a mail server by specifying the server responsible for accepting email messages on behalf of a domain with a priority level.

  1. NS (Name Server): Indicates the authoritative name server for a domain, which is responsible for presenting information about the domain's DNS zone.

 

  1. PTR (Pointer): Used primarily for reverse DNS lookups, mapping an IP address (IPv4 or IPv6) to a domain name.

 

  1. SPF (Sender Policy Framework): Defines which IP addresses are authorized to send email from a domain, helping to prevent email spoofing.

  1. SRV (Service Locator): Specifies the location of servers for specified services, containing the hostname and port number for services such as VoIP, IM, etc.

  1. TXT (Text): Allows administrators to insert arbitrary text into a DNS record. Often used to provide information to external sources, such as verification tokens for domain ownership or email security policies.

 

 Creating resource records in DDI 

 

To add or update the resource records for a particular domain

  1. Click on the domain name of your choice from the list of the domains that you intend to create or update DNS records.

  1. This will take you inside that particular domain, displaying various types of records supported by DDI like A, AAAA, ANAME, CNAME, etc.

  1. Select the relevant record type you'd like to configure for your domain and click on it.  

  1. To create a new record under the chosen record type, Click on the blue Add button at the extreme right corner of the table header under the chosen record type.

  1. On the Create record type page, Enter the subdomain or hostname.

  1. The Time-To-Live(TTL) attribute specifies the total number of seconds the local resolver ought to cache the response for a record before requesting a new one. The default is set to 86400 but can be modified as per your domain's requirements.

  1. DDI enables you to configure multiple hosts to provide responses for a domain by clicking Add IP. To configure multiple hosts for a DNS record click on Add IP after each entry.

 

   Importing and Exporting zone data   

 

DDI enables you to quickly create all of the records for your zone by importing a zone file in BIND format, that represents zone files in a text format.

 

 Importing  

To create DNS records by importing a zone file in BIND format:

 

  1. Get the zone file exported and saved as BIND file from the other DNS server Make sure the zone file is in RFC-compliant format.

  1. In DDI console, create a new zone or select a zone by clicking on its name.

  1. Once you are inside the new zone, click the Import button in the top right corner.

  1. Now you can import the zone file as a BIND file.

 

Click the Import button at the bottom to start importing. You may have to wait a few minutes for the records to be created as it depends on the number of records in your zone file.

 

 Exporting 

The same process is followed to export your zone files in DDI. Click the Export button in the top right corner. On clicking the Export button, the zone files are automatically downloaded as text files with the respective domain name in BIND format.

                  New to ADSelfService Plus?

                    • Related Articles

                    • Managing DNS Views

                      What are DNS views? DNS views or Domain views serve different responses to DNS queries based on various criteria, most commonly the source of the query or the host accessing it. This indicates that the DNS server can present one set of DNS ...
                    • DNS query analytics

                      DNs analytics dashboard provides a network administrator with quick insights into the DNS and leased IP activity related to a particular domain or network segment. It helps in monitoring network usage, identifying potential issues, and understanding ...
                    • DNS Audit Logs

                      ManageEngine enables you to view the audit logs of specific domains Select the DNS menu from the menu bar along the left side of the screen.From the submenus that appear, choose Audit. The Audit page helps you to continuously evaluate the overall ...
                    • DNS Firewall(FRW) Response Policy Zones (RPZ)

                      RPZ (Response Policy Zone) allows a nameserver to modify DNS responses based on policies. It's often used for implementing security measures, such as blocking known malicious domains, redirecting domains, or applying other customized policies. When a ...
                    • Managing Dynamic Domains

                      Dynamic DNS (DDNS) In DNS, a zone is a portion of the domain namespace, and the ability to create new zones dynamically is very essential, especially in environments where zones need to be added or removed without manual intervention. Dynamic DNS ...