Managing DNS Views

Managing DNS Views

 

 What are DNS views? 

 

DNS views or Domain views serve different responses to DNS queries based on various criteria, most commonly the source of the query or the host accessing it. This indicates that the DNS server can present one set of DNS information to one group of clients and a different set to another group, based on predefined views.

 Configuring Named Views 

 

DDI enables you to create multiple views and name them for better identification

Select the DNS menu the left menu bar. Now select Views from the submenus that appear on the inner menu bar.

  1. Select the DNS menu from the menu bar along the left side of the screen.

  1. From the submenus that appear, choose Views.

  1. If views have never been enabled for any of the existing zones, the screen will display the message No View Available.

  1. Clicking on the Enable View button now will move all the existing domains to a Default view. Clicking Yes will create a Default View entry in the Views page. Here you can see under the match client field holding the value any, indicating this configuration will apply to all clients.




Default View

Default view for a domain refers to the unnamed or implicit view that is used when no specific view has been defined for a set of DNS queries. In the default view, BIND handles DNS queries as any standard DNS server would, without applying different rules or data sets based on the query source. It simply serves the DNS zones and records as configured.

In more complex configurations where named views are used, the default view can still exist. It would handle any queries that don't match the criteria of the named views. For example, if there are views for internal and external networks, the default view could handle queries from sources not covered by these specific views.

  1. To create a named View, click on the Add View button in the top right corner. The Create View page appears.

  1. Input a name for the new View in the designated field.

  1. For the Match Clients field, input the list of IP addresses or specify named Access Control Lists (ACLs) as required.

  1. Select the DNS options relevant for your selection of clients.

  1. Once all the necessary information is provided and options are selected, click Save.

 

 Popular DNS options for Domain views 

  1. Match Clients: Determines which clients (usually specified by IP address or network) the view applies to. It can be used to differentiate between internal and external network clients.

  2. Match Destinations: Similar to match-clients, but this matches on the destination address of the query instead of the source.
  3. Recursion: Controls whether the server will perform recursive queries for clients using this view. This can be enabled for internal clients and disabled for external ones to prevent abuse.

  1. Forwarders: Specifies different upstream servers for resolving DNS queries for clients that match the view. This can redirect query traffic based on client type or requested domain.

  1. Response Policy Zone (RPZ): Implements response policy service, allowing the server to modify or block DNS responses based on policies.

  1. Order of Precedence: If a client matches multiple views, the order in which the views are defined in the configuration file determines which one finally applies.

  1. Allow-recursion, allow-query, allow-transfer: These options within a view can be used to control which clients are allowed to perform recursive queries, make queries, or request zone transfers, respectively.

  1. DNSSEC Validation: Controls whether DNSSEC validation is performed for the clients that match the view. This might be enabled for external views to provide DNSSEC security for internet clients.  


                  New to ADSelfService Plus?

                    • Related Articles

                    • Managing DNS resource records

                      What are domain Resource Records (RR)? Resource Records (RRs) are the fundamental information elements of the Domain Name System (DNS). Each RR defines a specific piece of information about the domain. Here are the general components of an RR: Name: ...
                    • DNS query analytics

                      DNs analytics dashboard provides a network administrator with quick insights into the DNS and leased IP activity related to a particular domain or network segment. It helps in monitoring network usage, identifying potential issues, and understanding ...
                    • DNS Firewall(FRW) Response Policy Zones (RPZ)

                      RPZ (Response Policy Zone) allows a nameserver to modify DNS responses based on policies. It's often used for implementing security measures, such as blocking known malicious domains, redirecting domains, or applying other customized policies. When a ...
                    • Managing Dynamic Domains

                      Dynamic DNS (DDNS) In DNS, a zone is a portion of the domain namespace, and the ability to create new zones dynamically is very essential, especially in environments where zones need to be added or removed without manual intervention. Dynamic DNS ...
                    • DNS Audit Logs

                      ManageEngine enables you to view the audit logs of specific domains Select the DNS menu from the menu bar along the left side of the screen.From the submenus that appear, choose Audit. The Audit page helps you to continuously evaluate the overall ...