diff --git a/guides/user-manual/dns.rst b/guides/user-manual/dns.rst index 0f7c76b7..8449ed26 100644 --- a/guides/user-manual/dns.rst +++ b/guides/user-manual/dns.rst @@ -7,10 +7,15 @@ DNS ==== -Micetro's :ref:`access control` system provides granular control over who can access DNS information. The system includes the following built-in roles that provide varying levels of access to the DNS page. +On the **DNS** page, manage your DNS information, including zones and resource records all in one place. Here, you can create and delete zones, migrate zones between servers, edit zone options, manage zone records, and more. + +.. image:: ../../images/DNS-Micetro.png + :width: 90% + +Micetro's role-based and centralized :ref:`Access Management` system provides granular control over who can access DNS information. The system includes the following built-in roles that provide varying levels of access to the **DNS** page: * **DNS Administrators** -* **DNS viewers** (allows viewing of DNS information) +* **DNS viewers** (can only view DNS information) To grant other roles access to DNS information, make sure that they include the following permissions: @@ -19,12 +24,12 @@ To grant other roles access to DNS information, make sure that they include the * **List (or view) zone** .. note:: - To fully manage zones, additional permissions may be required, and specific access might be defined on individual zones. + To fully manage zones, additional permissions may be required. Specific access might be defined on individual zones and require explicit permissions. - .. toctree:: :maxdepth: 1 dns_zones + managing_dns_zones dns_records webapp_import_dns_records diff --git a/guides/user-manual/dns_records.rst b/guides/user-manual/dns_records.rst index f76798a3..06949249 100644 --- a/guides/user-manual/dns_records.rst +++ b/guides/user-manual/dns_records.rst @@ -4,19 +4,15 @@ .. _dns-records: -DNS Resource Records +DNS resource records ==================== - -Overview --------- - -Each zone in the Domain Name System (DNS) contains a set of resource records that define how requests are processed or delegated within that zone. To view the resource records for a particular zone, you can double-click the zone, or select the zone and then click :guilabel:`Open` on the toolbar at the top or on the row menu (**...**). Once you have opened the zone, you can view, edit, and manipulate the resource records. +Each zone in the Domain Name System (DNS) contains a set of resource records that define how requests are processed or delegated within that zone. To view the resource records for a particular zone, double-click the zone or select the zone in the grid and then select :guilabel:`Open` on the task bar or :guilabel:`Open zone` on the Row :guilabel:`...` menu. Once the zone is open, you can view, edit, and manipulate the resource records as needed. .. image:: ../../images/DNS-records-Micetro-10.5.png :width: 90% :align: center | -Selecting a DNS record in the list will display the following details and actions for the record in the :guilabel:`Inspector` pane on the right. +Select a DNS record in the grid to view the following details and actions for the record in the Inspector. .. csv-table:: :header: "Item", "Description" @@ -24,10 +20,10 @@ Selecting a DNS record in the list will display the following details and action "Actions", "Lists all available actions for the selected record." "Properties", "Lists the properties for the selected DNS record." - "Related DNS Data", "Lists all related DNS records for the selected DNS record. Related DNS records all DNS records that are somehow associated with the specified record." - "Related IP address", "Lists the related IP address in case of an A or AAAA DNS record." + "Related DNS Data", "Lists all DNS records that are somehow associated with the selected DNS record." + "Related IP Addresses", "Lists the related IP addresses in the case of an A or AAAA DNS record." -Available Record Types +Available record types ---------------------- * A / AAAA @@ -89,22 +85,23 @@ Available Record Types * CSYNC -Creating New DNS Records +Creating new DNS records ------------------------- +In Micetro, you can create new DNS records for a zone. .. note:: - For importing DNS records in bulk, see :ref:`webapp-import-dns-records`. + For instructions on importing DNS records in bulk, refer to :ref:`webapp-import-dns-records`. -To create a new DNS record: +**To create a new DNS record**: -1. Click :guilabel:`Create` in the main toolbar. The Create DNS Record dialog box opens. +1. On the **DNS** page, select :guilabel:`Create`. -2. Enter a name and select the record type. After selecting the type, the relevant fields are automatically displayed. +2. In the **Create DNS Record** dialog box, enter a name for the record and select the record type. After selecting the type, the relevant fields for that type are automatically displayed. .. warning:: - If you save a new DNS record with the wrong type, you cannot change the type later. You have to delete the record and create a new one with the correct type. + If you save a new DNS record with the wrong type, you cannot change the type later. You must delete the record and create a new one with the correct type. -3. Fill in the required information and custom fields, if there are any. +3. Enter the required and any optional custom information. * For A records, an autocomplete behavior helps find a free IP address in a network. @@ -113,39 +110,38 @@ To create a new DNS record: .. image:: ../../images/create-DNS-record-ip-Micetro.png :width: 75% - * Selecting an item from the list, will fill in the **Address** field with the next free IP address from that network, along with an indicator on the address state: ``Free``, ``Reserved``, ``Claimed`` or ``Assigned``. You'll also see insights for the selected IP address. + * Selecting an item from the list autofills the :guilabel:`Address` field with the next free IP address from that network, along with an indicator on the address state: ``Free``, ``Reserved``, ``Claimed`` or ``Assigned``. It also displays insights for the selected IP address. .. image:: ../../images/create-DNS-record-ipam-Micetro.png :width: 75% -4. When you are finished, click :guilabel:`Create now` to save the new record to the zone, or :guilabel:`Add to request` to add it to the request queue. For more information about the request queue, see :ref:`webapp-workflows`. +4. When you are finished, select :guilabel:`Create Now` to save the new record to the zone or :guilabel:`Add to Request` to add it to the request queue. For more information about the request queue, refer to :ref:`webapp-workflows`. -IP Address Insights +IP address insights ^^^^^^^^^^^^^^^^^^^^ -Once you have entered/selected the IP address in the **Address** field, you can see some insights about the address and related objects. These insights give you more information about the IP address and can help you understand its state better. +Once you have entered/selected the IP address in the :guilabel:`Address` field, the dialog box will display insights about the address and related objects. These insights provide more information about the IP address and can help you to better understand its state. .. image:: ../../images/create-DNS-record-ipam-insights-Micetro.png :width: 75% | Hover over the :guilabel:`i` icon to see more information or a list of objects: - * *Network* will show more details on the network. + * **Network** shows more details on the network. - * *Properties* will show a list of all defined properties for the specified IP address. + * **Properties** shows a list of all defined properties for the specified IP address. - * *DNS hosts* will show a list of all defined DNS hosts for the specified IP address. + * **DNS hosts** shows a list of all defined DNS hosts for the specified IP address. - * *MAC address* will show a list of additional MAC information for the specified IP address. + * **MAC address** shows a list of additional MAC information for the specified IP address. - * *Last seen* will show a list of additional information for the specified IP address. + * **Last seen** shows a list of additional information for the specified IP address. .. csv-table:: IPAM Insights :widths: 15, 85 "Network", "The network containing the specified IP address" "Network type", "Either an IP address range or a DHCP scope" - "Properties", "Various properties including custom properties, if defined." - "DHCP client", + "Properties", "Various properties including custom properties, if defined" "DNS hosts", "Lists all DNS hosts that are set for the specified IP address" "MAC address", "The MAC address of the discovered device" "Last seen", "The date for which the IP address was last seen" @@ -153,8 +149,7 @@ Hover over the :guilabel:`i` icon to see more information or a list of objects: Time-to-live (TTL) """""""""""""""""" - -Throughout the system, the TTL value can either be specified in seconds or using the shorthand notation, such as: +When creating a DNS record, you must can provide its time-to-live (TTL). Throughout the system, the TTL value can either be specified in seconds or using the shorthand notation, such as: * **1s**: 1 second @@ -169,38 +164,43 @@ Throughout the system, the TTL value can either be specified in seconds or using Editing a DNS record -------------------- +When necessary, Micetro enables you to edit an existing DNS record. -1. Select the DNS record in the DNS record list +.. note:: + Once a DNS record is created, you cannot edit its type. If you created a record with the wrong type, delete the record and create a new one with the correct type. -2. Either click :guilabel:`Edit` in the main task bar, or click on :guilabel:`Edit DNS record` in the row menu (...). +**To edit a DNS record**: -3. A dialog box is displayed where you can modify the DNS record. +1. Select the DNS record in the grid on the **DNS** page. -4. Click :guilabel:`Save`. +2. Select either :guilabel:`Edit` on the task bar or use the Row :guilabel:`...` menu to select :guilabel:`Edit DNS record`. +3. In the dialog box, modify the DNS record as needed. + +4. Click :guilabel:`Save`. -Deleting Records ----------------- +Deleting a DNS record +--------------------- Deleting a record removes both the data and the physical record from the grid. -1. Select the record(s) that you want to delete. To select multiple records, hold down the Ctrl (or Cmd on Mac) key while making your selections. +**To delete a DNS record** -2. Click :guilabel:`Delete` on the task bar. The record is immediately deleted from the zone. +1. Select the record(s) that you want to delete. To select multiple records, hold down the **Ctrl** (or **Cmd** on Mac) key while making your selections. +2. Click :guilabel:`Delete` on the task bar. The record is immediately deleted from the zone. -Undoing Changes to Records --------------------------- -If you need to revert or undo changes made to DNS records, Micetro provides a straightforward process through its history feature. It's essential to use this feature carefully, especially when dealing with critical DNS configurations. -**To undo changes**: +Undoing changes to a DNS record +------------------------------- +If you need to undo or revert changes made to DNS records, Micetro provides a straightforward process through its History feature. It's essential to use this feature carefully, especially when dealing with critical DNS configurations. -1. Locate the zone where the changes were made, and click on the row menu (...) associated with it. +**To undo changes to a DNS record**: -2. Select :guilabel:`View history`. +1. Locate the zone where the changes were made, and use the Row :guilabel:`...` menu to select :guilabel:`View history`. -3. Locate the specific action you want to undo within the history. +3. In the **History** dialog, select the specific action you want to undo. -4. Select :guilabel:`Undo` option on the Row menu (…). This action will roll back the selected change, restoring the DNS record to its previous state. +4. Use the Row :guilabel:`...` menu to select :guilabel:`Undo`. This action will roll back the selected change, restoring the DNS record to its previous state. -For more information about viewing object change history, see :ref:`view-change-history`. +For more information about viewing object change history, refer to :ref:`view-change-history`. diff --git a/guides/user-manual/dns_zones.rst b/guides/user-manual/dns_zones.rst index 9c756c28..03d0e56a 100644 --- a/guides/user-manual/dns_zones.rst +++ b/guides/user-manual/dns_zones.rst @@ -4,21 +4,21 @@ .. _dns-zones: -DNS Zones -========= +DNS zone types +============== .. |controls| image:: ../../images/console-dns-zones-zone-controls-icon.png .. |analyze| image:: ../../images/console-analyze.png .. note:: - This information applies to the Micetro web interface. For information about DNS zone management in the M&M Management Console, see :ref:`console-dns-zones`. + This information applies to the Micetro Web Application. For information about DNS zone management in the M&M Management Console, see :ref:`console-dns-zones`. -By default, the DNS page displays all primary zones in the system regardless of authority. +By default, the **DNS** page displays all primary zones in the system regardless of authority. .. image:: ../../images/DNS-Micetro.png :width: 90% | -The left sidebar offers several options for filtering and organizing zones. At the bottom of the sidebar, you can select what to display: **Menu**, **Folders**, and **DNS services**. +The leftmost sidebar offers several options for filtering and organizing zones. At the bottom of the sidebar, you can select what to display: **Menu**, **Folders**, and **DNS services**. .. image:: ../../images/sidebar-tabs.png @@ -34,9 +34,9 @@ Micetro will remember your current view selection when you navigate away from th .. _dns-zone-types: -Zone Types +Zone types ----------- -This table shows the zone types supported by Micetro. +This table shows the zone types supported by Micetro: .. csv-table:: :header: "Type", "Description" @@ -53,248 +53,48 @@ This table shows the zone types supported by Micetro. "Static-stub", "A BIND specific zone type to configure conditional forwarding, similar to Stub but is static, that is, it has a set of preconfigured NS entries." "Forward", "A forward zone contains a list of name server addresses, called forwarders, that can resolve queries for the zone. With forward zones queries are forced to go to the specified addresses." -Zone Contents +Zone contents ^^^^^^^^^^^^^ +For each zone in the **DNS** data grid, you can view its properties, details, and resource records. -The Inspector panel on the right provides a look at the Start of Authority (SOA) record, and properties of the selected zone. +The Inspector on the right side of the screen provides an overview of the Start of Authority (SOA) record and properties of the selected zone. .. image:: ../../images/DNS-zone-contents-Micetro-10.5.png :width: 65% Click the header of the desired section to collapse or expand the section. -SOA -"""" -The SOA record contains the following data fields. To edit SOA information, click the pencil icon in the section header. +SOA records +""""""""""" +An SOA record contains the following data fields. To edit SOA information, click the |ico1| in the section header. + +.. |ico1| image:: ../../images/edit-pencil-icon.png + :height: 3ex .. csv-table:: :header: "Field", "Description" :widths: 15, 75 "Primary", "The name of the server that serves as the primary server for the zone." - "Hostmaster", "The email address of the individual responsible for the zone, formatted with a period (.) in place of the @ symbol. For example, hostmaster@example.com should be entered as hostmaster.example.com. The username must not contain a literal dot (.). See RFC 1912 'Common DNS Operational and Configuration Errors', Section 2.2 for additional information." + "Hostmaster", "The email address of the individual responsible for the zone, formatted with a period (.) in place of the @ symbol. For example, hostmaster@example.com should be entered as hostmaster.example.com. The username must not contain a literal dot (.). Refer to RFC 1912 'Common DNS Operational and Configuration Errors', Section 2.2 for additional information." "Serial", "A ten-digit number representing the year, month, day, and a two-digit daily revision number. It is actually any integer between 0 and approximately 4 billion, but the aforementioned format is the standard convention." "Refresh", "The interval in seconds at which secondary servers verify if their zone files are up to date by checking the serial number against the primary server. The standard setting for this field is 28800 seconds, or every 8 hours." "Retry", "The time a secondary server will wait to attempt reconnection with the primary zone after a failed attempt. The standard setting is 7200 seconds, or every 2 hours." "Expire", "The duration a secondary server will continue to serve a zone following the last successful contact with the primary name server. After expiration, the secondary server stops providing information about the zone, considering it unreliable. The standard expiration time is 604800 seconds, or 1 week." "Neg. caching", "This field is only available when connected to a BIND server. It specifies how long a server will cache the knowledge negative reponses. The standard setting is 86400 seconds, 24 hours." -Managing DNS Zones -------------------- - -Viewing Zone Contents -^^^^^^^^^^^^^^^^^^^^^^ -To view the DNS resource records for a particular zone, you can double-click the zone, or select it and then click :guilabel:`Open` on the page toolbar or the row menu :guilabel:`...`. A list of the zone's resource records is displayed. For more information about DNS resource records, see :ref:`dns-records`. - -Creating Zones -^^^^^^^^^^^^^^^ - -**To create a new DNS zone**: - -1. Click :guilabel:`Create` on the DNS page toolbar. - -2. Select the zone type. For more information about zone types, see :ref:`dns-zone-types` above. - - .. image:: ../../images/dns-zone-create.png - :width: 65% - -3. Follow the steps of the wizard. The number of steps will vary based on the zone type and the configuration of Micetro. - -.. tip:: - You can specify the network address in CIDR format, such as 192.168.1.0/24. Micetro will automatically convert this CIDR format into a reverse zone name (0.168.192.in-addr.arpa.). - -Primary Zone -""""""""""""" -1. Use the server filter to select the DNS server where the zone should be created. If xDNS profiles have been created on the instance, the zone can be added directly to an xDNS profile in the first step of the wizard. - - .. image:: ../../images/zone-primary-windows.png - :width: 65% - - * When creating a DNS zone on a Windows Server, you'll encounter two checkboxes: - - * **AD Integrated**: Selecting this option will create an Active Directory-integrated zone, which stores the zone data in Active Directory and benefits from AD's replication and security features. - * **Dynamic Update**: Selecting this box enables dynamic updates, allowing DNS records to be automatically updated by authorized devices. - - If neither checkbox is selected, the DNS zone will be a standard static zone. - -2. Optional. You can select server(s) to host an identical copy of the zone. The zone files from the primary DNS are synced to the secondary DNS through a zone transfer. - - .. image:: ../../images/zone-flow-redundancy.png - :width: 65% - -3. If **custom properties** have been defined for zones, they can be edited in a separate step. Custom properties provide additional attributes that enhance the ability to understand, search, and sort zone data in Micetro. - - .. image:: ../../images/zone-flow-custom-properties.png - :width: 65% - - Custom properties appear as individual columns on the DNS page for each zone. - -4. On the **Zone Options** page, you can specify which DNS servers will be notified of changes to the zone and to which servers it is allowed to perform zone transfers. - - .. image:: ../../images/zone-flow-options.png - :width: 65% -5. If DNS **Folders** have been configured in Micetro, the new zone can be added directly to a folder. DNS folders are a neat way to organize zones in Micetro to have a better overview and manageability. For more information about folders, see :ref:`folder-management`. - - .. image:: ../../images/zone-flow-folder.png - :width: 65% - -6. The **Summary** step summarises the configuration for the new zone before it is created. To edit the configuration, go to the respective page of the wizard and make the desired changes. - -Secondary Zone -""""""""""""""" -When creating a secondary zone, you need to specify the zone name and either the IP address or hostname of the primary servers that hold the zone you are creating a secondary copy for. - -Stub Zone -""""""""""" -When creating a stub zone, you must provide the zone name and one or more primary servers for the zone being copied. You can use the toggle control above the text box to turn the address resolution on and off. - -Static-stub Zone +Resource records """""""""""""""" -When creating a static-stub zone, you must provide the zone name and a target DNS server. To configure how to resolve the zone, specify either hostnames or IP addresses on the zone options page. - -Forward zone -"""""""""""" -Forward zones are similar to stub zones. You must provide a zone name and a list of Forward servers as well as at least one target server for where to create the zone. - -Options Template Zone -""""""""""""""""""""""" -The template zone option is available only if an AuthServe DNS server is connected to Micetro. - -Deleting Zones -^^^^^^^^^^^^^^^ - -**To delete a zone from one or more servers**: - -1. Select the zone(s) you want to delete. - -2. Select :guilabel:`Delete zone` on either the :guilabel:`Action` or the Row :guilabel:`...` menu. - -3. The Delete Zone dialog box opens, showing each zone you selected and a list of servers that currently serve that zone. The zone(s) you selected will be deleted from every server that is selected on this list. To keep the zone on a particular server, clear the checkbox for that server. - -4. Click :guilabel:`Delete`. The zone is removed from the servers. - - -Migrating Zones -^^^^^^^^^^^^^^^ - -You can migrate one or more zones from one server to another, including all data in the zone. - -**To migrate a zone**: - -1. Select the zone you want to migrate. - -2. Select :guilabel:`Migrate zone` on either the :guilabel:`Action` or the Row :guilabel:`...` menu. - -3. The Migrate Zone(s) dialog box opens. - -4. Select the DNS service you want to migrate the zone to. +To view the DNS resource records for a particular zone, double-click the zone in the **DNS** data grid or select it and then click :guilabel:`Open` on the page task bar or the Row :guilabel:`...` menu. A list of the zone's resource records is displayed. For more information about DNS resource records, refer to :ref:`dns-records`. -5. If you want to remove the zone from the current service, select the :guilabel:`Remove original zone` checkbox. If the checkbox is left unselected, a copy of the zone is left on the current service. - - -.. _ad-preferred-servers: - -Editing Preferred Servers -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -.. note:: - This option is only available when working with Active Directory (AD) integrated zones. For more information about AD, see :ref:`active-directory`. - -DNS administrators can specify the server to use when opening an AD-integrated zone, as well as the order of servers to use if the first preferred server becomes unavailable. - -1. In the filtering sidebar, select the :guilabel:`AD Integrated`. - -2. Select the zone(s) you'd like to set preferred servers for. - -3. Select :guilabel:`Edit preferred servers` on either the :guilabel:`Action` or the Row :guilabel:`...` menu. - -4. Arrange the order of your servers into the preferred order. The server on the top of the list is tried first, then, if that server is unavailable, the second, and so on. - -5. Click :guilabel:`Save`. - -.. warning:: - If you selected multiple zones, they might have different settings for preferred servers. Saving the configuration will overwrite the previous settings on all selected zones. - - -Editing Zone Properties -^^^^^^^^^^^^^^^^^^^^^^^^ -:ref:`admin-custom-properties` are flexible metadata associated with zones and other object types, allowing you to include details such as contact information for zones, ranges, and records. These properties can be edited. - -**To edit zone properties**: - -1. Select the zone you want to edit and click :guilabel:`Edit Properties` on the toolbar or the Row :guilabel:`...` menu. -2. Make the desired changes and click :guilabel:`Save` to apply them. - -Editing Zone Options on Windows and BIND -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -For Windows and BIND servers you can configure individual settings for a specific zone on each server. - -**To edit zone options for Windows and BIND zones**: - -1. Select the zone(s) for which you want to edit the options. - -2. Select :guilabel:`Edit zone options` on either the :guilabel:`Action` or the Row :guilabel:`...` menu. - -3. In the configuration interface that appears, adjust the settings according to your requirements. - -Windows Zone Options -"""""""""""""""""""" -.. image:: ../../images/zone-options-windows.png - :width: 65% - -* **Dynamic zone** (primary): Specifies whether the zone accepts dynamic updates. If selected, clients can use dynamic DNS updates to update their resource records. -* **Allow insecure updates** (Active Directory): Enable or disable insecure updates for the zone. When enabled, any client can update DNS records without authentication, potentially introducing security risks. -* **Update notifications** (primary, secondary, Active Directory): Specifies which servers should be notified when changes are made to the zone's DNS records. -* **Zone transfers** (primary, secondary, Active Directory): Controls which servers are allowed to receive zone transfers. -* **Forward servers** (forward): Specify the servers to which queries should be forwarded. -* **Primary servers** (stub): Specify the primary servers for the stub zone. - - -BIND Zone Options -""""""""""""""""" - -.. image:: ../../images/zone-options-bind.png - :width: 75% - -By default, the **Show inherited options** checkbox is selected. When selected, any inherited options that are applied to the selected zone are displayed. Inherited options are settings that are propagated from higher-level configurations, either the server or view. You can edit the inherited options by selecting :guilabel:`Override` or select the specific option you wish to modify from the dropdown list. - -To add another entry, click :guilabel:`Add` for the relevant option. - - * **Query restrictions** (primary, secondary, stub, static-stub): Specifies which hosts or IP addresses are allowed to query the DNS zone. - * **Transfer restrictions** (primary, secondary): Transfer restrictions can specify which IP addresses or hosts are permitted to request zone transfers. - * **Update restrictions** (primary): Control who is allowed to dynamically update the DNS records within the zone. - * **Update notifications** (primary, secondary): Specify which servers should receive notifications when changes are made to the zone's DNS records. When dynamic updates occur, servers listed in the update notifications receive notifications to ensure they can synchronize their records accordingly. - * **Response policy** (primary, secondary): Specify whether the zone is a response policy zone. - * **Query forwarding** (forward): Determines how BIND behaves when forwarding queries for the forward zone. The **First - resolve if forwarding fails** option provides a fallback to local resolution if forwarding fails, while the **Only - fail if forwarding fails** option strictly relies on forwarding and does not attempt local resolution if forwarding fails. - - -Raw Configuration of Zone Options (BIND) -"""""""""""""""""""""""""""""""""""""""" -The :guilabel:`Raw Configuration` option is intended for experienced users who have a good understanding of DNS configurations. There you can access and modify raw configuration files directly, granting you control over zone options not available through the GUI. - -Promoting Secondary Zones -^^^^^^^^^^^^^^^^^^^^^^^^^ -The Promote Zone feature makes it possible to change a secondary zone to a primary zone. This might be necessary in emergencies, for example, if the primary zone becomes unavailable for an extended period of time. This feature is only available for DNS Administrators. - -When a secondary zone is promoted, the following actions are performed: - -* Micetro checks whether the most recent copy of the zone is found in its internal database or on the server hosting the secondary zone, and uses the more recent copy. - -* The server hosting the secondary zone is configured so that the zone is saved as a primary zone on the server. - -* The zone history and access privileges from the old primary zone are applied to the new primary zone. - -* The configurations of other instances of the secondary zone are modified so that they will get the updates from the new primary zone. - -**To promote a secondary zone to a primary zone**: - -1. Select the secondary zone. +View history +^^^^^^^^^^^^^ +Select the :guilabel:`View history` option on the :guilabel:`Action` menu to open the **History** dialog, which provides a log of all changes that have been made to the zone, including the following information: -2. Select :guilabel:`Promote to primary` on either the :guilabel:`Action` or the Row :guilabel:`...` menu. - -3. Click :guilabel:`Save` to continue, or :guilabel:`Cancel` to discontinue the process. +* Date and time of the change +* Name of the user who made the change +* Description of the actions performed +* Comments entered by the user when saving changes to objects -View History -^^^^^^^^^^^^^ -The :guilabel:`View history` option on the :guilabel:`Action` menu opens the History window that shows a log of all changes that have been made to the zone, including the date and time of the change, the name of the user who made it, the actions performed, and any comments entered by the user when saving changes to objects. See :ref:`view-change-history`. +For more information, refer to :ref:`view-change-history`. diff --git a/guides/user-manual/managing_dns_zones.rst b/guides/user-manual/managing_dns_zones.rst new file mode 100644 index 00000000..732e01e1 --- /dev/null +++ b/guides/user-manual/managing_dns_zones.rst @@ -0,0 +1,243 @@ +.. meta:: + :description: Instructions for managing DNS zones in Micetro + :keywords: DNS zones, DNS servers + +Managing DNS zones +================== +In Micetro, you can manage all your DNS zones on the **DNS** page. This is the hub for everything from creating new zones to editing zone options to deleting zones. + +.. note:: + This information applies to the Micetro web application. For information about DNS zone management in the M&M Management Console, see :ref:`console-dns-zones`. + +Creating zones +-------------- +To create a new DNS zone: + +1. Click :guilabel:`Create` on the **DNS** page task bar. + +2. Select the zone type. For more information about zone types, refer to :ref:`dns-zone-types`. + + .. image:: ../../images/dns-zone-create.png + :width: 65% + +3. Follow the steps of the wizard. The number of steps will vary based on the zone type and the configuration of Micetro. Refer to the following sections for instructions for each individual zone type: + + * :ref:`primary-zone` + * :ref:`secondary-zone` + * :ref:`stub-zone` + * :ref:`static-stub-zone` + * :ref:`forward-zone` + * :ref:`options-template-zone` + +.. tip:: + You can specify the network address in CIDR format, such as 192.168.1.0/24. Micetro automatically converts this CIDR format into a reverse zone name (0.168.192.in-addr.arpa.). + +.. _primary-zone: + +Primary zone +"""""""""""" +1. Enter a :guilabel:`Zone name` and use the :guilabel:`Primary server`dropdown to select the DNS server where the zone should be created. If xDNS profiles have been created on the instance, you can add the zone directly to an xDNS profile. + + .. image:: ../../images/zone-primary-windows.png + :width: 65% + + * When creating a DNS zone on a Windows Server, you'll encounter two checkboxes: + + * **AD Integrated**: Selecting this option creates an Active Directory-integrated zone, which stores the zone data in Active Directory (AD) and benefits from AD's replication and security features. + * **Dynamic Update**: Selecting this box enables dynamic updates, allowing DNS records to be automatically updated by authorized devices. + + If neither checkbox is selected, the DNS zone will be a standard static zone. + +2. Optional. You can select secondary server(s) to host an identical copy of the zone. The zone files from the primary DNS zone are synced to the secondary zone through a zone transfer. + + .. image:: ../../images/zone-flow-redundancy.png + :width: 65% + +3. If **Custom Properties** have been defined for zones, they can be edited in a separate step. Custom properties provide additional attributes that enhance the ability to understand, search, and sort zone data in Micetro. + + .. image:: ../../images/zone-flow-custom-properties.png + :width: 65% + + Custom properties appear as individual columns on the **DNS** data grid for each zone. + +4. In the **Zone Options** step, you can specify which DNS servers will be notified of changes to the zone and to which servers it is allowed to perform zone transfers. + + .. image:: ../../images/zone-flow-options.png + :width: 65% + +5. If DNS **Folders** have been configured in Micetro, you add the new zone directly to a folder. DNS folders are a neat way to organize zones in Micetro for better management. For more information about folders, refer to :ref:`folder-management`. + + .. image:: ../../images/zone-flow-folder.png + :width: 65% + +6. The **Summary** step summarizes the new zone's configuration before it is created. To edit the configuration, go to the respective step(s) of the wizard and make the desired changes. + +7. Select :guilabel:`Create`. + +.. _secondary-zone: + +Secondary zone +""""""""""""""" +When creating a secondary zone, you must provide the zone name and either the IP address or hostname of the primary servers that hold the zone of which you are creating a secondary copy. + +.. _stub-zone: + +Stub zone +""""""""""" +When creating a stub zone, you must provide the zone name and one or more primary servers for the zone being copied. + +.. _static-stub-zone: + +Static-stub zone +"""""""""""""""" +When creating a static-stub zone, you must provide the zone name and a target DNS server. To configure how the zone should be resolved, specify either hostnames or IP addresses in the :guilabel:`Zone Options` step. + +.. _forward-zone: + +Forward zone +"""""""""""" +Forward zones are similar to stub zones. You must provide a zone name and a list of forward servers, as well as at least one target server where the zone is created. + +.. _options-template-zone: + +Options template zone +""""""""""""""""""""""" +.. note:: + The options template zone type is only available if an AuthServe DNS server is connected to Micetro. + +Migrating zones +--------------- +You can migrate one or more zones from one server to another. Migrating a zone also migrates all data in that zone. + +**To migrate a zone**: + +1. In the **DNS** data grid, select the zone you want to migrate. + +2. Using either the :guilabel:`Action` or the Row :guilabel:`...` menu, select :guilabel:`Migrate zone`. + +3. In the **Migrate Zone(s)** dialog box, select the DNS service to which you want to migrate the zone(s). + +4. If you want to remove the zone from the current service, select the :guilabel:`Remove original zone` checkbox. If the checkbox is left unselected, a copy of the zone is left on the current service. + +5. Select :guilabel:`Migrate`. + +Deleting zones +-------------- +To delete a zone from one or more servers: + +1. In the **DNS** data grid, select the zone(s) you want to delete. + +2. Using either the :guilabel:`Action` or the Row :guilabel:`...` menu, select :guilabel:`Delete zone`. + +3. In the **Delete Zone** dialog box, review the zones you selected and the list of servers that currently serve the zone(s). The zone(s) you selected will be deleted from every server selected from this list. To keep the zone on a particular server, uncheck the checkbox for that server. + +4. Click :guilabel:`Delete`. + +The selected zone(s) is removed from the selected servers. + +Promoting secondary zones +------------------------- +In Micetro, it's possible to change a secondary zone into a primary zone. You might need to do this in an emergency situation, e.g., if the primary zone becomes unavailable for an extended period of time. + +.. note:: + Only a DNS administrator can promote a secondary zone. + +When a secondary zone is promoted, the following actions are performed: + +* Micetro checks whether the most recent copy of the zone in in its internal database or on the server hosting the secondary zone, and uses the more recent copy. + +* The server hosting the secondary zone is configured so that the zone is saved as a primary zone on the server. + +* The zone history and access privileges from the old primary zone are applied to the new primary zone. + +* The configurations of other instances of the secondary zone are modified so they will receive updates from the new primary zone. + +**To promote a secondary zone to a primary zone**: + +1. In the **DNS** data grid, select the secondary zone. + +2. Using the :guilabel:`Action` or the Row :guilabel:`...` menu, select :guilabel:`Promote to primary`. + +3. Click :guilabel:`Save` to continue or :guilabel:`Cancel` to discontinue the process. + +.. _ad-preferred-servers: + +Editing preferred servers +------------------------- +DNS administrators can specify the server to use when opening an Active Directory (AD) integrated zone, as well as the order of servers to use if the first preferred server becomes unavailable. + +.. note:: + This option is only available when working with AD-integrated zones. For more information, refer to :ref:`active-directory`. + +**To edit the preferred server for a zone**: + +1. In the leftmost sidebar, select :guilabel:`AD Integrated`. + +2. In the data grid, select the zone(s) for which you want to set preferred servers. + +3. Using either the :guilabel:`Action` or the Row :guilabel:`...` menu, select :guilabel:`Edit preferred servers`. + +4. Arrange the order of your servers into the preferred order by dragging and dropping. The server at the top of the list is tried first, and then if that server is unavailable the second, and so on. + +5. Click :guilabel:`Save`. + +.. warning:: + If you select multiple zones, they might have different settings for preferred servers. Saving the configuration will overwrite the previous settings on all selected zones. + +Editing zone properties +----------------------- +:ref:`admin-custom-properties` are flexible metadata associated with zones and other object types, allowing you to include details such as contact information for zones, ranges, and records. These properties can be edited. + +**To edit zone properties**: + +1. Select the zone you want to edit and click :guilabel:`Properties` on the task bar or the Row :guilabel:`...` menu. +2. Make the desired changes and click :guilabel:`Save` to apply them. + +Editing zone options on Windows and BIND +---------------------------------------- +For Windows and BIND servers you can configure individual settings for a specific zone on each server. + +**To edit zone options for Windows and BIND zones**: + +1. Select the zone(s) for which you want to edit the options. + +2. Select :guilabel:`Edit zone options` on either the :guilabel:`Action` or the Row :guilabel:`...` menu. + +3. In the configuration interface that appears, adjust the settings according to your requirements. Refer to the appropriate tab below for details specific to Windows and BIND: + +.. tabs:: + + .. tab:: Windows + + .. image:: ../../images/zone-options-windows.png + :width: 65% + + * **Dynamic zone** (primary): Specify whether the zone accepts dynamic updates. If selected, clients can use dynamic DNS updates to update their resource records. + * **Allow insecure updates** (Active Directory): Enable or disable insecure updates for the zone. When enabled, any client can update DNS records without authentication, potentially introducing security risks. + * **Update notifications** (primary, secondary, Active Directory): Specify which servers should be notified when changes are made to the zone's DNS records. + * **Zone transfers** (primary, secondary, Active Directory): Control which servers are allowed to receive zone transfers. + * **Forward servers** (forward): Specify the servers to which queries should be forwarded. + * **Primary servers** (stub): Specify the primary servers for the stub zone. + + .. tab:: BIND + + .. image:: ../../images/zone-options-bind.png + :width: 75% + + * **Show inherited options**: By default, this option is selected and any inherited options applied to the selected zone are displayed. Inherited options are settings propagated from higher-level configurations, either the server or view. You can edit the inherited options by selecting :guilabel:`Override` or select the specific option you wish to modify from the dropdown list. + + To add another entry, click :guilabel:`Add` for the relevant option. + + * **Query restrictions** (primary, secondary, stub, static-stub): Specify which hosts or IP addresses are allowed to query the DNS zone. + * **Transfer restrictions** (primary, secondary): Transfer restrictions can specify which IP addresses or hosts are permitted to request zone transfers. + * **Update restrictions** (primary): Control who is allowed to dynamically update the DNS records within the zone. + * **Update notifications** (primary, secondary): Specify which servers should receive notifications when changes are made to the zone's DNS records. When dynamic updates occur, servers specified in the update notifications field receive notifications to ensure they can synchronize their records accordingly. + * **Response policy** (primary, secondary): Specify whether the zone is a response policy zone. + * **Query forwarding** (forward): Determine how BIND behaves when forwarding queries for the forward zone. + + * **First - resolve if forwarding fails** provides a fallback to local resolution if forwarding fails. + * **Only - fail if forwarding fails** strictly relies on forwarding and does not attempt local resolution if forwarding fails. + + **Raw Configuration of Zone Options (BIND)** + + The :guilabel:`Raw Configuration` tab is intended for experienced users who have a good understanding of DNS configurations. There, you can access and modify raw configuration files directly, granting you control over zone options not available through the GUI. diff --git a/guides/user-manual/webapp_import_dns_records.rst b/guides/user-manual/webapp_import_dns_records.rst index 21efd897..8139b49c 100644 --- a/guides/user-manual/webapp_import_dns_records.rst +++ b/guides/user-manual/webapp_import_dns_records.rst @@ -4,36 +4,33 @@ .. _webapp-import-dns-records: -Importing DNS Records +Importing DNS records ===================== +Micetro enables you to import DNS records so you can manage them in the Web Application. This can be useful if you need to add DNS records in bulk. -DNS Records can be imported into Micetro. - -Prerequisites -------------- - -You must have the necessary permissions to edit records in the zones used in the import. - -For more information about access controls, see :ref:`access-control`. +.. note:: + You must have the necessary permissions to edit records in the zones that are used in the importation. For more information about permissions, refer to :ref:`access-control`. -Import Task ------------ +**To import DNS records**: -The option to import DNS Records is found on the :menuselection:`Action` menu in the list of DNS zones, and allows you to import records into multiple zones simultanously. +1. Use the :menuselection:`Action` menu to select :guilabel:`Import DNS records`, which allows you to import records into multiple zones simultaneously. If you only want to import records into a specific zone, double-click that zone to open it and then use the :menuselection:`Action` menu to select :guilabel:`Import DNS records`. -The :menuselection:`Action --> Import DNS Records` function is also available within a specific zone for importing records into that zone only. +2. In the **Import DNS Records** dialog box, paste in text or drag and drop a a plaintext CSV file into the provided field to import or modify DNS data in bulk. .. image:: ../../images/bulk-import-dns.png :width: 90% :align: center | -DNS Bulk Import Format +Refer to **DNS Bulk Import Format** below for instructions on formatting the DNS data file for import. + +DNS bulk import format ^^^^^^^^^^^^^^^^^^^^^^ +Include the following information formatted as described here in the DNS data file you will use to import DNS records to Micetro. .. note:: Only plaintext CSV/TSV/TXT files are accepted for file selection. Excel spreadsheets must be converted to one of these formats before importing. -Header Line +Header line """"""""""" The first line of the data must be the header line, containing the names of the fields in the following columns. Some fields refer to built-in system fields, while others match the custom properties defined for the object type in question. @@ -43,8 +40,9 @@ The first line of the data must be the header line, containing the names of the Field names in the header line are not case-sensitive. For example, "title" corresponds to the custom property "Title". -Built-in Fields +Built-in fields """"""""""""""" +Built-in system fields include the following: * **action** (default: **Add**): Add, Modify, or Remove. @@ -71,7 +69,7 @@ Built-in Fields * **data** (required): The record's data (IP for A/AAAA, the target A/AAAA record for CNAME, etc.). -* **TTL**: The record's time-to-Live value. Defaults to seconds, but can also be hours (1H), days (2D), weeks (3W), months (4M), or years (5Y). +* **TTL**: The record's time-to-live (TTL) value. Defaults to seconds, but can also be hours (1H), days (2D), weeks (3W), months (4M), or years (5Y). * **comment**: An optional save comment. @@ -79,8 +77,9 @@ Built-in Fields Examples ^^^^^^^^ +Here are a few examples of how to import, modify, and delete DNS records through the bulk import function: -Add Records +Add records """"""""""" Import A record 'viola' to the zone 'illyria.coast': @@ -111,7 +110,7 @@ Import A record 'cesario' to 'olivia.palace', when zone and authority are specif name,type,data,authority,zone cesario.olivia.palace.,A,16.0.2.2,illyria,orsino.palace -Modify Records +Modify records """""""""""""" Modify IP address for the A record 'viola': @@ -135,7 +134,7 @@ Modify IP address *and* TTL for the A record 'viola': action,name,type,data,newdata,ttl modify,viola.illyria.coast.,A,16.0.2.2, 20.21.9.6, 2H -Remove Records +Remove records """""""""""""" Remove A record 'malvolio': diff --git a/images/edit-pencil-icon.png b/images/edit-pencil-icon.png new file mode 100644 index 00000000..93861ab2 Binary files /dev/null and b/images/edit-pencil-icon.png differ diff --git a/images/zone-flow-folder.png b/images/zone-flow-folder.png index f71edd79..e50c858f 100644 Binary files a/images/zone-flow-folder.png and b/images/zone-flow-folder.png differ