Follow

How do I configure Authoritative DNS on an Ecessa appliance?

One to One NAT, Port Forwarding, Inbound Firewall Rules, or a combination will need to be configured to manage the address assignments between the LAN and WANs. These settings are beyond the scope of this article so please check the Product Documentation and other support articles for additional information.

When logged into the web interface, go to Authoritative DNS under Inbound in the left-hand menu. On the Authoritative Name Server Configuration page, select "Enable Authoritative Name Server".

 enableDNS.png

If any load balanced host records need to resolve to local addresses (addresses in the same subnet as WANs configured on the Ecessa appliance) and addresses to a remote site, the "Check Off Site IP addresses" setting can be enabled. The Ecessa appliance will then ping test the off-site addresses used for load balanced records to determine their availalbilty. If ping tests to remote addresses fail, it will be removed from the Load Balanced entry. This setting does not test off-site addresses for Simple Host (A) Records. The following diagram illustrates the process:

 Ecessa_Authoritative_DNS-offsite_testing.png

In this example, the Ecessa appliance pings both the off-site web and FTP servers. The off-site web server responds to the ping while the FTP server does not. As a result, when a client machine sends a DNS request to the Ecessa appliance it will receive the off-site address for the web server but not the FTP server.

Domains Management lists the domains currently configured on the Ecessa appliance. To view or edit the zone information for a domain, click [Configure] to the right of the domain name. To add a domain, click the Add Domain button and then enter the domain name (such as example.com) in the Domain Name field and then click the Activate button at the top of the page. The Sort button will list the domains alphabetically - clicking it multiple times will change the order between ascending and descending.

 domains.png

When adding a new domain, the Start of Authority (SOA) and Name Server (NS) records will be created automatically. By default, the NS names will be ns1 to nsX (X being the number of configured WAN lines) with a corresponding WAN address. Additionally, A records for each WAN will also be created automatically. Any of these records can be removed or altered as necessary. The Ecessa appliance will listen for port 53 (DNS) traffic on any WAN address configured as a name server.

The Time to Live (TTL) of any record can be changed by entering a new value in the Time to Live field for the record then clicking the Activate button. By default, NS records will have a Time to Live (TTL) of 360 seconds or 900 seconds, depending on the firmware version, with the default A records using a TTL of 30 seconds. Newly added A records will have the TTL field blank so users will need to define the Time to Live for each. It is recommended to configure volatile records (Load Balanced Host Records) with low Time to Live values so as to force clients to resend DNS requests. This allows the Ecessa appliance to ensure users are updated in the event a WAN outage occurs.

 

To add a Simple Host (A) Record:

Under the Simple Host Records section click the Add Host button to display a new row. Enter the desired host name. Any host name without a "." at the end will have the domain name appended to it. For example, adding a new A record to the example.com domain and entering a host name of www will result in www.example.com.

A separate host record must be created for each WAN address. For example, if the web server can be reached at 198.51.100.100 and 203.0.113.100 two records will need to be created like so:

 wwwArecords.png

These records will then be associated with a Load Balanced Host Record to supply load balancing and redundancy:

 wwwLBR.png

For more information regarding Load Balanced Host Records please see the article "What are Load Balanced Host Records and how do they work?"

The Mail Entry field differentiates between an A record and an MX record. The CNAME check box differentiates between an A record and a CNAME record. The Reverse DNS check box creates a PTR record associated with the hostname / IP address.

 differentArecords.png

For more information regarding configuration of these and other record types, please see the Knowledge Base's Product Documentation section.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.