User Tools

Site Tools


extensions:teemip-zone-mgmt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
extensions:teemip-zone-mgmt [2021/03/09 15:41] – [Revision History] cnaudextensions:teemip-zone-mgmt [2024/03/28 16:59] (current) – [Revision History] cnaud
Line 1: Line 1:
-{{ classicon_zone.png}}+{{ picto_dnszonemanagement.png}}
 ====== DNS Zone Management ====== ====== DNS Zone Management ======
 ---- dataentry summary ---- ---- dataentry summary ----
 name                : DNS Zone Management name                : DNS Zone Management
-description_wiki    : Adds Zone management features to TeemIp+description_wiki    : Provides zone management features within TeemIp
 index_hidden        : yes index_hidden        : yes
 level_hidden        : 1 level_hidden        : 1
-version             : 2.7.0 +collector_hidden    : no 
-release_dt          : 2020-12-11 +version             : 3.1.1 
-TeemIp              : 2.7+release_dt          : 2023-12-11 
 +TeemIp              : 3.1+ 
 +iTop                : 3.1+
 code                : teemip-zone-mgmt code                : teemip-zone-mgmt
 +localization        : English, French
 state               : stable state               : stable
 diffusion_hidden    : TeemIp wiki diffusion_hidden    : TeemIp wiki
-product_hidden      : included (standalone)+product_hidden      : Included
 module-lists_hidden :  module-lists_hidden : 
-keyword_tags        : dns, zone, domain, records +keyword_tags        : dns, zone 
-dependencies_s      : teemip-ip-mgmt, teemip-ipv6-mgmt, teemip-network-mgmt +dependencies_s      : teemip-framework, teemip-ip-mgmt, teemip-ipv6-mgmt, teemip-network-mgmt 
-download_wiki       : [[https://sourceforge.net/projects/teemip/files/teemip%20-%20extensions/DNS%20Zone%20management/2.7.0/teemip-zone-mgmt-2.7.0-701.zip/download|teemip-zone-mgmt-2.7.0-701.zip]] +download_wiki       : [[https://sourceforge.net/projects/teemip/files/teemip%20-%20extensions/DNS%20Zone%20management/3.1.1/teemip-zone-mgmt-3.1.1-707.zip/download|teemip-zone-mgmt-3.1.1-707.zip]] 
-git hub_wiki        : [[https://github.com/TeemIp/teemip-zone-mgmt|teemip-zone-mgmt]]+github_wiki         : [[https://github.com/TeemIp/teemip-zone-mgmt|teemip-zone-mgmt]] 
 +php-max             : 8.1
 ---- ----
- 
- 
- 
- 
- 
- 
  
  
Line 34: Line 32:
 </note> </note>
 ===== Revision History ===== ===== Revision History =====
-^  Version  ^  Release Date  ^  Comments +^  Version  ^  Release Date   Status  ^  iTop \\ Min  ^  IPAM for iTop \\ Min   Comments  ^ 
-|  2.7.1  |  2021-04-01  | Allow @ in RRs associated to IPs with an empty short name \\ Wildcards can be set on RRs \\ Addresses like claude.monet@demo.com are handled in SOA records \\ Authoritative servers can now be servers or virtual machines \\ Details screen of a subnet displays a tab listing RRs associated to all subnet IPs \\ Align extension structure with new guidelines | +|  3.1.2  |  2024-xx-yy  |  |  |  | Long TXT records are supported. \\ Audits have been grouped under the "DNS management" domain. | 
-|  2.7.0  |  2020-12-11  | Move some DisplayBare methods to iApplicationUIExtension API | +|  **3.1.1**  |  2023-12-11  |  Supported  |  3.1.0  |  3.1.0  | Add Chinese (simplified) translation \\ Background task is not processed when activity status is checked | 
-|  2.6.2  |  2020-06-22 Corrects bug within data file generation | +|  3.1.0  |  2023-06-21  |  Supported  |  3.0.0  |  3.1.0  | New records have been added: CAA, DS, OPENPGPKEY, SSHFP, TLSA as well as a generic record to accommodate other types of records. \\ Resource records attached to IPs may be automatically deleted when the IP become obsolete (released or unassigned, for instance). \\ A new dedicated background task, controlled be configuration parameters, may handle regular cleanup of such records. \\ Authoritative DNS servers can now be Application Solutions, Network Devices and Network Clusters next to Servers and Virtual Machines. | 
-|  2.6.1  |  2020-05-08 Corrects Hostmaster DNS profile \\ Adapts handling of AAAA records to new IPv6 modelization | +|  3.0.1  |  2022-09-09  |  Obsolete  |  2.7.0  |  3.0.1  | Adopt 3.x icon style \\ Enhance overview menu \\ Support classless delegation \\ Add audit rules | 
-|  2.6.0  |  2020-04-14  | Revision compatible with TeemIp 2.6 / iTop 2.7  | +|  3.0.0  |  2022-01-05  |  Obsolete  |  2.7.0  |  3.0.0  | TeemIp / iTop 3.x compatible version | 
-|  1.2.0  |  2019-12-10  | Update resource records from subnets \\ Allow @ in RRs \\ Document authoritative servers | +|  2.7.1  |  2021-04-01   Obsolete    |  2.7.0  |  2.6.0  | Allow @ in RRs associated to IPs with an empty short name \\ Wildcards can be set on RRs \\ Addresses like claude.monet@demo.com are handled in SOA records \\ Authoritative servers can now be servers or virtual machines \\ Details screen of a subnet displays a tab listing RRs associated to all subnet IPs \\ Align extension structure with new guidelines | 
-|  1.1.0  |  2019-09-24  | Management of IP addresses and resource records are now linked | +|  2.7.0  |  2020-12-11   Obsolete  |  2.7.0  |  2.6.0  | Move some DisplayBare methods to iApplicationUIExtension API | 
-|  1.0.0  |  2019-02-09  | Initial revision |+|  2.6.2  |  2020-06-22  Obsolete  |  2.7.0  |  2.6.0  | Correct bug within data file generation | 
 +|  2.6.1  |  2020-05-08  Obsolete  |  2.7.0  |  2.6.0  | Correct Hostmaster DNS profile \\ Adapt handling of AAAA records to new IPv6 modelization | 
 +|  2.6.0  |  2020-04-14   Obsolete  |  2.7.0  |  2.6.0  | Revision compatible with TeemIp 2.6 / iTop 2.7  | 
 +|  1.2.0  |  2019-12-10   Obsolete  |  2.6.0  |  2.4.0  | Update resource records from subnets \\ Allow @ in RRs \\ Document authoritative servers | 
 +|  1.1.0  |  2019-09-24   Obsolete  |  2.6.0  |  2.4.0  | Management of IP addresses and resource records are now linked | 
 +|  1.0.0  |  2019-02-09   Obsolete  |  2.6.0  |  2.4.0  | Initial revision |
  
 ===== Features ===== ===== Features =====
  
 Next to the management of IP and domain spaces, the DNS Zone Management extension allows Hostmasters to manage DNS zones within TeemIp: Next to the management of IP and domain spaces, the DNS Zone Management extension allows Hostmasters to manage DNS zones within TeemIp:
-  * Document Views and manage DNS zones within their respective views,+  * Document Views and manage DNS zones, including classless in-addr.arpa ones, within their respective views,
   * Document authoritative DNS servers,   * Document authoritative DNS servers,
-  * Register DNS Resource Records (A, AAAA, CNAME, MX, NS, PTR, SRV and TXT) in relation with IP addresses or CIs stored in TeemIp,+  * Register DNS Resource Records (A, AAAA, CNAME, MX, NS, PTR, SRVTXT, CAA, DS, OPENPGPKEY, SSHFP and TLSA) in relation with IP addresses or CIs stored in TeemIp CMDB, 
 +  * Document any other type of records through a generic container,
   * Automatically or manually create, update or delete Resource Records when an IP is created, updated or deleted.   * Automatically or manually create, update or delete Resource Records when an IP is created, updated or deleted.
-  * Force creation, update or deletions of Resources Records at subnet level+  * Force creation, update or deletion of Resources Records at subnet level 
 +  * According to configuration parameters, records associated to obsolete IPs may be automatically removed
   * Export zone data or retrieve them through WEB services from DNS master servers.   * Export zone data or retrieve them through WEB services from DNS master servers.
  
 ===== Licensing ===== ===== Licensing =====
-The TeemIp Zone Management extension is licensed under the terms of the GNU Affero General Public License Version 3 as published by the Free Software Foundation. This gives you legal permission to copy, distribute and/or modify TeemIp under certain conditions. Read the ’license.txt’ file in the TeemIp distribution. TeemIp is provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE WARRANTY OF DESIGN, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE.+The TeemIp Zone Management extension is licensed under the terms of the GNU Affero General Public License Version 3 as published by the Free Software Foundation. This gives you legal permission to copy, distribute and/or modify TeemIp Zone Management under certain conditions. Read the ’license.txt’ file in the TeemIp distribution. TeemIp Zone Management is provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE WARRANTY OF DESIGN, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE.
  
 ===== Limitations ===== ===== Limitations =====
Line 67: Line 72:
 Installation on a TeemIp standalone is done with the application itself, through the setup. Installation on a TeemIp standalone is done with the application itself, through the setup.
  
-When adding the module on an iTop application, the process will depends on the iTop version: +When adding the module on an iTop application, use the [[https://wiki.openitop.org/doku.php?id=extensions:installation|Standard installation process]] for extensions.
-  * For iTop 2.4.0 and higher, use the new [[https://wiki.openitop.org/doku.php?id=extensions:installation|Standard installation process]]+
-  * For iTop versions older than 2.3.x, use the [[https://wiki.openitop.org/doku.php?id=extensions:installation#itop_before_240|Special installation process]].+
  
 ===== Configuration ===== ===== Configuration =====
-A parameter, in the Global IP Settings of an organization enables or disables the automatic creation, modification or deletion of DNS records when an IP address is created, modified or deleted.+DNS and Zone management parameters are grouped under the "Domain Information" section of the Global IP Settings of an organization.
  
-^  Name   Type  ^  Allowed values  ^  Default value  ^ +^  Parameter   Type  ^  Allowed values  ^  Default value   Extension  ^  Description  ^ 
-| **Domain Information** |||| +| **Domain Information** |||||
-| Automatically update DNS records | Boolean | Yes / No | No |+| Delegate domains to children organizations only | Boolean |  Yes / No  |  No  | IPAM for iTop | Allow delegation of domains to all organizations or to children organizations only. 
 +| Automatically update DNS records | Boolean |  Yes / No   No  | DNS Zone Management | Enables or disables the automatic creation, modification or deletion of DNS records when an IP address is created, modified or deleted. | 
 +| Remove DNS records from obsolete IPs | Boolean |  Yes / No  |  No  | DNS Zone Management | Remove Resource Records associated to IP addresses that become obsolete. |
  
 ===== DNS Management Menu ===== ===== DNS Management Menu =====
  
-This menu integrate TeemIp right after the IP Management menu. It proposes an overview to the different TeemIp objects that are related to DNS as well as a list of shortcuts to directly acces them.+Once installed, the extension will add a menu group called DNS Management where DNS Objects will be managed from. 
 + 
 +{{ details_menu_dnsmgmt3x.png }} 
 + 
 +<note warning> 
 +The DNS management menu is hidden to the users that don't have the **administrator** profile, the **Hostmaster - DNS** profile or r/o privileges on the Zone objects. 
 +</note> 
 + 
 +The DNS Space menu provides some information on the DNS structural objects and summarizes the different DNS records under 8 badges: 
 +  
 +{{ dashboard_dnsmgmt3x.png }}
  
-{{ overview-dns-mgmt-menu.png }} 
  
 ===== Domains ===== ===== Domains =====
  
-{{classicon_domain.png  }}+{{icons8-active-directory-48.png  }}
  
 These objects modelize the well known domains from the Domain Name Service. These objects modelize the well known domains from the Domain Name Service.
Line 101: Line 115:
 Details of a Domain can be accessed from the specific shortcut available under the DNS Management menu. Details of a Domain can be accessed from the specific shortcut available under the DNS Management menu.
  
-{{ classdetails_domain_zonetab.png }}+{{ classdetails_domain_zonetab3x.png }}
 ===== Views ===== ===== Views =====
  
-{{classicon_view.png  }}+{{icons8-3d-glasses-48.png  }}
  
 TeemIp handles DNS views, the solution offered by DNS to handle different communities of hosts that may require specific DNS answers according to the network where their resolution is requested from. TeemIp handles DNS views, the solution offered by DNS to handle different communities of hosts that may require specific DNS answers according to the network where their resolution is requested from.
Line 117: Line 131:
 Details of a view can be accessed from the specific shortcut available under the DNS Management menu. Details of a view can be accessed from the specific shortcut available under the DNS Management menu.
  
-{{ classdetails_view.png }}+{{ classdetails_view3x.png }}
  
  
Line 131: Line 145:
 This changes the properties tab of an IP address as follows: This changes the properties tab of an IP address as follows:
  
-{{ classdetails_ipv4address_withview.png }}+{{ classdetails_ipv4address_withview3x.png }}
 ===== Zones ===== ===== Zones =====
  
-{{classicon_zone.png  }}+{{icons8-zone-48.png  }}
  
 This is the key object of the DNS world around which everything is built. By definition, the zone is the domain minus what has been delegated from it. This is the key object of the DNS world around which everything is built. By definition, the zone is the domain minus what has been delegated from it.
Line 150: Line 164:
 | **Start Of Authority** ||| | **Start Of Authority** |||
 | Master server | Alphanumeric string | Yes | | Master server | Alphanumeric string | Yes |
-| Hostmaster mailbox | Email address | Yes |+| Hostmaster mailbox | Email address (both formats claude@demo.com or claude.monet@demo.com are supported) | Yes |
 | Serial | Number | Yes | | Serial | Number | Yes |
 | Refresh | Duration (days / hours / minutes /seconds) | Yes | | Refresh | Duration (days / hours / minutes /seconds) | Yes |
Line 159: Line 173:
 === Tabs === === Tabs ===
 ^  Tab  ^  Description  ^ ^  Tab  ^  Description  ^
-| Authoritative servers | All servers from the CMDB that are authoritative for the zone |+| Authoritative servers | All servers (class Application Solution, Network Device, Network Cluster, Server or VirtualMachine) from the CMDB that are authoritative for the zone \\ These can be flagged as Master, Slave, Hidden Master or Hidden Slave |
 | NS records| All the NS records of the zone | | NS records| All the NS records of the zone |
 | A Records | All the A records of the zone | | A Records | All the A records of the zone |
Line 169: Line 183:
 Under the DNS management module, clicking on the "Create a new Zone" button available under the Name Space menu or clicking on the "New" button available with Zones lists will display the Zone creation form: Under the DNS management module, clicking on the "Create a new Zone" button available under the Name Space menu or clicking on the "New" button available with Zones lists will display the Zone creation form:
  
-{{ classcreate_zone.png }} +{{ classcreate_zone3x.png }}
- +
-=== Specific actions === +
-== Display data file ==+
  
 +=== Displaying data file ===
 TeemIp DNS Zone Management allows you to generate zones data files. These text files follow the format defined by BIND and can be used as zone master data files in BIND master servers. A zone file can be sorted by records or by alphabetical order. TeemIp DNS Zone Management allows you to generate zones data files. These text files follow the format defined by BIND and can be used as zone master data files in BIND master servers. A zone file can be sorted by records or by alphabetical order.
  
 From the detailed menu of a zone, click on the "Display data file" action: From the detailed menu of a zone, click on the "Display data file" action:
  
-{{ details-popup-menu-zonedisplaydata.png }}+{{ details-popup-menu-zonedisplaydata3x.png }}
  
 Output file will be displayed in a text box and can easily be copied and pasted to be used within a name servers. Output file will be displayed in a text box and can easily be copied and pasted to be used within a name servers.
  
-{{ details-zone-data-file.png }}+{{ details-zone-data-file3x.png }}
  
 <note tip> <note tip>
-Zone files can be programmatically retrieved through TeemIp REST/JSON web services. Pleaserefer to the related [[2_x:integrate:rest_json#operationteemip_get_zone_file| wiki page]] for further details.+Zone data files can be retrieved through a specific WEB serviceas documented in the [[2_x:integrate:rest_json#operationteemip_get_zone_file|REST/JSON chapter]]. This feature can be used from a DNS server to build its master data files for the zones it handles.
 </note> </note>
  
-== WEB Service ==+===== Classless Reverse Delegation ===== 
 +The TeemIp Zone Management extension handles classless delegations for IPv4 reverse zones. It implements a method that is widely described in the DNS literature. The following lines explain you how to handle it.
  
-Zone data files can be retrieved through specific WEB serviceas documented in the [[2_x:integrate:rest_json#operationteemip_get_zone_file|REST/JSON chapter]]. This feature can be used from DNS server to build its master data files for the zones it handles.+As the owner of standard class C reverse zone (like for instance the zone 54.205.3.in-addr.arpa.)you may decide to delegate the management of a subset of if, ie let a third party manage the PTR records of a contiguous subset of IP Addresses contained in the class C (say, 3.205.54.0 to 3.205.54.127). 
 +  * First of all, you need to set the delegation of the classless zone in its parent class C reverse zone. This is standard delegation : 
 +    {{ classdetails_classless_delegation.png }}{{ classdetails_classless_delegation_2.png }} 
 +  * Within the class C reverse zone, a CNAME record has to be created for every PTR that should be handled by the classless zone, like: 
 +    {{ classdetails_classless_cname.png }} 
 +  * Create the classless zone : 
 +    {{ classdetails_classless_zone.png }} 
 +  * And finally, create a PTR record for each of the IP addresses that the classless zone should handle: 
 +    {{ classdetails_classless_ptr.png }}
 ===== DNS Resource Records ===== ===== DNS Resource Records =====
-TeemIp handles the most commonly used DNS Resource Records: A, AAAA, CNAME, MX, NS, PTR, SRV and TXT. These are implemented through standard objects and belong to the data model. They all share the same following attributes:+TeemIp handles the most commonly used DNS Resource Records: A, AAAA, CNAME, MX, NS, PTR, SRV and TXT, plus a set of security dedicated Records: CAA, DS, OPENPGPKEY, SSHFP and TLSA as well as a generic record container to register any other type of Record. These are implemented through standard objects and belong to the data model. They all share the same following attributes:
  
 ^  Name  ^  Type  ^  Mandatory?  ^ ^  Name  ^  Type  ^  Mandatory?  ^
Line 207: Line 228:
  
 <note tip> <note tip>
-RR Name attribute accepts the '**@**' character to denote the current origin, i.e. the name of the zone the RR belongs to.+RR Name attribute accepts: \\ 
 +the '** @ **' character to denote the current origin, i.e. the name of the zone the RR belongs to \\ 
 +- the wildcard '** * **' character 
 </note> </note>
 ==== A Records ==== ==== A Records ====
-{{classicon_arecord.png  }} +{{icons8-rj45-48.png  }} 
 This object is used to document the IPv4 Address record. This object is used to document the IPv4 Address record.
  
Line 217: Line 240:
 | Organization | Foreign key to a(n) Organization | Yes | | Organization | Foreign key to a(n) Organization | Yes |
 | Zone | Foreign key to a(n) Zone | Yes | | Zone | Foreign key to a(n) Zone | Yes |
-| RR Name | Alphanumeric string  | Yes |+| RR Name | Alphanumeric string (@ and *.<domain> accepted) | Yes |
 | Overwrite zone TTL | Yes or No | No | | Overwrite zone TTL | Yes or No | No |
 | TTL | d/h/m/s | N/A | | TTL | d/h/m/s | N/A |
 | IPv4 Address | Foreign key to a(n) IPv4 Address | Yes | | IPv4 Address | Foreign key to a(n) IPv4 Address | Yes |
-| Comment | Multiline character string  | No |+| Comment | Alphanumeric string | No |
  
 === Details === === Details ===
 Details of a A Record can be accessed from the specific "A" shortcut menu of the DNS Management module. Details of a A Record can be accessed from the specific "A" shortcut menu of the DNS Management module.
  
-{{ classdetails_arecord.png }}+{{ classdetails_arecord3x.png }} 
 ==== AAAA Records ==== ==== AAAA Records ====
-{{classicon_aaaarecord.png  }} +{{icons8-rj45v6-48.png  }} 
 This object is used to document the IPv6 Address record. This object is used to document the IPv6 Address record.
  
Line 235: Line 259:
 | Organization | Foreign key to a(n) Organization | Yes | | Organization | Foreign key to a(n) Organization | Yes |
 | Zone | Foreign key to a(n) Zone | Yes | | Zone | Foreign key to a(n) Zone | Yes |
-| RR Name | Alphanumeric string  | Yes |+| RR Name | Alphanumeric string (@ and *.<domain> accepted)  | Yes |
 | Overwrite zone TTL | Yes or No | No | | Overwrite zone TTL | Yes or No | No |
 | TTL | d/h/m/s | N/A | | TTL | d/h/m/s | N/A |
 | IPv6 Address | Foreign key to a(n) IPv6 Address | Yes | | IPv6 Address | Foreign key to a(n) IPv6 Address | Yes |
-| Comment | Multiline character string  | No |+| Comment | Alphanumeric string | No |
  
 === Update === === Update ===
 An AAAA record may be updated from the detailed view of the object. An AAAA record may be updated from the detailed view of the object.
-{{ classupdate_aaaarecord.png }}+{{ classupdate_aaaarecord3x.png }} 
 +==== CAA Records ==== 
 +{{icons8-public-safety.png  }}  
 +This object is used to specify which Certificate Authorities (CAs) are allowed to issue certificates for the domain defined by the RR name. 
 + 
 +=== Properties === 
 +^  Name  ^  Type  ^  Mandatory? 
 +| Organization | Foreign key to a(n) Organization | Yes | 
 +| Zone | Foreign key to a(n) Zone | Yes | 
 +| RR Name | Alphanumeric string (@ and *.<domain> accepted) | Yes | 
 +| Overwrite zone TTL | Yes or No | No | 
 +| TTL | d/h/m/s | N/A | 
 +| Flag | Integer | Yes | 
 +| Tag | Possible values: Iodef, Issue, Issue Wild | 
 +| Value | Strings associated with tags | 
 +| Comment | Alphanumeric string | No | 
 + 
 +=== Creation === 
 +A new CAA record may be created from the specific "CAA" shortcut menu of the DNS Management module.  
 +{{ classcreate_caarecord3x.png }} 
 + 
 ==== CNAME Records ==== ==== CNAME Records ====
-{{classicon_cnamerecord.png  }} +{{icons8-duplicate-48.png  }} 
 This object is used to document the Canonical Name record. This object is used to document the Canonical Name record.
  
Line 252: Line 297:
 | Organization | Foreign key to a(n) Organization | Yes | | Organization | Foreign key to a(n) Organization | Yes |
 | Zone | Foreign key to a(n) Zone | Yes | | Zone | Foreign key to a(n) Zone | Yes |
-| RR Name | Alphanumeric string  | Yes |+| RR Name | Alphanumeric string (@ and *.<domain> accepted) | Yes |
 | Overwrite zone TTL | Yes or No | No | | Overwrite zone TTL | Yes or No | No |
 | TTL | d/h/m/s | N/A | | TTL | d/h/m/s | N/A |
 | CNAME | Alphanumeric string | Yes | | CNAME | Alphanumeric string | Yes |
-| Comment | Multiline character string  | No |+| Comment | Alphanumeric string | No |
  
 === Creation === === Creation ===
 A new CNAME record may be created from the specific "CNAME" shortcut menu of the DNS Management module.  A new CNAME record may be created from the specific "CNAME" shortcut menu of the DNS Management module. 
-{{ classcreate_cnamerecord.png }} +{{ classcreate_cnamerecord3x.png }} 
-==== MX Records ===== + 
-{{classicon_mxrecord.png  }} +==== DS Records ==== 
 +{{icons8-signature.png  }}  
 +This object is used to document Delegation Signer (DS) records required by DNSSEC to allow the transfer of trust from a parent zone to a child zone. 
 + 
 +=== Properties === 
 +^  Name  ^  Type  ^  Mandatory? 
 +| Organization | Foreign key to a(n) Organization | Yes | 
 +| Zone | Foreign key to a(n) Zone | Yes | 
 +| RR Name | Alphanumeric string  (@ and *.<domain> accepted) | Yes | 
 +| Overwrite zone TTL | Yes or No | No | 
 +| TTL | d/h/m/s | N/A | 
 +| Key tag | A short numeric value which can help quickly identify the referenced DNSKEY-record | No | 
 +| Algorithm | The algorithm of the referenced DNSKEY-record | No | 
 +| Digest Type | Cryptographic hash algorithm used to create the Digest value | No | 
 +| Digest | A cryptographic hash value of the referenced DNSKEY-record |Yes | 
 +| Comment | Alphanumeric string | No | 
 + 
 +=== Details === 
 +Details of a DS Record can be accessed from the specific “DS” shortcut menu of the DNS Management module.  
 +{{ classdetails_dsrecord3x.png }} 
 + 
 +==== MX Records ==== 
 +{{icons8-mail-48.png  }} 
 This object is used to document the Mail Exchanger record. This object is used to document the Mail Exchanger record.
  
Line 269: Line 336:
 | Organization | Foreign key to a(n) Organization | Yes | | Organization | Foreign key to a(n) Organization | Yes |
 | Zone | Foreign key to a(n) Zone | Yes | | Zone | Foreign key to a(n) Zone | Yes |
-| RR Name | Alphanumeric string  | Yes |+| RR Name | Alphanumeric string  (@ and *.<domain> accepted) | Yes |
 | Overwrite zone TTL | Yes or No | No | | Overwrite zone TTL | Yes or No | No |
 | TTL | d/h/m/s | N/A | | TTL | d/h/m/s | N/A |
 | Preference | Integer | No | | Preference | Integer | No |
 | Exchange Server | Alphanumeric string | Yes | | Exchange Server | Alphanumeric string | Yes |
-| Comment | Multiline character string  | No |+| Comment | Alphanumeric string | No |
  
 === Details === === Details ===
 Details of a MX Record can be accessed from the specific “MX” shortcut menu of the DNS Management module.  Details of a MX Record can be accessed from the specific “MX” shortcut menu of the DNS Management module. 
-{{ classdetails_mxrecord.png }} +{{ classdetails_mxrecord3x.png }} 
-==== NS Records ===== + 
-{{classicon_nsrecord.png  }} +==== NS Records ==== 
 +{{icons8-server.svg  }} 
 This object is used to document the Name Server record. This object is used to document the Name Server record.
  
Line 287: Line 355:
 | Organization | Foreign key to a(n) Organization | Yes | | Organization | Foreign key to a(n) Organization | Yes |
 | Zone | Foreign key to a(n) Zone | Yes | | Zone | Foreign key to a(n) Zone | Yes |
-| RR Name | Alphanumeric string  | Yes |+| RR Name | Alphanumeric string (@ and *.<domain> accepted) | Yes |
 | Overwrite zone TTL | Yes or No | No | | Overwrite zone TTL | Yes or No | No |
 | TTL | d/h/m/s | N/A | | TTL | d/h/m/s | N/A |
 | Name Server | Alphanumeric string | Yes | | Name Server | Alphanumeric string | Yes |
-| Comment | Multiline character string  | No |+| Comment | Alphanumeric string | No |
  
 === Details === === Details ===
 Details of a NS Record can be accessed from the specific “NS” shortcut menu of the DNS Management module.  Details of a NS Record can be accessed from the specific “NS” shortcut menu of the DNS Management module. 
-{{ classdetails_nsrecord.png }} +{{ classdetails_nsrecord3x.png }} 
-==== PTR Records ===== + 
-{{classicon_ptrrecord.png  }} +==== OPENPGPKEY records ==== 
 +{{icons8-secured-mail.svg  }}  
 +This object is used to document the OPENPGPKEY record. Such record stores the OpenPGP public keys used to encrypt or sign email messages and files.  
 + 
 +=== Properties === 
 +^  Name  ^  Type  ^  Mandatory? 
 +| Organization | Foreign key to a(n) Organization | Yes | 
 +| Zone | Foreign key to a(n) Zone | Yes | 
 +| RR Name | Alphanumeric string | Yes | 
 +| Overwrite zone TTL | Yes or No | No | 
 +| TTL | d/h/m/s | N/A | 
 +| OpenPGP Public Key | Multiline character string | Yes | 
 +| Comment | Alphanumeric string | No | 
 + 
 +=== Creation === 
 +A new OPENPGPKEY record may be created from the specific "OPENPGPKEY" shortcut menu of the DNS Management module.  
 +{{ classcreate_openpgpkeyrecord3x.png }} 
 + 
 +==== PTR Records ==== 
 +{{icons8-hand-right-48.png  }} 
 This object is used to document the Pointer record. This object is used to document the Pointer record.
  
Line 304: Line 391:
 | Organization | Foreign key to a(n) Organization | Yes | | Organization | Foreign key to a(n) Organization | Yes |
 | Zone | Foreign key to a(n) Zone | Yes | | Zone | Foreign key to a(n) Zone | Yes |
-| RR Name | Alphanumeric string  | Yes |+| RR Name | Alphanumeric string (compliant with IPv4 or IPv6 reverse format) | Yes |
 | Overwrite zone TTL | Yes or No | No | | Overwrite zone TTL | Yes or No | No |
 | TTL | d/h/m/s | N/A | | TTL | d/h/m/s | N/A |
 | Hostname | Alphanumeric string | Yes | | Hostname | Alphanumeric string | Yes |
-| Comment | Multiline character string  | No |+| Comment | Alphanumeric string | No |
  
 === Details === === Details ===
 Details of a NS Record can be accessed from the specific “NS” shortcut menu of the DNS Management module.  Details of a NS Record can be accessed from the specific “NS” shortcut menu of the DNS Management module. 
-{{ classdetails_ptrrecord1.png }} +{{ classdetails_ptrrecord1_3x.png }} 
-{{ classdetails_ptrrecord2.png }} +{{ classdetails_ptrrecord2_3x.png }} 
-==== SRV Records ===== + 
-{{classicon_srvrecord.png  }} +==== SSHFP Records ==== 
 +{{icons8-fingerprint.svg  }}  
 +This object is used to document the Secure Shell fingerprint records, a type of resource record which identifies SSH keys associated with a host name. 
 + 
 +=== Properties === 
 +^  Name  ^  Type  ^  Mandatory? 
 +| Organization | Foreign key to a(n) Organization | Yes | 
 +| Zone | Foreign key to a(n) Zone | Yes | 
 +| RR Name | Alphanumeric string | Yes | 
 +| Overwrite zone TTL | Yes or No | No | 
 +| TTL | d/h/m/s | N/A | 
 +| Algorithm | Integer | No | 
 +| Digest Type| Integer | No | 
 +| Fingerprint | Alphanumeric string | Yes | 
 +| Comment | Alphanumeric string | No | 
 + 
 +=== Details === 
 +Details of a SSHFP record can be accessed from the specific "SSHFP" shortcut menu of the DNS Management module.  
 +{{ classdetails_sshfprecord3x.png }} 
 + 
 +==== SRV Records ==== 
 +{{icons8-service.svg  }} 
 This object is used to document the Locate Services record. This object is used to document the Locate Services record.
  
Line 322: Line 430:
 | Organization | Foreign key to a(n) Organization | Yes | | Organization | Foreign key to a(n) Organization | Yes |
 | Zone | Foreign key to a(n) Zone | Yes | | Zone | Foreign key to a(n) Zone | Yes |
-| RR Name | Alphanumeric string  | Yes |+| RR Name | Alphanumeric string | Yes |
 | Overwrite zone TTL | Yes or No | No | | Overwrite zone TTL | Yes or No | No |
 | TTL | d/h/m/s | N/A | | TTL | d/h/m/s | N/A |
Line 329: Line 437:
 | Port | Integer | No | | Port | Integer | No |
 | Target| Alphanumeric string | Yes | | Target| Alphanumeric string | Yes |
-| Comment | Multiline character string  | No |+| Comment | Alphanumeric string | No |
  
 === Creation === === Creation ===
 A new SRV record may be created from the specific "SRV" shortcut menu of the DNS Management module.  A new SRV record may be created from the specific "SRV" shortcut menu of the DNS Management module. 
-{{ classcreate_srvrecord.png }} +{{ classcreate_srvrecord3x.png }} 
-==== TXT Records ===== + 
-{{classicon_txtrecord.png  }} +==== TLSA Records ==== 
 +{{icons8-certificate.svg  }}  
 +This object is used to document the TLSA records which hold Certificate Association data. They specify the keys used in a domain's TLS servers.  
 + 
 +=== Properties === 
 +^  Name  ^  Type  ^  Mandatory? 
 +| Organization | Foreign key to a(n) Organization | Yes | 
 +| Zone | Foreign key to a(n) Zone | Yes | 
 +| RR Name | Alphanumeric string | Yes | 
 +| Overwrite zone TTL | Yes or No | No | 
 +| TTL | d/h/m/s | N/A | 
 +| Certificate Usage | Integer | No | 
 +| Selector | Integer | No | 
 +| Matching Type | Integer | No | 
 +| Certificate Association Data | Alphanumeric string | Yes | 
 +| Comment | Alphanumeric string | No | 
 + 
 +=== Details === 
 +Details of a TLSA record can be accessed from the specific "TLSA" shortcut menu of the DNS Management module.  
 +{{ classdetails_tlsarecord3x.png }} 
 + 
 + 
 +==== TXT Records ==== 
 +{{icons8-signing-a-document-48.png  }} 
 This object is used to document the Text record. This object is used to document the Text record.
  
Line 342: Line 473:
 | Organization | Foreign key to a(n) Organization | Yes | | Organization | Foreign key to a(n) Organization | Yes |
 | Zone | Foreign key to a(n) Zone | Yes | | Zone | Foreign key to a(n) Zone | Yes |
-| RR Name | Alphanumeric string  | Yes |+| RR Name | Alphanumeric string  (@ and *.<domain> accepted) | Yes |
 | Overwrite zone TTL | Yes or No | No | | Overwrite zone TTL | Yes or No | No |
 | TTL | d/h/m/s | N/A | | TTL | d/h/m/s | N/A |
 | Text| Alphanumeric string | Yes | | Text| Alphanumeric string | Yes |
-| Comment | Multiline character string  | No |+| Comment | Alphanumeric string | No |
  
 === Update === === Update ===
 A TXT record may be updated from the detailed view of the object.  A TXT record may be updated from the detailed view of the object. 
-{{ classupdate_txtrecord.png }}+{{ classupdate_txtrecord3x.png }} 
 + 
 +==== Generic Records ==== 
 +{{icons8-music-record.svg  }}  
 +Most popular or usefull DNS resource records have been documented in TeemIp. However, in the case where Hostmasters need to do document other types of records, a generic class has been created. It enables the raw edition of any type of records by opening to edition the whole payload of a DNS resource record. 
 + 
 +=== Properties === 
 +^  Name  ^  Type  ^  Mandatory? 
 +| Organization | Foreign key to a(n) Organization | Yes | 
 +| Zone | Foreign key to a(n) Zone | Yes | 
 +| RR Name | Alphanumeric string  (@ and *.<domain> accepted) | Yes | 
 +| Overwrite zone TTL | Yes or No | No | 
 +| TTL | d/h/m/s | N/A | 
 +| Type | Foreign key to a(n) Resource Record Type | Yes | 
 +| Payload | Alphanumeric string | No | 
 +| Comment | Alphanumeric string | No | 
 + 
 +=== Details === 
 +A Generic record may be displayed from the specific “GENERIC” shortcut menu of the DNS Management module.  
 +{{ classdetails_genericrecord3x.png }} 
 + 
 +Resource Record types are typological elements. They are managed from the "IP space typology configuration" section of the main "Data administration" menu. 
 +{{ classlist_resourcerecordtype.png }}
  
 ==== Link with IP Addresses ==== ==== Link with IP Addresses ====
Line 356: Line 509:
 There is an obvious link between IP addresses and DNS records: an IP has a FQDN and aliases may point to that FQDN. As a consequence, A / AAAA, PTR and CNAME records may be associated with IPs. This is what the extension does by adding a "DNS Records" tab to IP Address objects. There is an obvious link between IP addresses and DNS records: an IP has a FQDN and aliases may point to that FQDN. As a consequence, A / AAAA, PTR and CNAME records may be associated with IPs. This is what the extension does by adding a "DNS Records" tab to IP Address objects.
  
-{{ classdetails_ipv4address_dnsrecords.png }}+{{ classdetails_ipv4address_dnsrecords3x.png }}
  
 The resource records associated to an IP address can be manually created, updated or deleted from the specific actions listed under the "Other Actions". The resource records associated to an IP address can be manually created, updated or deleted from the specific actions listed under the "Other Actions".
  
-{{ classdetails_ipv4address_dnsrecords_actions.png }}+{{ classdetails_ipv4address_dnsrecords_actions3x.png }}
  
 <note tip> <note tip>
 If enabled from the "Automatically update DNS records" parameter set in the Global IP Settings of a given organization, the DNS records can be as well automatically created, modified or deleted when an IP address is created, modified or deleted. If enabled from the "Automatically update DNS records" parameter set in the Global IP Settings of a given organization, the DNS records can be as well automatically created, modified or deleted when an IP address is created, modified or deleted.
 </note> </note>
 +
 +==== Link with IP Subnet ====
 +
 +A "DNS Records" tab within subnets' details screen lists the DNS records of all the IP addresses that belong to the subnet.
 +
 +{{ classdetails_ipv6subnet_dnsrecords3x.png }}
 +
 +===== Audit Rules =====
 +Starting with revision 3.0.1, audit rules are embedded within the extension. Here is the list.
 +
 +==== Master server of Zone is not an authoritative server ====
 +This rule checks that, for a given zone, the master server, ie the one defined within the SOA record, is set as authoritative and master servers for the zone.
 +
 +{{ classdetails_zone_audit1.png }}
 +
 +{{ classdetails_zone_audit2.png }}
 +
 +==== One server in NS Record of Zone is not an authoritative server ====
 +This rule checks that, for a given zone, all servers that appear in the NS record list are set as authoritative servers for the zone. 
 +
 +{{ classdetails_zone_audit21.png }}
 +
 +{{ classdetails_zone_audit22.png }}
 +
 ===== User Profiles ===== ===== User Profiles =====
-The TeemIp DNS Zone Management extension brings a new profile dedicated to the management of DNS objects: domains, zones, views and associated resource records: "Hostmaster - DNS", a "Person handling the DNS space". It has all rights on the DNS objects. +The TeemIp DNS Zone Management extension brings a new profile dedicated to the management of DNS objects: domains, zones, views and associated resource records: "**Hostmaster - DNS**", a "**Person handling the DNS space**". It has all rights on the DNS objects. 
  
-{{ classdetails_DNSprofile.png }}+{{ classdetails_DNSprofile3x.png }}
  
 This profile extends capabilities and must be used together with other profiles like ConfigurationManager. This profile extends capabilities and must be used together with other profiles like ConfigurationManager.
extensions/teemip-zone-mgmt.1615300910.txt.gz · Last modified: 2021/03/09 15:41 by cnaud