Skip to content

DNS Service Overview

CyberEdge DNS provides the management of DNS zones, including Master, Forward and Slave zones.

As a Master DNS server, CyberEdge stores and manages authoritative DNS records, acting as the primary source of truth for domain data.

Forward zones enable the forwarding of DNS queries to designated upstream servers, allowing CyberEdge to serve as an intermediary for specific domains.

Slave zones replicate DNS records from a Master server to the CyberEdge, enhancing redundancy and load balancing.

Configure DNS Service

To enable network zones to access the CyberEdge DNS service, administrators need to configure appropriate access controls. This includes defining the network zones which are permitted to query the CyberEdge DNS service. Using access lists, administrators can ensure that only authorized network zones can interact with the DNS service, enhancing network security. To control access to the CyberEdge DNS service navigate to;

  1. Service > DNS > DNS Service
  2. In Network Zone, ensure any zones requiring access to the CyberEdge DNS service are selected
  3. Set the DNSSEC Validation required. (Recommended: Do Not Validate). See DNSSEC for more information regarding validation options
  4. Click "Save" and "Apply" changes

Note

  • Applying changes to a CyberEdge DNS configuration will result in a service to restart, potentially leading to a brief disruption of DNS requests
  • By default, the local zone is always configured to access the CyberEdge DNS service. This configuration is necessary to ensure that localnetwork.zone domains can resolve properly, including the authentication captive portal

Important tip

Newly created network zones are NOT automatically added to the DNS service ACL list. To add a newly created zone to access CyberEdge DNS, go to Services > DNS > DNS service and add the newly created network zone.

Configure Local DNS Master Zones

A DNS master zone is a component of the Domain Name System (DNS), responsible for storing authoritative DNS records for a specific domain. The master zone contains all resource records, such as A, AAAA, CNAME, MX, and TXT records, which map domain names to IP addresses and provide various domain-specific information. When changes are made, the master DNS server propagates the updated information to secondary DNS servers, which then serve as replicas to enhance redundancy and load balancing. This hierarchical structure ensures that DNS queries are resolved efficiently, with the master zone being the ultimate source of truth for the domain's DNS data. To create a master zone for your domain navigate to;

  1. Service > DNS
  2. Click "Add"
  3. Enter the following;
    • Domain Name: The root domain name to create a master DNS record
    • Description: The description for the DNS record
    • Primary Nameserver: The primary (SOA) name server for the zone
    • Maintainer Email: The email address for the domain administrator
    • Negative Cache TTL: The TTL of an empty DNS request: If records change frequently, a shorter TTL of 1 hour is recommended. Default: 1day
    • Refresh Interval: The interval for which secondary DNS servers will receive updates. Default: 30Mins
    • Retry Interval: How frequently the secondary server will retry in the event it did not receive a response. Default: 5Mins
    • Expiry Interval: The expiry time of the DNS record when the master server cannot be contacted after a record become stale. Default: 1Week
  4. Click "Save" and "Apply" changes

The DNS entry will be created.

Add a DNS Nameserver Record

DNS nameserver record types are important components of the Domain Name System, each serving a specific purpose in mapping domain names to their corresponding data. Outlined below are the DNS record options available on the CyberEdge.

  • A Record: Maps a domain name to an IPv4 address
  • AAAA Record: Maps a domain name to an IPv6 address
  • CNAME Record: Creates an alias, pointing one domain name to another domain name
  • MX Record: Specifies the mail server responsible for receiving email on behalf of a domain
  • TXT Record: Holds arbitrary text data, often used for domain verification, email security (like SPF, DKIM), and other purposes
  • NS Record: Specifies the authoritative DNS servers for the domain
  • SOA Record: Provides administrative information about the zone, including the primary name server, email of the domain administrator, domain serial number, and timers for refreshing the zone
  • PTR Record: Maps an IP address to a domain name, primarily used for reverse DNS lookups

Each record type serves a unique function in the DNS infrastructure, ensuring the proper routing and handling of internet traffic.

Create/Edit an A Record (IPv4)

An A record maps a domain name to an IPv4 address. To create an A record for a domain configured in the master zone, navigate to;

  1. Service > DNS > Local DNS Master Zones > Domain > Edit
  2. In records, Click "Add" and select "A Record"
  3. Enter the following;
    • Record Name: The domain name to be mapped to an IP address. eg. example.com
    • IPv4 Address: The IPv4 Address for the record name to resolve it
    • Description: The description for the A record
    • TTL: The time to live (TTL) of the DNS record. Default: 1Hour
  4. Click "Save" and "Apply" changes text

Create/Edit an AAAA Record (IPv6)

An AAAA record maps a domain name to an IPv6 address. To create an AAAA record for a domain configured in the master zone, navigate to;

  1. Service > DNS > Local DNS Master Zones > Domain > Edit
  2. In records, Click "Add" and select "AAAA Record"
  3. Enter the following;
    • Record Name: The domain name to be mapped to an IP address. eg. example.com
    • IPv6 Address: The IPv6 Address for the record name to resolve it
    • Description: The description for the AAAA record
    • TTL: The time to live (TTL) of the DNS record. Default: 1Hour
  4. Click "Save" and "Apply" changes

Create/Edit a CNAME Record

A CNAME record is used to create an alias, pointing one domain name to another domain name. To create a CNAME record for a domain configured in the master zone, navigate to;

  1. Service > DNS > Local DNS Master Zones > Domain > Edit
  2. In records, Click "Add" and select "CNAME Record"
  3. Enter the following;
    • Record Name: The domain name to be mapped to an IP address. eg. example.com
    • Canonical Name: The target domain name of the CNAME alias
    • Description: The description for the CNAME record
    • TTL: The time to live (TTL) of the DNS record. Default: 1Hour
  4. Click "Save" and "Apply" changes

Create/Edit an MX Record

An MX (Mail Exchange) record identifies the mail server responsible for receiving and processing email for a domain, directing email traffic to the appropriate server. To create a MX record for a domain configured in the master zone, navigate to;

  1. Service > DNS > Local DNS Master Zones > Domain > Edit
  2. In records, Click "Add" and select "MX Record"
  3. Enter the following;
    • Record Name: The domain name to be mapped to an IP address. eg. example.com
    • Mail Server: The domain name for the target mail server
    • Priority: The priority order determines which mail servers are used first, with lower numbers indicating higher priority. Default: 10
    • Description: The description for the MX record
    • TTL: The time to live (TTL) of the DNS record. Default: 1Hour
  4. Click "Save" and "Apply" changes

Create/Edit a TXT Record

A TXT (Text) record in DNS stores text information for a domain, often used for purposes such as domain ownership verification, and other custom data needed by various services. To create a TXT record for a domain configured in the master zone, navigate to;

  1. Service > DNS > Local DNS Master Zones > Domain > Edit
  2. In records, Click "Add" and select "TXT Record"
  3. Enter the following;
    • Record Name: The domain name to be mapped to an IP address. eg. example.com
    • Record Content: A string of text and can be up to 255 characters per segment, with multiple segments allowed. This must quoted with double quotation marks. eg. "google-site-verification=abc123xyz"
    • Description: The description for the TXT record
    • TTL: The time to live (TTL) of the DNS record. Default: 1Hour
  4. Click "Save" and "Apply" changes

Create/Edit a PTR Record

A PTR (Pointer) record is utilized for reverse DNS lookups, mapping an IP address to its corresponding domain name. Unlike A or AAAA records, which map domain names to IP addresses, PTR records provide the hostname associated with a given IP address. To create a PTR record for a domain configured in the master zone, navigate to;

  1. Service > DNS > Local DNS Master Zones > Domain > Edit
  2. In records, Click "Add" and select "PTR Record"
  3. Enter the following;
    • Record Name: The domain name to be mapped
    • Domain Name: The domain name the record should resolve to
    • Description: The description for the TXT record
    • TTL: The time to live (TTL) of the DNS record. Default: 1Hour
  4. Click "Save" and "Apply" changes

PTR records can be complex. Below is a simple example of the best way to configure a PTR record. In this example, a reverse lookup for 8.8.4.4 will return actuallynotgoogle.com.

  1. Create a new zone for 4.8.8.in-addr.arpa.
  2. Next, within the zone, create a PTR record for 4 with a domain of actuallynotgoogle.com

Create/Edit an SRV Record

SRV (Service) records specify the location of servers for specific services. They provide information about the hostname, port number, and priority for services such as LDAP, enabling clients to discover and connect to the appropriate servers for these services. To create a SRV record for a domain configured in the master zone, navigate to;

  1. Service > DNS > Local DNS Master Zones > Domain > Edit
  2. In SRV Records, Click "Add"
  3. Enter the following;
    • Record Name: The domain name to be mapped to an IP address. eg. example.com
    • Symbolic Name: The specific service and protocol for which the record provides information. eg. SIP
    • Protocol: The protocol for the record. Default: TCP
    • Target Domain: The full domain name of the target service. DNS entry must end with a . eg. mytest.example.com.
    • Port: The port of the target service
    • Priority: The priority order with the lower number indicating higher priority. Default: 10
    • Weight: The weight value is used to determine the priority when multiple servers share the same priority level. A higher weight value means that this entry will be chosen more frequently.
    • TTL: The time to live (TTL) of the DNS record. Default: 1Hour
  4. Click "Save" and "Apply" changes

Configure Local DNS Forward Zones

Local DNS forward zones are DNS configurations that direct DNS queries for specific domains to designated DNS servers. When a query is made for a domain within the forward zone, the local DNS server forwards the request to the specified DNS server instead of resolving it locally. This is useful for integrating with other DNS services or resolving names in a different administrative domain. DNS Forward Zones effect both requests from clients using the CyberEdge for DNS, along with the CyberEdge appliance itself.

To create a Local DNS Forward Zone, navigate to:

  1. Services > DNS > Local DNS Forward Zones > Add
  2. Configure the Local Forward Zone
    • Domain Name: The FQDN for the domain you wish to forward. The domain name must end with a dot (e.g. test.com.)
    • Forward to IPv4 Addresses: The destination IPv4 address for the DNS server you are forwarding to. This field requires a standard IPv4 CIDR format
    • Forward to IPv6 Addresses: The destination IPv6 address for the DNS server you are forwarding to. This field requires a standard IPv6 CIDR format
  3. Click “Save”
  4. Click “Save changes ready to apply”
  5. Click “Applies all pending changes” > “Apply Changes”

Important note

CyberEdge strongly advises forwarding your local DNS domain to your internal DNS servers. This practise ensures that both local clients and the CyberEdge appliance can accurately resolve internal addresses, which is particularly important when configuring Reverse Proxy rules.

Configure Slave Zones

DNS Slave Zones replicate DNS records from a Master (or Primary) server to downstream "Slave" (Secondary) servers. In this configuration, the CyberEdge will act as a "Slave" server to the specified "Master" in the DNS zone.

DNS slave zones are used to replicate the Master DNS server for redundancy and load balancing purposes. To ensure consistency, the Master DNS server will propagate DNS records to the CyberEdge using port 53 and the IXFR protocol.

To create a Slave Zone, navigate to:

  1. Services > DNS > Slave Zones > Add
  2. Configure the Slave Zone
    • Domain Name: The domain name for the slave zone.
    • Master IPv4 Addresses: The IPv4 address of the Master DNS server. This field requires a standard IPv4 CIDR format
    • Forward to IPv6 Addresses: The IPv6 address of the Master DNS server. This field requires a standard IPv6 CIDR format.
  3. Click “Save”
  4. Click “Save changes ready to apply”
  5. Click “Applies all pending changes” > “Apply Changes”

Important note

CyberEdge strongly advises forwarding your local DNS domain to your internal DNS servers. This practise ensures that both local clients and the CyberEdge appliance can accurately resolve internal addresses, which is particularly important when configuring Slave Zones.

If the DNS master attempts to request DNS records from the CyberEdge on port 53, the CyberEdge will attempt to assess the packet as an IXFR DNS update packet, and not a DNS request.