DNS Manager is software for the management via web of a Name Server (Domain Name System), based on the Centralized Management with Delegated Administration (CMDA) model. The system has proved to be particularly useful at CNR where, following the Institution's reform, an institute may also consist of geographically distributed sections, resulting from the fusion of various research agencies. Consequently, an Institute may consist of several IP classes, or parts of them, at each of its sections. Managing an entire Institute in a single domain could therefore prove to be problematic unless it accepts the creation of many sub-domains.
By using DNS Manager, a local administrator can continue to manage its own class of IP addresses without having to worry about the operational management of the Name Server and without needing to rely on the definition of new sub-domains. In this way, managing an Institute's entire fleet of machines proves to be more flexible and users can enjoy rapid response times.
A web interface enables peripheral managers to use the system. For a better distribution of the administrative tasks, interfaces addressed to various categories of administrators have been taken into consideration: expert technical personnel, technical personnel and non-technical personnel (completely ignorant of the DNS basic). Thus, sensitive information such as the definition of NS records or MX records are handled only by a limited number of individuals.
The system verifies that all information passing from the manager to the server is congruent thus avoiding the errors which normally can occur in the management of a name server.
Description of the system
The administration of the service is carried out entirely by means of a web interfaces which are accessed securely via encrypted sessions (https). The peripheral manager can be enabled for the creation and cancellation of records such as: A, NS, CNAME, PTR. It can also add administrative information to each record such as the eventual expiration date, host owner's name or the displacement of the apparatus being examined.
The administration of the entire system is realized in a hierarchical way in order to define three management priority levels:
- supervisorfor the control of several domains;
- privilegeds administrator che possono controllare who can control one or more groups with the possibility of accessing all types of records (A, NS…);
- non-privileged administrators who control one or more groups, but which are only in control of type A records.
In setting up the system, particular attention was paid to the environment in which the CNR network was developed, taking into consideration the Institutes with Sections scattered throughout the country. The system has therefore been realized in order to permit:
- the subdivision of a domain into administrative subgroups, where a group can be identified not only in a section but also in single departments;
- the possibility of assigning several sub-networks to the same domain, corresponding to the situation prior to reorganization of the CNR domains.
Management of IP addresses
The system involves the automatic or manual assignment of addresses, which can be subdivided into administrative sub-ranges (ranges of Routers, Servers, Hosts etc.). Automatic assignment always allots the first available address in the chosen sub-range. The system also involves automatic creation of the PTR record associated with record A.
Rules of reference and conflict
Upon each modification of a record the system, endowed with specific rules of reference and conflict, carries out the appropriate cross-checks in order to minimize the possibility of human error. The controls occur between the values contained in all zones managed by the system.
Interaction of the system with the SMTP server
The DnsManager system carries out a control function on the use of the electronic mail service: each record A is associated with a flag which indicates the enabling of the host to the electronic mail service. This method provides greater control over security, permitting the electronic mail service to be used only with qualified calculators.
The web interface proves to be easy to use and the feedback of the present managers utilizing the system is positive, as well as useful for any further refinement of its functions.
To simplify the passage to new domains utilities are available which permit the migration from old domains to new ones as well as the migration of several domains into a single new domain.
This system is presently in use at the Padua Research Area where it manages the domains of the Istituti CNR del CNR Institutes of Triveneto, in Pisa where it manages the TLD .AL (Albania) and in Milan where it manages the domains of the CNR Research Area. Servers running DNSManager do not appear to be overloaded and the increase in domains or peripheral administrators does not significantly influence their performances.