This is documentation for an outdated product. See the current documentation

ISPmanager 5 Business Documentation

DNS-server configuration

 

ISPmanager Business works with  PowerDNS that converts a DNS-name into an IP address and vice versa.  

ISPmanager can be configured as the master DNS-server. The master DNS-server stores the main copy of the domain zone file. The master server receives the domain zone information from the zone configuration files. Slave servers receive the domain zone configuration from the master server.  

DNS-server settings are added into the configuration file and are used when domain zones are created. For more information please refer to the article Create a domain name. To modify the settings, go to Domains → Domain names → Settings.  

Domain name server configuration

Perform the following steps to configure the DNS-server:

  1. Go to Domains → Domain names → Settings.
  2. Enter the Name servers that will handle the DNS records for this domain. They are specified in the NS-records. 
  3. Enter the Administrator email . It is specified in the SOA records of the newly created domain zones. Learn more under Resource records.
  4. Enter the DMARC record. This is a template that used for a TXT-record. DMARC is mechanism helps protect incoming email from spam, spoofing, and phishing. 
  5. Enter the SPF record. This is a template that used for a TXT-record which is its term is used for SPF configuration. Use the macro "_ip_" to add IP addresses.  IP addresses are specified separated by spaces in the SPFRelayIP parameter of the ISPmanager configuration file (the default location is /usr/local/mgr5/etc/ispmgr.conf). For more information please refer to ISPmanager configuration file.
  6. Enter the Subdomains that will be automatically for the newly created domain name. They are specified in the A-records.
  7. Enter the Mail servers that will handle emails for this domain. They are specified in the MX-records. A full domain name must be followed by the dot (such as mail1.mydomain.commail2.mydomain.com.). If it is a record in the current domain, the dot is not required (mail1 mail2).
  8. IP addresses for name servers — If the NS-record lie within the domain zone being created, A and AAAA records will be created automatically for that domain zone. If this parameter is specified, IP addresses for the NS-record will be taken from this parameter. Otherwise, IP address of the master zone will be assigned to the first NS-record, IP address of the slave zone will be assigned to all other records (if slave name servers are used). If slave name servers are not configured, or the NsIps parameter has insufficient IP addresses, you will see the error message.
  9. Server name for SOA-records — provide a value for the SOA-record, if you want the server name defined in the SOA-records (MNAME) to be different from the hostname of the server processing DNS requests. Leave this field blank if you are not sure that you really want to change it.
  10. Apply to existing —  select the checkbox to apply the new settings to all domain zones of the server. 
  11. Click Ok

DNSSEC

Perform the following steps to configure DNSSEC:

  1. Go to Domains → Domain names → Settings.
  2. Check the box DNSSEC support. 
  3. Enter the key parameters. DNSSEC uses 2 types of keys:  ZSK (Zone Signing Key)  is used to sign records within the zone, and KSK (Key Signing Key)  key is used to sign keys. Enter parameters for every key type: 
    1. Algorithm ­— select a key generation algorithm: Outdated algorithms: 5 — RSA/SHA-1; 7 — RSASHA1-NSEC3-SHA1; Modern algorithms: 8 — RSA/SHA-256; 10 — RSA/SHA-512; Newest algorithm: 13 — ECDSA Curve P-256 with SHA-256; 14 — ECDSA Curve P-384 with SHA-384. 
    2. Key length — enter the KSK-key length (in bites).
    3. Renewal period — set the period in months that will pass before a new key will be generated.
Note
Currently, DNSSEC supports identical algorithms for keys.

For more information please refer to the article DNSSEC configuration.