Zone Defaults

Here you can define several default options for new zones on your server and zones for which you provide backup service (Figure 8-5). These options can often be overridden in the definition of the individual zone; however, most such items are best configured here, and any differences from the norm can be configured in the individual zone. These options are only documented here, though they apply to individual zones as well. Note also that these do not affect the named.conf file at all. These are merely default values used by Webmin when creating new master zones, similar to the /etc/skel file used when creating new users. You'll also find on this page settings for some default zone permissions options.

Refresh time

This is interval for which your zones will be cached before being refreshed by slaves. Lowering this will increase the load on your master server but will help ensure fresh data reaches clients from your slave DNS servers. This option configures the refresh field in the SOA record in each new zone you create, and defaults to 10800 seconds, or 3 hours. Note that the introduction of the DNS NOTIFY protocol into BIND 8 removes the reliance of slaves on refresh times for prompt updates. To find out more take a look at RFC 1996 [http://www.ietf.org/rfc/rfc1966.txt?number=1966 ]. BIND 4 and some other name servers may not have NOTIFY, so if your slaves are not all known to be NOTIFY capable, you should still be aware that your slaves will take the full refresh time to be guaranteed to be fresh.

Transfer retry time

This defines the amount of time between retries if a refresh attempt fails. If you have reduced the refresh time, this value should be reduced accordingly. This option correlates to the retry field in an SOA record and defaults to 3600 seconds, or 1 hour.

Defaults for new master zones

When creating a new master zone, Webmin can be configured to fill in some of the values with defaults for your network. The following options allow these defaults to be configured (Figure 8-5):

Figure 8-5: Zone Defaults

Default time-to-live

This sets the minimum time to live for a zone. Downstream name servers will no longer consider the information they have cached accurate if it is older than this. They will continue to serve the old data if new data cannot be retrieved, until the expiry time has been reached. This option can be used very effectively to ensure that server or address changes can be performed without interruption of client services. For example, if you are aware that your website will be moving to a new server on a new address in a week, you can alter this to something very short, perhaps 30 seconds. By the end of the week, when your change happens, all name servers that have cached your information will know to check with a name server that is authoritative for your domain often. No one will even notice you changed! This option configures the TTL field in the SOA record and defaults to 38400 seconds, or 10 hours.

Template records

This section can be a nice time-saver if you create a large number of domains with Webmin (for example, if you run an ISP or a web-hosting company). Here you can define several template records that can be automatically inserted into some or all of your new zones. For example, if you have a single mail server and two name servers that are the same for all of the domains you create you can create templates for each of those. When you create a zone file later, you can choose to have the templates included. It is also possible to add a single host, whose IP can be defined at zone creation time. The mail server, name alias, and name server templates must have addresses assigned to them from the beginning, however. There is no default template, and this section does not directly affect any BIND configuration files.

Default Zone Settings

This section configures zone settings that will be applied by BIND for zones that do not override them. Unlike with the Defaults for new master zones section, these options do impact the BIND configuration file.

Allow transfers from

Here you can define other servers that will, by default, be allowed to receive transfers from this server. This option correlates to the allow-transfer directive and defaults to allowing zone transfers to all hosts.

Allow queries from

This one allows you to define what hosts or networks will be allowed to query your server. Any host that will use your name server should be listed here. However, by default, the server will allow requests from all hosts. This option configures the allow-query directive.

Check names in master zones? and Check names in slave zones?

These two allow you to choose how strict your name server will be with regard to checking names within their expected client context. This means that, for example, a domain name used as a host name can be checked for compliance with relevant standards regarding domain names and host names. These options configure check-names master and check-names slave and default to fail and warn, respectively.

Check names in responses?

Similar to the previous two options, but checks the names in responses to queries sent by the name server. If this is set to fail, your name server will REFUSE a query it receives and invalid name. This option configures the check-names response directive and defaults to ignore.

Notify slaves of changes?

This option allows you to configure whether BIND will use the NOTIFY protocol to inform its slaves of updates. In this way, its slaves can query the master to see if a zone transfer is needed. If so, the transfer takes places immediately, and all servers are brought up to date much more quickly than if the slaves awaited their usual refresh age to be reached. This option configures the notify directive.