Configuring DNS Services

Your Parallels Plesk Panel works in cooperation with a DNS server, which enables you to run DNS service on the same machine where you host websites.

Setup of DNS zones for newly added domains is automated: When you add a new domain name to control panel, a zone file is automatically generated for it in accordance with the server-wide DNS zone template and registered in the name server's database, and name server is instructed to act as a primary (master) DNS server for the zone.

You can:

• Add resource records to and remove from the template.
• Override the automatic zone configuration with custom settings on a per-domain basis.
• Select another DNS server (for example, switch to Microsoft DNS server from BIND DNS server).
• Switch off the domain name service on this machine if your provider or another organization is running DNS service for your sites.

To view the default records in the server-wide DNS template:

Go to Settings > DNS Template Settings (in the General group). All resource record templates will be displayed. The <ip> and <domain> templates are automatically replaced in the generated zone with real IP addresses and domain names.

To add a new resource record to the server-wide DNS template:

1. Go to Settings > DNS Template Settings (in the General group).
2. Click Add DNS Record.
3. Select the resource record type and specify the record properties as desired.

   Note that you can use <ip> and <domain> templates that will be replaced in the generated zone with real IP addresses and domain names. You can use a wildcard symbol (*) to specify any part of the domain name, and you can specify the exact values you need.

4. Click OK.

To remove a resource record from the server-wide DNS template:

1. Go to Settings > DNS Template Settings (in the General group).
2. Select a checkbox corresponding to the record template you wish to remove, and click Remove.
3. Confirm removal and click OK.

The Panel updates automatically the zone name, host name, administrator's e-mail address, and serial number, and writes the default values for the rest of Start of Authority record parameters to the zone files it maintains. If you are not satisfied with the default values, you can change them through the control panel.

To change the Start of Authority (SOA) record settings in the server-wide DNS template:

1. Go to Settings > DNS Template Settings (in the General group).
2. Click SOA Records Template.
3. Specify the desired values:
   • TTL. This is the amount of time that other DNS servers should store the record in a cache. The Panel sets the default value of one day.
   • Refresh. This is how often the secondary name servers check with the primary name server to see if any changes have been made to the domain's zone file. The Panel sets the default value of three hours.
   • Retry. This is the time a secondary server waits before retrying a failed zone transfer. This time is typically less than the refresh interval. The Panel sets the default value of one hour.
   • Expire. This is the time before a secondary server stops responding to queries, after a lapsed refresh interval where the zone was not refreshed or updated. The Panel sets the default value of one week.
   • Minimum. This is the time a secondary server should cache a negative response. The Panel sets the default value of three hours.
4. Click OK. The new SOA record parameters will be set for the newly created domains.

Usage of serial number format recommended by IETF and RIPE is mandatory for many domains registered in some high-level DNS zones, mostly European ones. If your domain is registered in one of these zones and your registrar refuses your SOA serial number, using serial number format recommended by IETF and RIPE should resolve this issue.

Parallels Plesk Panel servers use UNIX timestamp syntax for configuring DNS zones. UNIX timestamp is the number of seconds since January 1, 1970 (Unix Epoch). The 32-bit timestamp will overflow by July 8, 2038.

RIPE recommends using YYYYMMDDNN format, where YYYY is year (four digits), MM is month (two digits), DD is day of month (two digits) and NN is version per day (two digits). The YYYYMMDDNN format will not overflow until the year 4294.

To change the Start of Authority (SOA) serial number format to YYYYMMDDNN for the server-wide DNS template:

1. Go to Settings > DNS Template Settings (in the General group).
2. Click SOA Records Template.
3. Select the Use serial number format recommended by IETF and RIPE checkbox.

   Note: See the sample of SOA serial number generated with the selected format. If the resulting number is less, than the current zone number, the modification may cause temporary malfunction of DNS for this domain. Zone updates may be invisible to Internet users for some time.

4. Click OK.

To restore the default Start of Authority (SOA) serial number format (UNIX timestamp) for the server-wide DNS template:

1. Go to Settings > DNS Template Settings (in the General group).
2. Click SOA Records Template.
3. Clear the Use serial number format recommended by IETF and RIPE checkbox.

   Note: See the sample of SOA serial number generated with the selected format. If the resulting number is less, than the current zone number, the modification may cause temporary malfunction of DNS for this domain. Zone updates may be invisible to Internet users for some time.

4. Click OK.

By default, transfer of DNS zones is allowed only for name servers designated by NS records contained within each zone. If your domain name registrar requires that you allow transfer for all zones you serve:

1. Go to Settings > DNS Template Settings (in the General group).
2. Click Transfer Restrictions Template. A screen will show all hosts to which DNS zone transfers for all zones are allowed.
3. Specify the registrar's IP or network address and click Add Network.

If you are using third-party DNS servers, and are not running your own DNS server, you should switch off your control panel's DNS server:

1. Go to Settings > DNS Template Settings (in the General group).
2. Click Switch Off.

To restore the original configuration of server-wide DNS template:

1. Go to Settings > DNS Template Settings (in the General group).
2. Click Restore Defaults.

You can specify whether your DNS server should provide recursive service for queries.

With recursive service allowed, your DNS server, when queried, performs all the lookup procedures required to find the destination IP address for the requestor. When recursive service is not allowed, your DNS server performs minimal number of queries only to find a server that knows where the requested resource resides and to redirect the requestor to that server. Therefore, recursive service consumes more server resources and makes your server susceptible to denial-of-service attacks, especially when the server is set to serve recursive queries from clients outside your network.

After your install Parallels Plesk Panel, the built-in DNS server defaults to serving recursive queries only from your own server and from other servers located in your network. This is the optimal setting. If your upgraded from earlier versions of Parallels Plesk Panel, your DNS server defaults to serving recursive queries from any host.

If you want to change the settings for recursive domain name service:

1. Go to Settings > DNS Template Settings (in the General group) > DNS Recursion.
2. Select the option you need:
   • To allow recursive queries from all hosts, select Allow for all requests.
   • To allow recursive queries from your own server and hosts from your network, select Allow for local requests only.
   • To allow recursive queries only from your own server, select Deny.
3. Click OK.

By default, users can create new subdomains and domain aliases in the DNS zones belonging to other users. This means that they can set up websites and e-mail accounts which could be used for spamming, fishing or identity theft.

To prevent users from setting up domains and domain aliases in the DNS zones belonging to other users:

1. Go to Settings > Restrict Creation of Subzones (in the General group).
2. Select the Do not let users create DNS subzones in other users' DNS superzones checkbox.
3. Click OK.

If you need to assign a new host name to your server:

1. Go to Settings > Server Settings (in the General group).
2. In the Full host name box, type the new host name and click OK.