dns-maint - The DNS server maintenance utility.
dns-maint is the utility to create and maintain the DNS server object in the eDirectory tree associated with the NCP server.
NOTE:In a cluster setup, you cannot create the DNS server object on all the nodes because it needs to refer to virtual NCP server. The Create Server option cannot be used in cluster setup; it can be used only in normal scenarios. Cluster setup requires manual DNS Server object creation.
dns-maint <LDAP host name or IP> <LDAP port number> <Admin DN> <Admin password> <DNS Proxy user DN> <DNS Proxy user password> <Credential storage (0->file, 1->CASA)> <DNS Locator object container name> <DNS group object container name> <RootServerInfo container name> <Local NCP server context> <Create DNS server object (1->create)*> <Host Name*> <Domain Name for DNS Server*> <Secure LDAP or Not (0 -> non-SSL, 1->SSL)>
* parameters are optional.
dns-maint -ca <Tree-name> <LDAP host name> <LDAP port number> <Admin DN> <Admin password> <DNS Proxy user DN> <DNS Proxy user password> <Credential storage (0->file, 1->CASA)> <DNS Locator object container name> <DNS group object container name> <RootServerInfo container name> <Local NCP server context> <Create DNS server object (1->create)*> <Host Name*> <Domain Name for DNS Server*> <Secure LDAP or Not (0 -> non-SSL, 1->SSL)>
* parameters are optional. If the DNS runtime admin already exists in the tree, then the Advanced option will reset the existing user password to the specified password in the command. The password is reset only in OES Credential Store but not in eDirectory. Because of this inconsistency DNS service might not work properly.
Currently, dns-maint uses /opt/novell/named/schema/DNIP.SCH to extend the DNS schema in eDirectory tree.
IMPORTANT:In the Default and Advanced options for dns-maint, if you choose to configure an existing eDirectory user that is already configured in OES Credential Store, this option will not let you change the user password in OES Credential Store. Use the oescredstore tool to change the user password incase it is changed in the eDirectory.
The following parameters are optional. If you do not want to create a DNS server object, do not consider these parameters.
Create DNS server object: The value is 1 for object creation.
Host Name: Specify a unique hostname for the DNS Server object. For example, acme-host.
Domain Name for DNS Server: Specify a domain name for the Server object. For example, acme.americas.com.
dns-maint -ra <LDAP host name> <LDAP port number> <Admin DN> <DNS Locator object container name> <Delete Common Objects=1 Do not delete Common Objects=0> <Secure LDAP or Not (0 -> non-SSL, 1->SSL)>
dns-maint -rs <LDAP host name> <LDAP port number> <Admin DN> <Secure LDAP or Not (0 -> non-SSL, 1->SSL)>
WARNING:During installation, removing DNS in Domain Services for Windows setup means that DSfW Services fails or demands reconfiguration to some other DNS server. Reconfiguring DNS on the DSFW setup is not possible because of its integration with DSfW. To reconfigure, you need to completely re-run the DSfW-DNS install script to re-populate the DNS zones and resource records in the tree. dns-maint should not be used to remove all (-ra), reconfig (-ca), or remove schema (-rs) for a DSfW deployment.
dns-maint -ca <Tree-name> <LDAP host name> <LDAP port number> <Admin DN> <Admin password> <DNS Proxy user DN> <DNS Proxy user password> <Credential storage (0->file, 1->CASA)> <DNS Locator object container name> <DNS group object container name> <RootServerInfo container name> <Local NCP server context> <Create DNS server object (1->create)*> <Host Name*> <Domain Name for DNS Server*> <Secure LDAP or Not (0 -> non-SSL, 1->SSL)>
* parameters are optional. If the DNS runtime admin already exists in the tree, then the Configure All option resets the existing user password to the specified password in the command. The password is reset only in the OES Credential Store but not in eDirectory. Because of this inconsistency, the DNS service might not work properly.
The Configure All option extends the DNS schema in the tree, refreshes the tree, and creates DNS objects such as DNSDHCP-Group, DNS-DHCP (Locator), and RootServerInfo in the specified input context in the tree.
It also creates the Runtime Admin (Proxy User) if it does not exist in the tree, and adds it to the OES Credential Store.
For secure updates, specify the SSL port number for the LDAP and SSL option as 1.
For non-secure updates, specify the SSL option as 0.
dns-maint -ca <Acme-tree> Acme.com 636 cn=admin,o=Acme secret cn=dns-admin,o=dns-domain secret 1 ou=Sales,o=Acme ou=Finance,o=Acme o=acme o=acme 1 acme-host acme.americas.com 0
dns-maint -ra <LDAP host name> <LDAP port number> <Admin DN> <DNS Locator object container name> <Delete Common Objects=1 Do not delete Common Objects=0> <Secure LDAP or Not (0 -> non-SSL, 1->SSL)>
The Remove All option removes the Rootserverinfo, Zone objects, resource record details of the zones, and the DNS-Server objects from the tree for the specified DNS Locator object.
To delete the Group Object and the Locator Object, specify the option as 1
To retain the Group Object and the Locator Object, specify the option as 0
It removes the DNS credentials from OES Credential Store. It removes the .conf,.db,.jnl,.pid files from the system from their respective directories (/etc/opt/novell/named, /var/opt/novell/log/named,/var/opt/novell/run/named) under the current user root.
For secure updates, specify the SSL port number for the LDAP and SSL option as 1.
For non secure updates, specify the SSL option as 0.
dns-maint -ra Acme.com 636 cn=admin,o=Acme ou=Sales,o=Acme 1
dns-maint -rs <LDAP host name> <LDAP port number> <Admin DN> <Secure LDAP or Not (0 -> non-SSL, 1->SSL)>
The Remove Schema option uses the /opt/novell/named/schema/DNIP.SCH schema file to remove schema from eDirectory tree by using the /opt/novell/named/bin/removeschema.sh script.
If the DNS schema is not in use, the Remove Schema option removes the DNS schema from the tree.
For secure updates, specify the SSL port number for the LDAP and SSL option as 1.
For non-secure updates, specify the SSL option as 0.
dns-maint -rs Acme.com 636 cn=admin,o=Acme
dns-maint -d <LDAP host name> <LDAP port number> <Admin DN> <Secure LDAP or Not (0 -> non-SSL, 1->SSL)> <Read from Locator (0->No, 1->Yes)> <Locator FDN> <Zone List> <Date (Optional)>
This lets you delete the empty resource records of the zones in the eDirectory tree. You can delete empty resource records of the list of zones by specifying a command line parameter or by using the zone list in the Locator object.
The Locator object FDN and the zone list are mutually exclusive; only one can be present at a time. If the Locator object is present, then the zone list is read from it. The empty resource records of all the zones present in the zone list are deleted. Otherwise, a semicolon-separated list of zones(FQDN) for which you want to delete the empty resource records should be provided.
The date is optional. It is used to delete the RRs not used since the date mentioned. Specify the date in yyyy/mm/dd format.
dns-maint -d Acme.com 636 cn=admin,o=Acme 1 0 "cn=zone1,o=acme;cn=zone2,o=acme"
or
dns-maint -d Acme.com 636 cn=admin,o=Acme 1 0 "cn=zone1,o=acme;cn=zone2,o=acme" "2006/02/24"
LDAP host name: The IP address of the default LDAP server for the service.
LDAP port number: The secure or non-secure LDAP port to connect to the LDAP server.
Admin DN: LDAP administrator distinguished name to authenticate against the LDAP host.
password: Password for the LDAP Admin.
eDirectory user DN for DNS: The user authenticates to eDirectory to access information for DNS during runtime. The user must have eDirectory read, write, and browse rights under the specified context.
Credential Storage: Specifies the proxy user's credential location. It is recommended to use OES Credential Store.
DNS Locator object container name: The context/container for the DNS Locator object. For example: o=novell. The DNS Locator object contains global defaults, DNS options, and a list of all DNS and DHCP servers, subnets, and zones in the tree.
DNS Group pbject container name: The context for the DNS Group object. For example: o=novell. This object is used to grant DNS servers the necessary rights to other data within the eDirectory tree.
RootServerInfo container name: The context for the DNS Services RootServerInfo object. For example: o=novell. The RootServerInfo Zone is an eDirectory container object that contains resource records for the DNS root servers.
Local NCP server context: Specify a context for the local NCP Server object. The DNS Server reference is stored in this object. For example: o=novell.
Secure LDAP or Not (0 -> non-SSL, 1 -> SSL): Set this option to 1 to ensure that the data transferred by this service is secure and private. Set this option to 0, to transfer the data in clear text format.
Tree name: eDirectory tree name of your NCP server.
Delete Common Objects=1 Do not delete Common Objects=0: This option specifies the DNS objects to be deleted from the eDirectory Tree.
To delete the Group Object and the Locator Object, specify the option as 1.
To retain the Group Object and the Locator Object, specify the option as 0.
The Group Objects and the Locator Objects are common for DNS and DHCP services on NetWare. Cleaning up these objects from dns-maint is not recommended if you want to clean up only the DNS objects and then retain the DHCP objects in the tree.The Delete Common Objects=1 Do not delete Common Objects=0 option gives you the choice to delete or retain the common objects for DNS-DHCP in the tree.