Customer DNS records best practices
I am looking for any suggestions on tool/utilities that you are using to allow customers to manager their forward/reverse DNS records that reside on your DNS servers. Linux/Unix based preferred. Peter Kranz Founder/CEO - Unwired Ltd Mobile: 510-207-0000 pkranz@unwiredltd.com
There are a couple possibilities. Mice and Men and INS both make software that can "front-end" BIND servers via a secure web interface. You can also utilize a secure DNS appliance to serve your customer DNS - Infoblox, Bluecat, and INS all make these. They generally have a pretty rich multi-user security model, can use RADIUS for authentication, etc. There are lots of good reasons to keep your customer DNS separate from your own DNS if you are going to allow customers to remotely administer their zone records. I would ensure you have a good idea of your requirements before you jump into this - do you want the software to validate changed records? Just accept changes? Do you plan to support a subset of Resource Records, or the whole enchilada? - Dan On 7/14/05 2:45 PM, "Peter Kranz" <pkranz@unwiredltd.com> wrote:
I am looking for any suggestions on tool/utilities that you are using to allow customers to manager their forward/reverse DNS records that reside on your DNS servers. Linux/Unix based preferred.
Peter Kranz Founder/CEO - Unwired Ltd Mobile: 510-207-0000 pkranz@unwiredltd.com
-
--On Thursday, July 14, 2005 2:45 PM -0700 Peter Kranz <pkranz@unwiredltd.com> wrote:
I am looking for any suggestions on tool/utilities that you are using to allow customers to manager their forward/reverse DNS records that reside on your DNS servers. Linux/Unix based preferred.
I'll put in a plug here for Carnegie Mellon's NetReg, which I'm currently the primary maintainer of. We use it to maintain approximately 50K records in over 100 zones, and the matching reverses (in over 300 zones). (We also maintain our ISC DHCP servers with the same system, but that seems of less relevance to you.) It maintains both the zone data and the bind9 config files for 3 groups of authoritative servers and a set of recursive servers for our users. It can push zone updates to the servers via either dynamic dns updates (w/ TSIG) or via static zone pushes via rsync. Users can have access to register their own machines via a web interface (protected via any apache authentication method of your choice). Fine grained access control provides flexible control of which users can do which operations. Its released under an open source license. Requires Apache 1.3.x, MySQL 4.0.x, perl, Bind 9+. Its in use at several other universities, and some large companies as well. More information and downloads available at http://www.net.cmu.edu/netreg If you have any questions, feel free to contact me. -David Nolan Network Software Designer Computing Services Carnegie Mellon University
participants (3)
-
Daniel Golding -
David Nolan -
Peter Kranz