Database backed DNS Management Solutions
Dear NANOG: I hope I can solicit some feedback from this venerable group. :-) Currently, my group operates 16 BIND servers across 5 datacenters, handling internal and external namespace duties. These servers are responsible for both internal and external forward and reverse name and IP spaces. There are also a number of Windows AD servers that hold their own namespaces, that the BIND servers slave from this info from, so names resolve between these domains. Windows AD forwards queries for internal zones it does not own to the appropriate namespace holder. So Windows DNS server interoperability is a business requirement. Some of these zones are dynamic, some are static. None of the dynamic zones are populated via DHCP, but by self-registration. We have heretofore used some in-house scripts for managing this, but obviously, the thought of keeping and managing this data in something other than its current form has caught on in our minds, and so therefore we are looking at a proposal put forth, to replace all of our BIND servers with a PowerDNS infrastructure. BIND has been the backbone of the Internet, and so many of us are wary of replacing BIND, when in essence, BIND itself is not the issue, nor is it broken. Has anyone done any in house comparance of PowerDNS versus BIND-DLZ? Googling has led to some useful info but no useful side by side comparances that are not obviously partisan. I favor something like ProBIND2, that keeps the data in the DB, but does not tie the serving of the data, etc to anything other than BIND. Any success/horror stories from implementing BIND management solutions is very welcome. If anyone has any success/horror stories about PowerDNS, BIND-DLZ, or a system like ProBind2 or NetDB (from Stanford) to manage BIND and its configurations in a DB, I would be very interested in hearing them. :-) Thank you. Best Regards, Ross S. Dmochowski Sr. Linux Administrator IGN/Gamespy/Fox Interactive Media ross@ign.com
At the last place I worked at we had an installation of NicTool v1.2. We pushed out DNS updates for our hosting company over 4 servers, two local and two off-site. It was very nice to work with, but I havent used it in the 2.x iteration. http://www.nictool.com/ - Give it a look-over. Supports BIND, TinyDNS, and PowerDNS. -Israel Ross Dmochowski wrote:
Dear NANOG:
I hope I can solicit some feedback from this venerable group. :-)
Currently, my group operates 16 BIND servers across 5 datacenters, handling internal and external namespace duties. These servers are responsible for both internal and external forward and reverse name and IP spaces.
There are also a number of Windows AD servers that hold their own namespaces, that the BIND servers slave from this info from, so names resolve between these domains. Windows AD forwards queries for internal zones it does not own to the appropriate namespace holder.
So Windows DNS server interoperability is a business requirement.
Some of these zones are dynamic, some are static. None of the dynamic zones are populated via DHCP, but by self-registration.
We have heretofore used some in-house scripts for managing this, but obviously, the thought of keeping and managing this data in something other than its current form has caught on in our minds, and so therefore we are looking at a proposal put forth, to replace all of our BIND servers with a PowerDNS infrastructure.
BIND has been the backbone of the Internet, and so many of us are wary of replacing BIND, when in essence, BIND itself is not the issue, nor is it broken.
Has anyone done any in house comparance of PowerDNS versus BIND-DLZ? Googling has led to some useful info but no useful side by side comparances that are not obviously partisan.
I favor something like ProBIND2, that keeps the data in the DB, but does not tie the serving of the data, etc to anything other than BIND.
Any success/horror stories from implementing BIND management solutions is very welcome.
If anyone has any success/horror stories about PowerDNS, BIND-DLZ, or a system like ProBind2 or NetDB (from Stanford) to manage BIND and its configurations in a DB, I would be very interested in hearing them. :-)
Thank you.
Best Regards, Ross S. Dmochowski Sr. Linux Administrator IGN/Gamespy/Fox Interactive Media ross@ign.com
I use a PowerDNS setup with mysql backend. It works really well for our 5 dns server setup. Things to watch out for are replication breaks in the mysql database. On Tue, Feb 3, 2009 at 9:19 PM, Israel Lopez - Lists < ilopezlists@sandboxitsolutions.com> wrote:
At the last place I worked at we had an installation of NicTool v1.2. We pushed out DNS updates for our hosting company over 4 servers, two local and two off-site. It was very nice to work with, but I havent used it in the 2.x iteration.
http://www.nictool.com/ - Give it a look-over. Supports BIND, TinyDNS, and PowerDNS.
-Israel
Ross Dmochowski wrote:
Dear NANOG:
I hope I can solicit some feedback from this venerable group. :-)
Currently, my group operates 16 BIND servers across 5 datacenters, handling internal and external namespace duties. These servers are responsible for both internal and external forward and reverse name and IP spaces.
There are also a number of Windows AD servers that hold their own namespaces, that the BIND servers slave from this info from, so names resolve between these domains. Windows AD forwards queries for internal zones it does not own to the appropriate namespace holder. So Windows DNS server interoperability is a business requirement.
Some of these zones are dynamic, some are static. None of the dynamic zones are populated via DHCP, but by self-registration.
We have heretofore used some in-house scripts for managing this, but obviously, the thought of keeping and managing this data in something other than its current form has caught on in our minds, and so therefore we are looking at a proposal put forth, to replace all of our BIND servers with a PowerDNS infrastructure.
BIND has been the backbone of the Internet, and so many of us are wary of replacing BIND, when in essence, BIND itself is not the issue, nor is it broken.
Has anyone done any in house comparance of PowerDNS versus BIND-DLZ? Googling has led to some useful info but no useful side by side comparances that are not obviously partisan.
I favor something like ProBIND2, that keeps the data in the DB, but does not tie the serving of the data, etc to anything other than BIND.
Any success/horror stories from implementing BIND management solutions is very welcome.
If anyone has any success/horror stories about PowerDNS, BIND-DLZ, or a system like ProBind2 or NetDB (from Stanford) to manage BIND and its configurations in a DB, I would be very interested in hearing them. :-)
Thank you.
Best Regards, Ross S. Dmochowski Sr. Linux Administrator IGN/Gamespy/Fox Interactive Media ross@ign.com
We developed our own PHP / MySQL system that holds all the records before writing out zonefiles and updates to BIND. We've been using it for several years and it works well :) Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.com/ http://blog.blacknight.com/ Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
I'm a long time BIND user and recent convert to PowerDNS. I considered BIND-DLZ briefly but found that I wasn't excited about the DB retro-fit on a piece of software that was previously very much meant to live in the world of flat files. My initial intent was to try PowerDNS first and then give BIND-DLZ a test drive also, but I never got around to BIND-DLZ given how well PowerDNS performed. My only beef with PDNS is the inability to use master-slave replication to hosts that are not listed as type NS. This is by design but it nevertheless got in my way. I've since just set all domains to use native replication (e.g. db backend repliciation, Postgres/Slony in this instance) and absolutely could not be happier with the results. The amount of time I spend managing DNS has been reduced to almost nothing given how easily I can script my large operations. Still it pays to be wise: Use transactions!! I've also been getting slightly better query response times with PDNS than I did with BIND for what it's worth. -s On Wed, Feb 4, 2009 at 8:10 AM, Michele Neylon :: Blacknight < michele@blacknight.ie> wrote:
We developed our own PHP / MySQL system that holds all the records before writing out zonefiles and updates to BIND. We've been using it for several years and it works well :)
Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.com/ http://blog.blacknight.com/ Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
Steven Crandell wrote:
I'm a long time BIND user and recent convert to PowerDNS. I considered BIND-DLZ briefly but found that I wasn't excited about the DB retro-fit on a piece of software that was previously very much meant to live in the world of flat files. My initial intent was to try PowerDNS first and then give BIND-DLZ a test drive also, but I never got around to BIND-DLZ given how well PowerDNS performed.
My only beef with PDNS is the inability to use master-slave replication to hosts that are not listed as type NS. This is by design but it nevertheless got in my way. I've since just set all domains to use native replication (e.g. db backend repliciation, Postgres/Slony in this instance) and absolutely could not be happier with the results.
The amount of time I spend managing DNS has been reduced to almost nothing given how easily I can script my large operations. Still it pays to be wise: Use transactions!!
Always, always, *always* use a transaction-aware database with PowerDNS. That said, I too am a happy user of PowerDNS using native database replication. The recent January 27 release added a lot of good stuff. ~Seth
participants (6)
-
fiberOptiC
-
Israel Lopez - Lists
-
Michele Neylon :: Blacknight
-
Ross Dmochowski
-
Seth Mattinen
-
Steven Crandell