[unisog] DNS Manager?

Robin Stevens robin.stevens at oucs.ox.ac.uk
Fri Feb 1 22:32:15 GMT 2008


On Fri, Feb 01, 2008 at 09:43:28AM -0500, Shawn L wrote:
> Just wondering what everyone is using for a dns manager.  We currently
> just use flat files and bind.  Update the file, restart bind, rsync to
> the other master, and restart.  We're currently looking at writing
> something that stores the info in a database then writes out the files
> as needed, but were wondering if anyone has a better way of doing it.

Our primary zones (ox.ac.uk and related in-addr.arpa) are edited via a
home-brew web interface, customised to our "special" environment (highly
devolved IT support, and no guarantee of one-to-one mappings between
support staff, colleges/departments, subdomains or subnets).  Local IT
staff can perform most normal functions themselves but need to go
through us for some more unusual functions.

Some hacky back-end perl turns the stored data into BIND zone files and
performs various sanity checks before the new zones go live.  We don't
use dynamic DNS anywhere.

Rewriting the entire system has been on the cards for some considerable
time but is going to be a lot of work - the introduction of IPv6 I see
being a major incentive to get this done.  Ideally we'd like this
integrated with other systems, such as DHCP registrations, firewall
exemptions and so forth.  Frankly we don't see any off-the-shelf system
as likely to meet our needs without an awful lot of customisation.

Small secondary zones (for instance oxforduniversity.org, which we have
purely for trademark protection) are mostly edited by hand (a few have
been moved over to being generated from a database).  We have a
subsequent script run to update the serial number, call named-checkzone,
display a diff, check the file in to version control, and if we're happy
send a reload to our "hidden" master (anyone who can read an SOA record
can guess its identity, but it won't talk to them unless it knows them).

-- 
Robin Stevens <robin.stevens at oucs.ox.ac.uk>        Work (+44)(0)1865 273212
Networks & Telecommunications Group                 Fax (+44)(0)1865 273275
Oxford University Computing Services               http://www.cynic.org.uk/


More information about the unisog mailing list