DNS cluster

Genco YILMAZ gyilmaz at genco.gen.tc
Fri Jul 8 07:21:30 UTC 2005


Hi Kevin,
you could be right on this subject . DNS mechanism can have its
internal  ability to do this task but the way I have implemented
database structure, perl backend to manage and create zone files and the
GUI  help me a lot to make batch changes and customization on the zones.
Before writing these codes, I was writing perl codes to manage (to make
multiple changes on zones etc). I thought that it is better to keep
these zones in a db and then I can convert all these repetative taskes
into a single system.
     From the security point of view, this application adds extra
management cost to the system administrator.
(e.g securing ports from outside and encryption) but I have already
accepted these facts for a custom system and
used crypted tunnels and secured ports.
     Additionaly, I have finished this structure 1.5 months ago and it
works with no problem in a production environment with 3
DNS servers. Once you install and secure it, you rarely deal with the
system.
      As I said, I just did it for my system and for our needs . It is
only an alternative if somebody needs a different imlementation:) After
I have added some little code and some documentation for installation, I
can send the address for download.
Kind Regards.



Kevin Darcy wrote:

>That seems like overkill to me. Why keep all of the actual *zone*data* 
>in a database, when all you really need (according to the original 
>poster's requirements) is a *list*of*zones*. You don't need MySQL just 
>to store a list that's likely to be, at most, only a few thousand, 
>perhaps tens of thousands of small entries. That list can be a simple 
>text file. Or, represent each zone name as an RR in a special "index" 
>zone -- that way you don't need to open up holes in your firewall for 
>anything beyond DNS itself. Once you have a script that keeps the 
>named.conf on the slaves automatically up to date, the actual zone-data 
>replication/propagation can be done through the standard AXFR/IXFR 
>mechanisms.
>
>As for putting a GUI on the maintenance of zone data itself, my 
>preference is to use Dynamic Update for the backend. Why 
>install/configure/run/maintain a separate database package, when your 
>nameserver already has one basically built into it? One that's optimized 
>for DNS, can be secured via TSIG, etc....
>
>                                                                         
>                                                                        
>- Kevin
>
>Genco YILMAZ wrote:
>
>  
>
>>Hi Stelios,
>>I had written a BIND-GUI in php and backend perl to manage zone files.
>>In fact, this software changes the way master and slave concept a little
>>bit. All zone files are kept in a MySQL database. When you add a new
>>zone into the master dns server through GUI, all other client dns
>>servers fetch new zone files or any changed data with the client
>>software written in perl.  Perl clients make a tcp connection to the
>>database server through an encrypted tunnel connection and write the new
>>data into the normal text files.  When you write a cron entry on the
>>master and client dns servers all data is spread into client dns
>>servers. This allowed me to play with zone files because in this
>>structure every client is a master server functionally. GUI allows any
>>change on the zone records kept in database.
>>   In fact I have implemented this structure for me but If anybody
>>needs this, after a little documentation it can be ready for any own system.
>>Kind Regards.
>>
>>Stelios Asmargianakis wrote:
>>
>> 
>>
>>    
>>
>>>Hi Brad,
>>>
>>>Thanks for your answer.
>>>Using rsync is not the problem and I can copy the zones easily and then
>>>reload the dns; the problem comes that I need to edit each time the
>>>named.conf on the 2nd server manually. This is impossible as we are talking
>>>for many entries in DNS every week.
>>>
>>>Any other ideas?
>>>
>>>Regarding with Peter Alberchts reply (thanks for that) using webmin or any
>>>other GUI is not the solution as I am trying to find something to do the job
>>>automatic.
>>>
>>>Unfortunately it seems that I will need to stuck with 2 dns servers both
>>>with cpanel (it's a web hosting control panel).
>>>
>>>Thanks
>>>
>>>-----Original Message-----
>>>From: Brad Knowles [mailto:brad at stop.mail-abuse.org] 
>>>Sent: Thursday, July 07, 2005 1:01 PM
>>>To: linux at climbincrete.com
>>>Cc: bind-users at isc.org
>>>Subject: Re: DNS cluster
>>>
>>>At 12:25 PM +0100 2005-07-07, Stelios A. wrote:
>>>
>>>
>>>
>>>   
>>>
>>>      
>>>
>>>>I am trying to set up a DNS cluster using a traditional master-slave but
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>I
>>>
>>>
>>>   
>>>
>>>      
>>>
>>>>cannot find a way to add the appropriate entries in named.conf on the
>>>>slave DNS (master will run linux with cpanel control panel installed).
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>	There's no standard way to automatically distribute changes to 
>>>named.conf, at least not so far as I know.
>>>
>>>
>>>
>>>   
>>>
>>>      
>>>
>>>>That means that although the zone files would automatically synchronise,
>>>>however I would have to manually add new zone entries to named.conf on
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>the
>>>
>>>
>>>   
>>>
>>>      
>>>
>>>>2nd box (linux no control panel).
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>	Yup.  That's a well-known problem.
>>>
>>>
>>>
>>>   
>>>
>>>      
>>>
>>>>Any ideas how to achieve that?
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>	You could set up something like rsync or ssync (rsync over ssh), 
>>>pull the configuration files out of a database on all machines, or 
>>>any number of other alternatives.
>>>
>>>
>>>
>>>   
>>>
>>>      
>>>
>> 
>>
>>    
>>
>
>
>
>  
>


-- 
Genco YILMAZ





More information about the bind-users mailing list