DDNS Best practices in a complex environment?

Kevin Darcy kcd at chrysler.com
Thu Sep 25 22:33:54 UTC 2008 

Most of the "industrial-strength" DNS solutions use a database backend, 
but I think that's mainly because they integrate DNS with DHCP and add a 
bunch of other information (e.g. contact information, asset information) 
to the "objects" that they track. Once you get beyond a certain level of 
data complexity, a real database backend becomes kinda mandatory.

If you're just focused on DNS _per_se_, or perhaps just 
DNS-integrated-with-DHCP-but-not-much-else, then I think Dynamic Update 
is sufficient, without having to go to a database backend. We have a 
custom DNS maintenance system, mostly script-based, with a web frontend 
and a Dynamic Update backend, that we've been using for years, and folks 
seem to like it. With some finagling, it even integrates fairly well 
with our DHCP platform (Lucent's QIP). (Yes, I know QIP has its own DNS 
subsystem, based on BIND, available as part of their product, but so far 
we prefer the rich access controls and the highly-customized frontend of 
our own legacy system).

I should say, we cheat a little bit, by running an LDAP database in 
parallel with the DNS database, but that's mostly just to track the 
A-to-CNAME "backreferences", and to efficiently perform "fuzzy"-type 
searches, neither of which DNS does natively. No actual address 
information is kept in the LDAP database; it's completely ancillary to 
the DNS database.

Unfortunately, due to Intellectual Property concerns, and the 
bureaucracy of large corporations, I can't easily release any of that 
code, although I could give a general overview off-list.

Beyond that, there are packages out here like Webmin, that a lot of 
folks seem to like. Can't comment on those personally, since I've never 
used them.

                                                                         
                     - Kevin

Jeffrey Collyer wrote:
> Is there a best practices guide anywhere for Dynamic DNS?  Basically I'm 
> looking for information about how folks have rolled out Dynamic DNS in a 
> large ISP like environment (University).
>
> Are there tools to take the place of the "edit config"->"rndc reload" 
> cycle for non dynamic changes or is everything pushed through scripts to 
> be dynamic?
>
> Or have folks moved to a database backend on a hidden master?  If so 
> what database?  LDAP?
>
> Is the LDAP sdb stuff even viable anymore, as the bind9-ldap.bayour.com 
> site doesn't resolve any more.  (probably not relevant to this list, but 
> maybe someone would know).
>
> And does any of the database backend stuff integrate with DNSSec?
>
> Or is there a DNS list for just ISPs/HigherED that google has yet to 
> show me?
>
>

More information about the bind-users mailing list