DDNS Best practices in a complex environment?
Chris Thompson
cet1 at cam.ac.uk
Thu Sep 25 19:48:39 UTC 2008
On Sep 25 2008, Jeffrey Collyer wrote:
>Is there a best practices guide anywhere for Dynamic DNS? Basically I'm
>looking for information about how folks have rolled out Dynamic DNS in a
>large ISP like environment (University).
By "Dynamic DNS", many people assume one means "updates by DHCP servers",
but technically all it means is updating DNS zones incrementally rather
than by complete replacement. You might want to clarify your requirements.
A few years ago, we started doing all (well, nearly all) our DNS changes
using DNS update operations. When we announced this to our users, a lot
of them thought we were going to have some sort of University-wide DHCP
service. Urr, no, we didn't mean that ... :-(
>Are there tools to take the place of the "edit config"->"rndc reload"
>cycle for non dynamic changes or is everything pushed through scripts to
>be dynamic?
Do whatever you can via DNS updates, e.g. the nsupdate(1) utility, or
something scripted using the Net::DNS Perl modules, or whatever.
If you absolutely need to get in at the mangle-master-files level, then
you can use "rndc freeze [zone]", edit the master file (not forgetting
to update the SOA serial), "rndc thaw [zone]". But this will lock out
DNS updates during the interval.
>Or have folks moved to a database backend on a hidden master? If so
>what database? LDAP?
>
>Is the LDAP sdb stuff even viable anymore, as the bind9-ldap.bayour.com
>site doesn't resolve any more. (probably not relevant to this list, but
>maybe someone would know).
>
>And does any of the database backend stuff integrate with DNSSec?
Can't comment on any of that. Our back-end database feeds into processes
that do DNS updates as above: it isn't used to drive BIND directly.
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list