Oddball question, has anyone tried handling a frequently changing DNS zone with puppet? It does not seem like the right tool for this job. The zone chagnes to often to feel right with puppet handling it. Suggestions for a better tool, or approach welcome. Evan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Evan Hisey wrote:> Oddball question, has anyone tried handling a frequently changing DNS > zone with puppet? It does not seem like the right tool for this job. > The zone chagnes to often to feel right with puppet handling it. > Suggestions for a better tool, or approach welcome.Your favorite interpeted language, and cron. (+ SQL if you are the one changing the RRs) -scott --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Fri, Jul 11, 2008 at 2:40 PM, Scott Smith <scott@kontera.com> wrote:> > Evan Hisey wrote: >> Oddball question, has anyone tried handling a frequently changing DNS >> zone with puppet? It does not seem like the right tool for this job. >> The zone chagnes to often to feel right with puppet handling it. >> Suggestions for a better tool, or approach welcome. > > Your favorite interpeted language, and cron. (+ SQL if you are the one > changing the RRs) >Had not even considered SQL. Can you run Bind against an SQL backend? Just point me at some docs, it might justbe the perfect answer. Evan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Evan Hisey wrote:> Had not even considered SQL. Can you run Bind against an SQL backend? > Just point me at some docs, it might justbe the perfect answer.I think there are tools to do it, but it would be fairly trivial to DIY if you are so inclined. Design your schema, write some tools to help you manage the data, etc. Then all you have to do is run a script from cron that populates a zone file, does some sanity checks (e.g., I had mine send mail if the zone file shrank, which would be a good indication of problems) and reloads your name server. -scott --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Evan Hisey wrote:> On Fri, Jul 11, 2008 at 2:40 PM, Scott Smith <scott@kontera.com> wrote: >> Evan Hisey wrote: >>> Oddball question, has anyone tried handling a frequently changing DNS >>> zone with puppet? It does not seem like the right tool for this job. >>> The zone chagnes to often to feel right with puppet handling it. >>> Suggestions for a better tool, or approach welcome. >> Your favorite interpeted language, and cron. (+ SQL if you are the one >> changing the RRs) >> > Had not even considered SQL. Can you run Bind against an SQL backend? > Just point me at some docs, it might justbe the perfect answer.Evan Another approach is Bind + LDAP. http://bind9-ldap.bayour.com/ Regards James Turnbull - -- Author of: * Pulling Strings with Puppet (http://www.amazon.com/gp/product/1590599780/) * Pro Nagios 2.0 (http://www.amazon.com/gp/product/1590596099/) * Hardening Linux (http://www.amazon.com/gp/product/1590594444/) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIeAFB9hTGvAxC30ARAsxMAKCka1zCS3PlF3qeq310DJBujDNi6ACgsYXw aStLFPuS3WENoeLKu86P9YE=7Ule -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Fri, Jul 11, 2008 at 12:46 PM, Evan Hisey <ehisey@gmail.com> wrote:> > Had not even considered SQL. Can you run Bind against an SQL backend? > Just point me at some docs, it might justbe the perfect answer.PDNS is pretty decent at this job. http://www.powerdns.com/ -- Nathan Haneysmith | www.hjksolutions.com nathan@hjksolutions.com | 206.508.4759 x3202 HJK Solutions, LLC 2311 North 45th Suite 190 Seattle, WA 98103 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
i am using powerdns as well - it is great. if you want to have a webinterface to allow people easy editing of their zones, I would suggest poweradmin: http://www.poweradmin.org Phillip Nathan Haneysmith schrieb:> On Fri, Jul 11, 2008 at 12:46 PM, Evan Hisey <ehisey@gmail.com> wrote: >> Had not even considered SQL. Can you run Bind against an SQL backend? >> Just point me at some docs, it might justbe the perfect answer. > > PDNS is pretty decent at this job. > http://www.powerdns.com/ >--
On Fri, Jul 11, 2008 at 02:46:21PM -0500, Evan Hisey wrote:> Had not even considered SQL. Can you run Bind against an SQL backend? > Just point me at some docs, it might justbe the perfect answer. >http://bind-dlz.sourceforge.net/ Though if you would like better performance, I recommend PowerDNS. The new beta has better performance than BIND in our testing. Devdas Bhagat --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Evan Hisey wrote:> Oddball question, has anyone tried handling a frequently changing DNS > zone with puppet? It does not seem like the right tool for this job. > The zone chagnes to often to feel right with puppet handling it. > Suggestions for a better tool, or approach welcome. >I use the following class to manage bind configuration and zones. It uses rndc to reload zones individual zones when a new copy of the database is copied over. We keep the zone files under version control and delegate out editing using repository ACLs. It works quite well. class bind { define binddir { file { $name: ensure => directory, owner => "bind", group => "bind", mode => 0755 } } define zonefile { file { $name: path => "/etc/namedb/master/$name", owner => "bind", group => "bind", mode => 0644, notify => Exec["reload-zone-$name"], source => "puppet:///bind/$name" } exec { "reload-zone-$name": command => "/usr/sbin/rndc reload $name", refreshonly => true, logoutput => true } } define zonedir { file { $title: path => "/etc/namedb/master/$name", owner => "bind", group => "bind", mode => 644, recurse => true, purge => true, force => true, ignore => ".svn", notify => Exec["reload-zone-$title"], source => "puppet:///bind/$title" } exec { "reload-zone-$title": command => "/usr/sbin/rndc reload $title", refreshonly => true, logoutput => true } } binddir { [ "/etc/namedb", "/etc/namedb/master", "/etc/namedb/dynamic", "/etc/namedb/slave", "/var/named", "/var/log/named" ]: } file { "/etc/namedb/named.conf": owner => "bind", group => "bind", mode => 0644, notify => Service[named], source => "puppet:///bind/named-${hostname}.conf" } zonefile { "0.0.127.in-addr.arpa": } file { "/etc/rc.d/named": owner => "root", group => "wheel", mode => "0555", source => "puppet:///bind/tools/freebsd-init", before => Service[named] } service { named: ensure => running, hasstatus => true, provider => "init", path => "/etc/rc.d" } } node ns0 { include bind bind::zonefile { [ "foo.com", "123.123.in-addr.arpa" ] } # zone database is split into multiple files contained in directory bind::zonedir { "bar.com" } } -- Russell A. Jackson <raj@csub.edu> Network Analyst California State University, Bakersfield Davis'' Law of Traffic Density: The density of rush-hour traffic is directly proportional to 1.5 times the amount of extra time you allow to arrive on time.
On Wed, Jul 16, 2008 at 12:58 PM, Russell Jackson <raj@csub.edu> wrote:> Evan Hisey wrote: >> Oddball question, has anyone tried handling a frequently changing DNS >> zone with puppet? It does not seem like the right tool for this job. >> The zone chagnes to often to feel right with puppet handling it. >> Suggestions for a better tool, or approach welcome. >> > > I use the following class to manage bind configuration and zones. It uses rndc to reload > zones individual zones when a new copy of the database is copied over. We keep the zone > files under version control and delegate out editing using repository ACLs. It works quite > well. > > class bind { > define binddir { > file { $name: > ensure => directory, > owner => "bind", > group => "bind", > mode => 0755 > } > } > > define zonefile { > file { $name: > path => "/etc/namedb/master/$name", > owner => "bind", > group => "bind", > mode => 0644, > notify => Exec["reload-zone-$name"], > source => "puppet:///bind/$name" > } > > exec { "reload-zone-$name": > command => "/usr/sbin/rndc reload $name", > refreshonly => true, > logoutput => true > } > } > > define zonedir { > file { $title: > path => "/etc/namedb/master/$name", > owner => "bind", > group => "bind", > mode => 644, > recurse => true, > purge => true, > force => true, > ignore => ".svn", > notify => Exec["reload-zone-$title"], > source => "puppet:///bind/$title" > } > > exec { "reload-zone-$title": > command => "/usr/sbin/rndc reload $title", > refreshonly => true, > logoutput => true > } > } > > binddir { > [ "/etc/namedb", > "/etc/namedb/master", > "/etc/namedb/dynamic", > "/etc/namedb/slave", > "/var/named", > "/var/log/named" ]: > } > > file { "/etc/namedb/named.conf": > owner => "bind", > group => "bind", > mode => 0644, > notify => Service[named], > source => "puppet:///bind/named-${hostname}.conf" > } > > zonefile { "0.0.127.in-addr.arpa": } > > file { "/etc/rc.d/named": > owner => "root", > group => "wheel", > mode => "0555", > source => "puppet:///bind/tools/freebsd-init", > before => Service[named] > } > > service { named: > ensure => running, > hasstatus => true, > provider => "init", > path => "/etc/rc.d" > } > } > > node ns0 { > include bind > > bind::zonefile { > [ > "foo.com", > "123.123.in-addr.arpa" > ] > } > > # zone database is split into multiple files contained in directory > bind::zonedir { "bar.com" } > } >this very nice. Evan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On 15 jul, 15:54, Devdas Bhagat <dev...@dvb.homelinux.org> wrote:> On Fri, Jul 11, 2008 at 02:46:21PM -0500, Evan Hisey wrote: > > Had not even considered SQL. Can you run Bind against an SQL backend? > > Just point me at some docs, it might justbe the perfect answer. > > http://bind-dlz.sourceforge.net/ > > Though if you would like better performance, I recommend PowerDNS. > The new beta has better performance than BIND in our testing. >Sorry for the late reply... do you know if bind-dlz supports storing zones in whatever backend while using dynamic updates from a DHCP server? I have this kind of setup, and I wanted to manage the static entries of the DNS zones with puppet while leaving handling of dynamic entries to DHCP/Bind Best regards Jose --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On 25 jul, 18:40, scott <sc...@lackluster.net> wrote:> José González Gómez wrote: > > Sorry for the late reply... do you know if bind-dlz supports storing > > zones in whatever backend while using dynamic updates from a DHCP > > server? I have this kind of setup, and I wanted to manage the static > > entries of the DNS zones with puppet while leaving handling of dynamic > > entries to DHCP/Bind > > Can you put DHCP clients on a seperate VLAN? >Well, I want this kind of setup for an office LAN: DHCP clients (dynamic IPs) use to be workstations that need to talk to servers (static IPs) in the same LAN, so I guess that introducing different VLANs for servers and workstations would make the solution more complex than the problem I''m trying to solve, but maybe I''m wrong... Best regards Jose --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
José González Gómez wrote:> Well, I want this kind of setup for an office LAN: DHCP clients > (dynamic IPs) use to be workstations that need to talk to servers > (static IPs) in the same LAN, so I guess that introducing different > VLANs for servers and workstations would make the solution more > complex than the problem I''m trying to solve, but maybe I''m wrong...You route traffic to and from the Internet, right? It''s the same thing, only local. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On 29 jul, 21:13, scott <sc...@lackluster.net> wrote:> José González Gómez wrote: > > Well, I want this kind of setup for an office LAN: DHCP clients > > (dynamic IPs) use to be workstations that need to talk to servers > > (static IPs) in the same LAN, so I guess that introducing different > > VLANs for servers and workstations would make the solution more > > complex than the problem I''m trying to solve, but maybe I''m wrong... > > You route traffic to and from the Internet, right? It''s the same thing, > only local.Thanks for the suggestions, I''ll take a look at both possibilities Best regards Jose --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---