Hi All: I am looking for some possible recommendations on the handling of our internal DNS services. First some background... Until recently our entire network was located within a single facility with internal DNS services provided by our CentOS 4.7 (using BIND). While I had problems with DHCP/DNS communications it was basically working. At the beginning of the month we moved the production servers (a couple of RHEL5.3 boxes with a Windows 2008 server) to a new facility connected to the old facility via a VPN. We are still running with our DevSys as the DNS server but I would like to make the two locations at least partially independent. I have been doing some research (probably enough to be really dangerous to myself<g>) and it looks like I need to setup a master/slave setup. Here are my questions... 1. Is the BIND master/slave the appropriate approach? 2. Can I have each subnet be a master for itself and a slave for the other subnet? 3. Any pointers to applicable docs/examples? 4. Can you recommend a "front end" for BIND (we have webmin installed but I have yet to start working with it)? Any and all thoughts, suggestions, criticisms gladly accepted. TIA Regards, Hugh -- Hugh E Cruickshank, Forward Software, forward-software.com
On Friday 14 August 2009 17:17, Hugh E Cruickshank wrote:> Here are my questions... > > 1. Is the BIND master/slave the appropriate approach?Yes, you should already have something like this in case the main/master server would fail.> 2. Can I have each subnet be a master for itself and a slave for the > other subnet?DNS is about domains not subnets. If each subnet was going to have it's own domain then the answer could be 'yes'.> 3. Any pointers to applicable docs/examples?The ones that ship with the Bind package are good from what I understand. I have not looked at them so I cannot say one way or the other. If you are looking for a good book on the subject I would highly recommend O'Reilly's DNS and BIND 5th edition.> 4. Can you recommend a "front end" for BIND (we have webmin installed > but I have yet to start working with it)?How large is this domain and how many domains are there going to be? Is the DNS server going to be updated automatically or by hand? -- Regards Robert Linux User #296285 counter.li.org
I recommend a highly secured master that is not queried by any clients (preferably in a network/vlan your clients can't even access)... then configure one-way zone transfers to 2 or more slave servers which you configure your clients to point to. Maintain your zone files in rcs of some sort... For IP control/delegation and DNS control/delegation I recommend IP Plan. Of course bind is the 800lb gorilla in the DNS world... don't even think about putting DNS on windows. I don't recommend any front ends being that a few hours well spent reading the docs and man pages will make you a dns expert in no time. Bind is very easy to learn and shouldn't take longer than an afternoon at best. On Fri, Aug 14, 2009 at 4:17 PM, Hugh E Cruickshank <hugh at forsoft.com>wrote:> Hi All: > > I am looking for some possible recommendations on the handling of our > internal DNS services. First some background... > > Until recently our entire network was located within a single facility > with internal DNS services provided by our CentOS 4.7 (using BIND). > While I had problems with DHCP/DNS communications it was basically > working. > > At the beginning of the month we moved the production servers (a couple > of RHEL5.3 boxes with a Windows 2008 server) to a new facility connected to > the old facility via a VPN. We are still running with our DevSys as > the DNS server but I would like to make the two locations at least > partially independent. I have been doing some research (probably > enough to be really dangerous to myself<g>) and it looks like I need > to setup a master/slave setup. > > Here are my questions... > > 1. Is the BIND master/slave the appropriate approach? > > 2. Can I have each subnet be a master for itself and a slave for the > other subnet? > > 3. Any pointers to applicable docs/examples? > > 4. Can you recommend a "front end" for BIND (we have webmin installed > but I have yet to start working with it)? > > Any and all thoughts, suggestions, criticisms gladly accepted. > > TIA > > Regards, Hugh > > -- > Hugh E Cruickshank, Forward Software, forward-software.com > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > lists.centos.org/mailman/listinfo/centos >-------------- next part -------------- An HTML attachment was scrubbed... URL: <lists.centos.org/pipermail/centos/attachments/20090816/d582201e/attachment-0003.html>
Chuck wrote:> > I recommend a highly secured master that is not queried by any clients > (preferably in a network/vlan your clients can't even access)... then > configure one-way zone transfers to 2 or more slave servers which you > configure your clients to point to. Maintain your zone files in rcs of > some sort... For IP control/delegation and DNS control/delegation I > recommend IP Plan.Heh, the shadow master setup.> > Of course bind is the 800lb gorilla in the DNS world... don't even > think about putting DNS on windows.ROTFL. Yes, the 800 pound TURTLE. Old and slow.> > I don't recommend any front ends being that a few hours well spent > reading the docs and man pages will make you a dns expert in no time. > Bind is very easy to learn and shouldn't take longer than an afternoon > at best.Too bad no one has made rpms for djbdns, daemontools and tools to manage tinydns data with a sql backend and a nice web frontend.> > > On Fri, Aug 14, 2009 at 4:17 PM, Hugh E Cruickshank <hugh at forsoft.com > <mailto:hugh at forsoft.com>> wrote: > > Hi All: > > I am looking for some possible recommendations on the handling of our > internal DNS services. First some background... > > Until recently our entire network was located within a single facility > with internal DNS services provided by our CentOS 4.7 (using BIND). > While I had problems with DHCP/DNS communications it was basically > working. > > At the beginning of the month we moved the production servers (a > couple > of RHEL5.3 boxes with a Windows 2008 server) to a new facility > connected to > the old facility via a VPN. We are still running with our DevSys as > the DNS server but I would like to make the two locations at least > partially independent. I have been doing some research (probably > enough to be really dangerous to myself<g>) and it looks like I need > to setup a master/slave setup. > > Here are my questions... > > 1. Is the BIND master/slave the appropriate approach? > > 2. Can I have each subnet be a master for itself and a slave for the > other subnet? > > 3. Any pointers to applicable docs/examples? > > 4. Can you recommend a "front end" for BIND (we have webmin installed > but I have yet to start working with it)? > > Any and all thoughts, suggestions, criticisms gladly accepted. > > TIA > > Regards, Hugh > > -- > Hugh E Cruickshank, Forward Software, forward-software.com > <forward-software.com> > > _______________________________________________ > CentOS mailing list > CentOS at centos.org <mailto:CentOS at centos.org> > lists.centos.org/mailman/listinfo/centos > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > lists.centos.org/mailman/listinfo/centos >
From: Chuck Sent: August 16, 2009 18:17> > I recommend a highly secured master that is not queried by any > clients (preferably in a network/vlan your clients can't even > access)... then configure one-way zone transfers to 2 or more slave > servers which you configure your clients to point to. Maintain your > zone files in rcs of some sort...While I can agree with you suggestion in principal I think that this might be overkill in our situation. We have a relatively small network (6-8 servers, 15-20 workstations and maybe a dozen other types of equipment). I our case I think we can get away with a master and a slave DNS server running on existing servers.> For IP control/delegation and DNS control/delegation I recommend IP > Plan.I had stumbled across this before but I will have a better look at it.> Of course bind is the 800lb gorilla in the DNS world... don't even > think about putting DNS on windows.We are primarily a UNIX/Linux shop and I prefer not to use windows for such services unless I absolutely must. There are services that we require that only run on windows so we do have windows servers in our mix.> I don't recommend any front ends being that a few hours well spent > reading the docs and man pages will make you a dns expert in no > time. Bind is very easy to learn and shouldn't take longer than an > afternoon at best.I think I am going to have to disagree with you here. I have been using BIND for several years. While I have spent many hours reading docs and man pages I definitely would not classify myself as a DNS expert. I know that I am of above average intelligence and maybe I just have a "blind spot" when it comes to BIND (and it has been known to happen) but I just do not find it as straight forward to learn as you have. Then again I am getting "on in years" so that may be a contributing factor as well. Anyway, thank you very much for your comments and suggestions. They are appreciated. Regards, Hugh -- Hugh E Cruickshank, Forward Software, forward-software.com
From: Hugh E Cruickshank Sent: August 14, 2009 14:18> > I am looking for some possible recommendations on the handling of our > internal DNS services. First some background...I would like to express my appreciation to all those that responded to my request (particularly Robert). I do not have solution yet but I do have a lot of information to review and digest. Thanks again to all. Regards, Hugh -- Hugh E Cruickshank, Forward Software, forward-software.com