How do hosting companies do realtime changes?

Paige Stafford staffordp1 at ornl.gov
Fri Oct 31 13:18:23 UTC 2003 



We are using a kind of 'central server' to manage DES3 (i.e.
openssl/des.h: des_ecb3_encrypt()) type authentication between nodes to
update two master name servers (BIND 8 moving to BIND 9).  This central
server receives socket calls from the client for a update request.  The
server authenticates, and error checks the request.

Because there are two master servers, and because we have an incredible
number of nodes who want to maintain a standard IP name within our company
(using other ISPs), and because we want to ensure the maximum amount of
security without a tremendous amount of maintenance, would TSIG-signed
dynamic updates be a better solution?

Paige Stafford
Networking and Computing Tech., ORNL



On Tue, 28 Oct 2003, Kevin Darcy wrote:

 > Dan Vande More wrote:
 >
 > >I've found myself in a situation where we'd like to offer the ability for
 > >clients to update/add dns via a website.
 > >I don't feel comfortable with a web server is running on my master server,
 > >so that's not an option, so I was wondering how other people/companies do
 > >it.
 > >I've tested DLZ, but it seems far to slow for a web hosting provider(Or a
 > >web hosting provider that prefers to be fast:)). I've also see that bind has
 > >some built in APIs for databases, but it doesn't look like something that is
 > >a 'professional' solution just yet.
 > >I'm experimenting with perl scripts writing the confs and zone files, but
 > >what is the best way to tell my master to regenerate the files, and reload
 > >the zone from a remote machine?
 > >
 > >And while perl is writing my named.conf or even a dns file, even if
 > >everything is loaded into memory, will it affect the running named process?
 > >(I.E. It takes a good 2 minutes to generate everything on a full rewrite.
 > >Though if I did go this route, timestamps would affect which zone would be
 > >regenerated.)
 > >
 > >Sure there are tons of ways to do that, but which way to people feel most
 > >comfortable with?
 > >
 > >Is nsupdate an option?
 > >
 > >How would I do reloads? When someone changes a record, or every 2-5 minutes,
 > >etc.
 > >
 > >I've formed several of my own conclusions, but I'm still in the alpha stage,
 > >so any varying methods would be tremendously helpful.
 > >I don't think a canned solution would help at this point, due to the
 > >customizations I'd prefer, and from my searches of archives, most of the
 > >linked ones will not work.
 > >
 > >
 > I don't know how large hosting companies do it, but I've developed a
 > homegrown system here (it's DaimlerChrysler Intellectual Property,
 > unfortunately) that is based entirely on TSIG-signed Dynamic Update.
 >
 >
 >                            - Kevin
 >
 >
 >
 >
 >

More information about the bind-users mailing list