DDNS Best practices in a complex environment?
Kevin Darcy
kcd at chrysler.com
Thu Sep 25 22:33:54 UTC 2008
Most of the "industrial-strength" DNS solutions use a database backend,
but I think that's mainly because they integrate DNS with DHCP and add a
bunch of other information (e.g. contact information, asset information)
to the "objects" that they track. Once you get beyond a certain level of
data complexity, a real database backend becomes kinda mandatory.
If you're just focused on DNS _per_se_, or perhaps just
DNS-integrated-with-DHCP-but-not-much-else, then I think Dynamic Update
is sufficient, without having to go to a database backend. We have a
custom DNS maintenance system, mostly script-based, with a web frontend
and a Dynamic Update backend, that we've been using for years, and folks
seem to like it. With some finagling, it even integrates fairly well
with our DHCP platform (Lucent's QIP). (Yes, I know QIP has its own DNS
subsystem, based on BIND, available as part of their product, but so far
we prefer the rich access controls and the highly-customized frontend of
our own legacy system).
I should say, we cheat a little bit, by running an LDAP database in
parallel with the DNS database, but that's mostly just to track the
A-to-CNAME "backreferences", and to efficiently perform "fuzzy"-type
searches, neither of which DNS does natively. No actual address
information is kept in the LDAP database; it's completely ancillary to
the DNS database.
Unfortunately, due to Intellectual Property concerns, and the
bureaucracy of large corporations, I can't easily release any of that
code, although I could give a general overview off-list.
Beyond that, there are packages out here like Webmin, that a lot of
folks seem to like. Can't comment on those personally, since I've never
used them.
- Kevin
Jeffrey Collyer wrote:
> Is there a best practices guide anywhere for Dynamic DNS? Basically I'm
> looking for information about how folks have rolled out Dynamic DNS in a
> large ISP like environment (University).
>
> Are there tools to take the place of the "edit config"->"rndc reload"
> cycle for non dynamic changes or is everything pushed through scripts to
> be dynamic?
>
> Or have folks moved to a database backend on a hidden master? If so
> what database? LDAP?
>
> Is the LDAP sdb stuff even viable anymore, as the bind9-ldap.bayour.com
> site doesn't resolve any more. (probably not relevant to this list, but
> maybe someone would know).
>
> And does any of the database backend stuff integrate with DNSSec?
>
> Or is there a DNS list for just ISPs/HigherED that google has yet to
> show me?
>
>
More information about the bind-users
mailing list