[CentOS] DNS Server Recommendations

[Robert Spangler]

On Friday 14 August 2009 21:29, Hugh E Cruickshank wrote:

>  From: Robert Spangler Sent: August 14, 2009 16:18
>
>  > On Friday 14 August 2009 17:17, Hugh E Cruickshank wrote:
>  > >  Here are my questions...
>  > >
>  > >  1. Is the BIND master/slave the appropriate approach?
>  >
>  > Yes, you should already have something like this in case the
>  > main/master server would fail.
>
>  I did have two independent DNS servers. One on our primary development
>  server and one on our old production server. We have replaced the old
>  production server but have not pulled it from service yet. I am now
>  in the process of ensuring that all functionality of the old server has
>  been migrated to either the new production servers or some place else.
>  My current efforts on revising our internal DNS service is part of
>  this review process.

I would suggest placing one on each site.  That way you can cut the traffic 
between sites for DNS lookups.  I would also ensure that only one does the 
updates per domain.

>  > >  2. Can I have each subnet be a master for itself and a slave for
>  > >     the other subnet?
>  >
>  > DNS is about domains not subnets.  If each subnet was going to
>  > have it's own domain then the answer could be 'yes'.
>
>  My bad! In my own mind I have been treating the two locations as
>  domains while they are in fact only subnets. It should not take too
>  much effort to translate my thinking to fact.

The reason I asked is you should not have a shared domain that can be updated 
by more then one master.  You risk losing data or valid data being over 
written.

>  > >  3. Any pointers to applicable docs/examples?
>  >
>  > The ones that ship with the Bind package are good from what I
>  > understand. I have not looked at them so I cannot say one way or
>  > the other. If you are looking for a good book on the subject I would
>  > highly recommend O'Reilly's DNS and BIND 5th edition.
>
>  As soon as I saw your book recommendation there was the sound of a
>  loud "AARRRGGGGHHHH!!!!!" followed closely by the some mutterings
>  that sounded much like "I have that book! Why did I not think of it
>  in the first place! Now where frack did I put it?". Of course knowing
>  me by the time I find it I will have forgotten why I was looking for
>  it (and will be an old edition to boot).

Been there and done that.  I now have a book shelf where I keep all my books 
and manuals.

>  > >  4. Can you recommend a "front end" for BIND (we have webmin
>  > >     installed but I have yet to start working with it)?
>  >
>  > How large is this domain and how many domains are there going to be?
>  > Is the DNS server going to be updated automatically or by hand?
>
>  It is not large probably less than 50 devices in total. The only
>  automatic updating that I can foresee would be from the DHCP server.
>  the only reason I asked about this was that I was thinking that it
>  might be easier to administer and ensure valid BIND config files.

If you are worried about valid config then you should be using the tools that 
come with Bind instead of relying on some third party software.

named-checkconf for checking the configuration of Bind
named-checkzone for checking the zone file.

There are man pages for both that explain how to use them.

>  Thanks for your input.

You are welcome.


-- 

Regards
Robert

Linux User #296285
http://counter.li.org