In a bit of bind...

Colin Alston karnaugh at karnaugh.za.net
Mon Jun 1 06:31:44 CDT 2009


On Mon, Jun 1, 2009 at 12:59 PM, Ben Matthew <Ben.Matthew at timlradio.co.uk>wrote:

> Anyway my company currently uses BIND for our DNS requirements (9.6.0).
>  I'm always pretty keen on updating, when advised to, in order to patch
> vulnerabilities and so forth as we have a fairly popular website and I'm
> sure there's lots of nasty little tykes out there ready to try and take us
> down.  I have six servers in total, two multi-homed servers for ordinary DNS
> and four servers running an Anycast network (2 x master and slave).
>
> Anyway I've recently been investigating other options for DNS as, like many
> companies currently, we've laid off a bunch of staff and the overhead for
> maintaining BIND is quite high if done, like us, unassisted and you are
> editing zone files in a text editor.
>
>

You don't necessarily need to move away from Bind but what you do need is a
better backend. Certainly you should avoid Webmin and trying to automate
changes to BIND zone files as this gets really messy and unmaintainable very
quickly.

You can use Bind9 DLZ and MySQL or LDAP. I didn't find this all that easy to
package or manage though. Personally, for scalable authoritative DNS I think
PowerDNS is far better especially with an LDAP backend as LDAP is trivial to
replicate over large numbers of slaves. An interface to LDAP for DNS was
also a trivial project for us.

If you don't need so much scalability there are existing web interfaces for
PowerDNS using the MySQL backend.
https://webdns.bountysource.com/
https://www.poweradmin.org/trac/



More information about the NANOG mailing list