Re: [gentoo-user] DNS server packages

["J. Roeleveld" <joost@antarean.org>]

On Sunday, October 11, 2015 02:48:23 PM Alan McKinnon wrote:
> On 11/10/2015 11:33, J. Roeleveld wrote:
> > On Sunday, October 11, 2015 10:43:01 AM Alan McKinnon wrote:
> >> On 11/10/2015 10:18, J. Roeleveld wrote:
> >>> On Sunday, October 11, 2015 09:35:39 AM Alan McKinnon wrote:
> >>>> On 11/10/2015 04:13, James wrote:
> >>>>> Howdy,
> >>>>> 
> >>>>> So I now have (5) statics and a fiber feed, with lots of room to grow.
> >>>>> 
> >>>>> I need to setup DNS primary/secondary systems on gentoo. So right now
> >>>>> I'm
> >>>>> looking for a suggested list of packages to install with Bind,
> >>>>> iptables
> >>>>> and
> >>>>> DNSSEC-tools as these (2) gentoo dns servers will only run the minimum
> >>>>> packages to operate securely?
> >>>> 
> >>>> auth or cache?
> >>>> 
> >>>> First of all, bind is a pain to use. Reason: it's actually a reference
> >>>> implementation that as usual got forced into production use. It's
> >>>> slower
> >>>> than it could be because it deals with every possible corner case per
> >>>> RFC.
> >>>> 
> >>>> As an auth server (few queries) it's OK
> >>>> As a cache (many queries), there are better servers out there. I prefer
> >>>> unbound.
> >>> 
> >>> As it is related to this thread, which server would people recommend
> >>> when
> >>> the DNS records are to be found in a database?
> >>> Reason I am asking:
> >>> I want to set up a lab environment with VMs coming and going.
> >>> These all need to have hostname/mac/ip stored and configured correctly.
> >> 
> >> I don't understand.
> > 
> > <snipped part about ARP tables>
> > 
> >> Perhaps detail more what you are trying to accomplish?
> > 
> > What I do currently:
> > 
> > Edit Bind zone-files and enter IP / Hostname combinations
> > Edit DHCP config file and enter MAC / IP / Hostname combinations
> > (And hope these actually match and not contain typos)
> > 
> > What I want to do:
> > 
> > In a database I have a table with the following fields:
> > MAC, IP, Hostname, domain
> > xx:xx:xx:xx:xx , 1.2.3.4 , vmobi1114node1 , vm1.lab.example.com
> > 
> > I want the DNS server to use the IP, Hostname and domain fields for the
> > resolving.
> > I want the DHCP server to use all the fields for the DHCP assignments.
> 
> OK, that makes sense. You'd think all decent DNS and DHCP servers out
> there would support any old arb db backend (very useful, no?) but it
> seems not. I've gotten used to independently vi'ing two files and
> HUP/reload two daemons over the years :-)

Same here. Works for the most part, but I'm not the only one using the system.
Which means I prefer to have it easier to use and not end up having to do all 
the work myself.

> Bind can use a mysql backend, so can most auth servers.

Need to check how difficult/easy it is to make it listen to PostgreSQL.
I'm not overly attached to Bind. Having a DNS server that's easier to configure 
and maintain would be appreciated.

> The only dhcp
> server easily available on gentoo seems to be dhcp from ISC which does
> not support mysql. But both support ldap, maybe you can use that?
> There's lots of ldap frontends so getting your info into it should be
> easy enough.

That's one option, but that would mean maintaining 2 databases.
One with the config for the VMs and OpenLDAP.


> You could also look into kea (https://www.isc.org/kea/), a better dhcp
> server from ISC. The blurb says it supports SQL backends.

I'll have a look at that one.

--
Joost