Re: [gentoo-user] DNS server packages

[Marc Stürmer]

Zitat von "J. Roeleveld" :


As it is related to this thread, which server would people recommend when the
DNS records are to be found in a database?


I'd recommend PowerDNS, which has also an ebuild in the official  
portage tree since ages.


It has several, mature web frontends and deploying DNSSEC with it is  
really, really easy, literally just two commands and then you go:


$ pdnssec secure-zone powerdnssec.org
$ pdnssec rectify-zone powerdnssec.org

After that you just need to publish your DS records to your registrar - done.

Compare that to BIND - much, much easier.

Re: [gentoo-user] DNS server packages

[Alan McKinnon]

On 11/10/2015 10:18, J. Roeleveld wrote:
> On Sunday, October 11, 2015 09:35:39 AM Alan McKinnon wrote:
>> On 11/10/2015 04:13, James wrote:
>>> Howdy,
>>>
>>> So I now have (5) statics and a fiber feed, with lots of room to grow.
>>>
>>> I need to setup DNS primary/secondary systems on gentoo. So right now I'm
>>> looking for a suggested list of packages to install with Bind, iptables
>>> and
>>> DNSSEC-tools as these (2) gentoo dns servers will only run the minimum
>>> packages to operate securely?
>>
>> auth or cache?
>>
>> First of all, bind is a pain to use. Reason: it's actually a reference
>> implementation that as usual got forced into production use. It's slower
>> than it could be because it deals with every possible corner case per RFC.
>>
>> As an auth server (few queries) it's OK
>> As a cache (many queries), there are better servers out there. I prefer
>> unbound.
> 
> As it is related to this thread, which server would people recommend when the 
> DNS records are to be found in a database?
> Reason I am asking:
> I want to set up a lab environment with VMs coming and going.
> These all need to have hostname/mac/ip stored and configured correctly.

I don't understand.

mac & IP go together in dhcp and arp
hostname & IP go together in DNS & /etc/hosts

hostname & mac & ip go together nowhere


> Till now, I basically preconfigured Bind and DHCPd for a bunch of them.
> I would prefer to be able to specify a hostname for this, but writing 
> something that keeps changing the configuration and keeping it in-sync with a 
> database is a bit overkill.

arp updates when the host comes on-line
dhcp & dns are separate from individual VMs, populating those services
is part of provisioning them.

Perhaps detail more what you are trying to accomplish?


-- 
Alan McKinnon
alan.mckin...@gmail.com

Re: [gentoo-user] DNS server packages

[Bill Kenworthy]

On 11/10/15 16:43, Alan McKinnon wrote:
> On 11/10/2015 10:18, J. Roeleveld wrote:
>> On Sunday, October 11, 2015 09:35:39 AM Alan McKinnon wrote:
>>> On 11/10/2015 04:13, James wrote:
 Howdy,

 So I now have (5) statics and a fiber feed, with lots of room to grow.

 I need to setup DNS primary/secondary systems on gentoo. So right now I'm
 looking for a suggested list of packages to install with Bind, iptables
 and
 DNSSEC-tools as these (2) gentoo dns servers will only run the minimum
 packages to operate securely?
>>>
>>> auth or cache?
>>>
>>> First of all, bind is a pain to use. Reason: it's actually a reference
>>> implementation that as usual got forced into production use. It's slower
>>> than it could be because it deals with every possible corner case per RFC.
>>>
>>> As an auth server (few queries) it's OK
>>> As a cache (many queries), there are better servers out there. I prefer
>>> unbound.
>>
>> As it is related to this thread, which server would people recommend when 
>> the 
>> DNS records are to be found in a database?
>> Reason I am asking:
>> I want to set up a lab environment with VMs coming and going.
>> These all need to have hostname/mac/ip stored and configured correctly.
> 
> I don't understand.
> 
> mac & IP go together in dhcp and arp
> hostname & IP go together in DNS & /etc/hosts
> 
> hostname & mac & ip go together nowhere
> 
> 
>> Till now, I basically preconfigured Bind and DHCPd for a bunch of them.
>> I would prefer to be able to specify a hostname for this, but writing 
>> something that keeps changing the configuration and keeping it in-sync with 
>> a 
>> database is a bit overkill.
> 
> arp updates when the host comes on-line
> dhcp & dns are separate from individual VMs, populating those services
> is part of provisioning them.
> 
> Perhaps detail more what you are trying to accomplish?
> 
> 

ISC dhcpd can update bind when a host requests an IP.

One of many examples
"http://askubuntu.com/questions/162265/how-to-setup-dhcp-server-and-dynamic-dns-with-bind;

BillK

Re: [gentoo-user] DNS server packages

[J. Roeleveld]

On Sunday, October 11, 2015 09:35:39 AM Alan McKinnon wrote:
> On 11/10/2015 04:13, James wrote:
> > Howdy,
> > 
> > So I now have (5) statics and a fiber feed, with lots of room to grow.
> > 
> > I need to setup DNS primary/secondary systems on gentoo. So right now I'm
> > looking for a suggested list of packages to install with Bind, iptables
> > and
> > DNSSEC-tools as these (2) gentoo dns servers will only run the minimum
> > packages to operate securely?
> 
> auth or cache?
> 
> First of all, bind is a pain to use. Reason: it's actually a reference
> implementation that as usual got forced into production use. It's slower
> than it could be because it deals with every possible corner case per RFC.
> 
> As an auth server (few queries) it's OK
> As a cache (many queries), there are better servers out there. I prefer
> unbound.

As it is related to this thread, which server would people recommend when the 
DNS records are to be found in a database?
Reason I am asking:
I want to set up a lab environment with VMs coming and going.
These all need to have hostname/mac/ip stored and configured correctly.

Till now, I basically preconfigured Bind and DHCPd for a bunch of them.
I would prefer to be able to specify a hostname for this, but writing 
something that keeps changing the configuration and keeping it in-sync with a 
database is a bit overkill.

Thanks,

Joost

Re: [gentoo-user] DNS server packages

[Alan McKinnon]

On 11/10/2015 04:13, James wrote:
> Howdy,
> 
> So I now have (5) statics and a fiber feed, with lots of room to grow.
> 
> I need to setup DNS primary/secondary systems on gentoo. So right now I'm
> looking for a suggested list of packages to install with Bind, iptables and
> DNSSEC-tools as these (2) gentoo dns servers will only run the minimum
> packages to operate securely?

auth or cache?

First of all, bind is a pain to use. Reason: it's actually a reference
implementation that as usual got forced into production use. It's slower
than it could be because it deals with every possible corner case per RFC.

As an auth server (few queries) it's OK
As a cache (many queries), there are better servers out there. I prefer
unbound.


> Also, what is the (nominal) minimum amount of RAM needed to keep all routes
> in ram in these  name servers?

I don't understand. DNS servers don't keep routes in memory - routers do
that. Perhaps you mean cached DNS records?

DNS is light on RAM, there are only so many records typical users will
look up. DNS caches not too long ago ran for years problem free with a
puny few hundred MB. It's not something to be worried about.


-- 
Alan McKinnon
alan.mckin...@gmail.com

Re: [gentoo-user] DNS server packages

[J. Roeleveld]

On Sunday, October 11, 2015 10:43:01 AM Alan McKinnon wrote:
> On 11/10/2015 10:18, J. Roeleveld wrote:
> > On Sunday, October 11, 2015 09:35:39 AM Alan McKinnon wrote:
> >> On 11/10/2015 04:13, James wrote:
> >>> Howdy,
> >>> 
> >>> So I now have (5) statics and a fiber feed, with lots of room to grow.
> >>> 
> >>> I need to setup DNS primary/secondary systems on gentoo. So right now
> >>> I'm
> >>> looking for a suggested list of packages to install with Bind, iptables
> >>> and
> >>> DNSSEC-tools as these (2) gentoo dns servers will only run the minimum
> >>> packages to operate securely?
> >> 
> >> auth or cache?
> >> 
> >> First of all, bind is a pain to use. Reason: it's actually a reference
> >> implementation that as usual got forced into production use. It's slower
> >> than it could be because it deals with every possible corner case per
> >> RFC.
> >> 
> >> As an auth server (few queries) it's OK
> >> As a cache (many queries), there are better servers out there. I prefer
> >> unbound.
> > 
> > As it is related to this thread, which server would people recommend when
> > the DNS records are to be found in a database?
> > Reason I am asking:
> > I want to set up a lab environment with VMs coming and going.
> > These all need to have hostname/mac/ip stored and configured correctly.
> 
> I don't understand.



> Perhaps detail more what you are trying to accomplish?

What I do currently:

Edit Bind zone-files and enter IP / Hostname combinations
Edit DHCP config file and enter MAC / IP / Hostname combinations
(And hope these actually match and not contain typos)

What I want to do:

In a database I have a table with the following fields:
MAC, IP, Hostname, domain
xx:xx:xx:xx:xx , 1.2.3.4 , vmobi1114node1 , vm1.lab.example.com

I want the DNS server to use the IP, Hostname and domain fields for the 
resolving.
I want the DHCP server to use all the fields for the DHCP assignments.

--
Joost

Re: [gentoo-user] DNS server packages

[Alan McKinnon]

On 11/10/2015 11:33, J. Roeleveld wrote:
> On Sunday, October 11, 2015 10:43:01 AM Alan McKinnon wrote:
>> On 11/10/2015 10:18, J. Roeleveld wrote:
>>> On Sunday, October 11, 2015 09:35:39 AM Alan McKinnon wrote:
 On 11/10/2015 04:13, James wrote:
> Howdy,
>
> So I now have (5) statics and a fiber feed, with lots of room to grow.
>
> I need to setup DNS primary/secondary systems on gentoo. So right now
> I'm
> looking for a suggested list of packages to install with Bind, iptables
> and
> DNSSEC-tools as these (2) gentoo dns servers will only run the minimum
> packages to operate securely?

 auth or cache?

 First of all, bind is a pain to use. Reason: it's actually a reference
 implementation that as usual got forced into production use. It's slower
 than it could be because it deals with every possible corner case per
 RFC.

 As an auth server (few queries) it's OK
 As a cache (many queries), there are better servers out there. I prefer
 unbound.
>>>
>>> As it is related to this thread, which server would people recommend when
>>> the DNS records are to be found in a database?
>>> Reason I am asking:
>>> I want to set up a lab environment with VMs coming and going.
>>> These all need to have hostname/mac/ip stored and configured correctly.
>>
>> I don't understand.
> 
> 
> 
>> Perhaps detail more what you are trying to accomplish?
> 
> What I do currently:
> 
> Edit Bind zone-files and enter IP / Hostname combinations
> Edit DHCP config file and enter MAC / IP / Hostname combinations
> (And hope these actually match and not contain typos)
> 
> What I want to do:
> 
> In a database I have a table with the following fields:
> MAC, IP, Hostname, domain
> xx:xx:xx:xx:xx , 1.2.3.4 , vmobi1114node1 , vm1.lab.example.com
> 
> I want the DNS server to use the IP, Hostname and domain fields for the 
> resolving.
> I want the DHCP server to use all the fields for the DHCP assignments.


OK, that makes sense. You'd think all decent DNS and DHCP servers out
there would support any old arb db backend (very useful, no?) but it
seems not. I've gotten used to independently vi'ing two files and
HUP/reload two daemons over the years :-)

Bind can use a mysql backend, so can most auth servers. The only dhcp
server easily available on gentoo seems to be dhcp from ISC which does
not support mysql. But both support ldap, maybe you can use that?
There's lots of ldap frontends so getting your info into it should be
easy enough.

You could also look into kea (https://www.isc.org/kea/), a better dhcp
server from ISC. The blurb says it supports SQL backends.

-- 
Alan McKinnon
alan.mckin...@gmail.com

Re: [gentoo-user] DNS server packages

[J. Roeleveld]

On Sunday, October 11, 2015 02:48:23 PM Alan McKinnon wrote:
> On 11/10/2015 11:33, J. Roeleveld wrote:
> > On Sunday, October 11, 2015 10:43:01 AM Alan McKinnon wrote:
> >> On 11/10/2015 10:18, J. Roeleveld wrote:
> >>> On Sunday, October 11, 2015 09:35:39 AM Alan McKinnon wrote:
>  On 11/10/2015 04:13, James wrote:
> > Howdy,
> > 
> > So I now have (5) statics and a fiber feed, with lots of room to grow.
> > 
> > I need to setup DNS primary/secondary systems on gentoo. So right now
> > I'm
> > looking for a suggested list of packages to install with Bind,
> > iptables
> > and
> > DNSSEC-tools as these (2) gentoo dns servers will only run the minimum
> > packages to operate securely?
>  
>  auth or cache?
>  
>  First of all, bind is a pain to use. Reason: it's actually a reference
>  implementation that as usual got forced into production use. It's
>  slower
>  than it could be because it deals with every possible corner case per
>  RFC.
>  
>  As an auth server (few queries) it's OK
>  As a cache (many queries), there are better servers out there. I prefer
>  unbound.
> >>> 
> >>> As it is related to this thread, which server would people recommend
> >>> when
> >>> the DNS records are to be found in a database?
> >>> Reason I am asking:
> >>> I want to set up a lab environment with VMs coming and going.
> >>> These all need to have hostname/mac/ip stored and configured correctly.
> >> 
> >> I don't understand.
> > 
> > 
> > 
> >> Perhaps detail more what you are trying to accomplish?
> > 
> > What I do currently:
> > 
> > Edit Bind zone-files and enter IP / Hostname combinations
> > Edit DHCP config file and enter MAC / IP / Hostname combinations
> > (And hope these actually match and not contain typos)
> > 
> > What I want to do:
> > 
> > In a database I have a table with the following fields:
> > MAC, IP, Hostname, domain
> > xx:xx:xx:xx:xx , 1.2.3.4 , vmobi1114node1 , vm1.lab.example.com
> > 
> > I want the DNS server to use the IP, Hostname and domain fields for the
> > resolving.
> > I want the DHCP server to use all the fields for the DHCP assignments.
> 
> OK, that makes sense. You'd think all decent DNS and DHCP servers out
> there would support any old arb db backend (very useful, no?) but it
> seems not. I've gotten used to independently vi'ing two files and
> HUP/reload two daemons over the years :-)

Same here. Works for the most part, but I'm not the only one using the system.
Which means I prefer to have it easier to use and not end up having to do all 
the work myself.

> Bind can use a mysql backend, so can most auth servers.

Need to check how difficult/easy it is to make it listen to PostgreSQL.
I'm not overly attached to Bind. Having a DNS server that's easier to configure 
and maintain would be appreciated.

> The only dhcp
> server easily available on gentoo seems to be dhcp from ISC which does
> not support mysql. But both support ldap, maybe you can use that?
> There's lots of ldap frontends so getting your info into it should be
> easy enough.

That's one option, but that would mean maintaining 2 databases.
One with the config for the VMs and OpenLDAP.


> You could also look into kea (https://www.isc.org/kea/), a better dhcp
> server from ISC. The blurb says it supports SQL backends.

I'll have a look at that one.

--
Joost

[gentoo-user] DNS server packages

[James]

Howdy,

So I now have (5) statics and a fiber feed, with lots of room to grow.

I need to setup DNS primary/secondary systems on gentoo. So right now I'm
looking for a suggested list of packages to install with Bind, iptables and
DNSSEC-tools as these (2) gentoo dns servers will only run the minimum
packages to operate securely?


Also, what is the (nominal) minimum amount of RAM needed to keep all routes
in ram in these  name servers?


I also found these wiki pages as resources:

https://wiki.gentoo.org/wiki/BIND

https://wiki.gentoo.org/wiki/BIND/Guide


James