Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×

Organizing Your DNS? 43

Posted by Cliff from the help-keep-track-of-it-all dept.
Neil Watson asks: "In previous organizations I've kept track of IPs, hostnames and DNS entries by using a single hosts file. I used a script (h2n) to convert the hosts file to DNS entries (BIND). Thus, all information was available in a single text file. For Microsoft Active Directory servers, we had that system's DNS server simply forward all of its requests to the BIND server. Now, I find myself at another organization. This network is considerably larger, with more name servers. The control of IPs, hostnames and DNS entries is somewhat loose, and it is starting take its toll. How do you organize all of your DNS information in order to easily assign and track all of the entries?"
This discussion has been archived. No new comments can be posted.

Organizing Your DNS? More

Organizing Your DNS?

Comments Filter:

  • PowerDNS (Score:5, Informative)

    by bmac83 ( 869058 ) on Saturday March 18, 2006 @11:55AM (#14948188) Homepage
    You can use PowerDNS [powerdns.com] and any number of administrative tools [bugs-r-us.no] to manage the domains with a SQL database rather than flat text files.

  • Ganymede, Doctor DNS (Score:5, Informative)

    by jonabbey ( 2498 ) * <jonabbey@ganymeta.org> on Saturday March 18, 2006 @12:02PM (#14948215) Homepage

    We have been using our own software, Ganymede [utexas.edu], to handle our DNS for the last 7 years. Ganymede is a programmable directory mastering application.. you give it a schema with objects for real-world items such as systems, interfaces, networks, etc., and Ganymede provides an object database and concurrent client/server GUI for making changes. Whenever an administrator hits 'commit' in their client, Ganymede turns around and updates the DNS (and in our case, our NIS, our Active Directory, our DHCP, and more) on a background thread.

    The schema we use for managing DNS at ARL:UT is not the most flexible, in that we have only a single DNS domain that we are managing, and may well not fit your environment, however there is a consulting company in Germany, http://www.fg-networking.de/ [fg-networking.de], which has built a complete DNS and DHCP management solution around Ganymede. They are using it to manage the DNS and DHCP for a University of 14,000 hosts, and they might be able to help you out with your environment.

    If you do decide you might like to know more about Ganymede, let me know.. I've been working on it for the last couple of years for internal use and for clients, without posting any new releases on our website. The software has tons of improvements that have been made in the meantime.

  • How many hosts? (Score:4, Informative)

    by bernywork ( 57298 ) * <bstapleton&gmail,com> on Saturday March 18, 2006 @12:30PM (#14948300) Journal
    If you were able to manage out of a single hosts file before, then you would have been looking after a small organisation.

    I find that even up to 1500 hosts, managing IP addresses out of a spreadsheet is fine. The amount of times that admins actually connect machines to networks isn't all that often (with the exception of workstations, but use dynamic DNS for that and don't worry about putting them into a spreadsheet) so the changes are minimal.

    Get the solarwinds software if you are running Windows (or find a box to put it on) and in the engineers edition, there is a DNS auditing tool. Run that every now and again to make sure that what's in the spreadsheet and what's in DNS matches up and all is good.

    If you are looking above 1500 hosts, then you might need to consider some of the other posts above.

    I found in the past as long as your IP allocations are easily managable, and you know what it is that you want to manage, then it's all good.

    Berny

  • Comment removed (Score:4, Informative)

    by account_deleted ( 4530225 ) on Saturday March 18, 2006 @12:59PM (#14948398)
    Comment removed based on user account deletion

  • Re:Ganymede, Doctor DNS (Score:5, Informative)

    by jonabbey ( 2498 ) * <jonabbey@ganymeta.org> on Saturday March 18, 2006 @01:11PM (#14948444) Homepage

    Ganymede 2.0 uses SSL for all client-server communications, as well as digitally signing the applets. It also requires Java 1.4 or better, largely in order to support SSL.

    Ganymede supports roles, so that you can give certain administrators arbitrarily reduced privileges. If you've got people who need to have limited privileges as you describe, it's possible to grant them in Ganymede, if the powers that be permit it.

    May I ask if you work at ARL:UT?

  • IPplan (Score:5, Informative)

    by lucm ( 889690 ) on Saturday March 18, 2006 @01:22PM (#14948490)
    Here is a nice web-based solution: http://iptrack.sourceforge.net/ [sourceforge.net]

    We are using it at the office and it is very handy.

    There is a lot of features, including DNS management, search tools, routing tables management, ...

  • Re:Infoblox (Score:2, Informative)

    by ChristopherCain ( 962073 ) on Saturday March 18, 2006 @03:20PM (#14948842)
    I've found that Infoblox isn't at all cracked up to what they claim to be. From my experience, BlueCat Networks' [bluecatnetworks.com] Adonis DNS/DHCP server kicks ass over anything from Infoblox in ease of management and reliability. As well, BlueCat's technical support is the greatest I have ever dealt with.

    BlueCat has another product called the Proteus that handles IP Address Management. We have found that with multiple locations distributed throughout the world, something like this may greatly help us keep a tighter control of our networks.

    I'm not trying to knock Infoblox, I have happened to use both companies products in my carrer and prefer BlueCats better.

  • MyDNS Rocks (Score:3, Informative)

    by pyite69 ( 463042 ) on Saturday March 18, 2006 @10:56PM (#14950556)
    We have hundreds of thousands of domains and millions of A, PTR, MX records. It is quite manageable with MyDNS. It uses a MySQL database with two simple tables - one for the domains and one for the address information.

    It makes multiple name servers easier because you don't need to AXFR - you just use MySQL replication which is quite easy to deal with.

  • Nictool (Score:3, Informative)

    by LogicX ( 8327 ) * <slashdot&logicx,us> on Saturday March 18, 2006 @11:43PM (#14950665) Homepage Journal
    Nictool [nictool.com] is an excellent DNS management system which uses mysql as a backend, rsync/ssh to update djbdns servers, and has a web frontend with very granular delegation to different users.

    I've been using it for many many months on multiple DNS setups, and many other organizations use it also. It takes a bit of knowledge to setup, but is very reliable once its setup. I've written a few guides on configuration and installation (though now a little outdated) -- they can be found in the mail toaster forum.

  • Re:Have you considered LDAP? (Score:2, Informative)

    by mr_jrt ( 676485 ) on Sunday March 19, 2006 @05:31PM (#14953412) Homepage
    I run ldap2dns and unfortunatly (or not, as pertains to your viewpoint), the author believes dyndns isn't fundamentally a good idea, as DNS is a resolver, and thus shouldn't have write access to the DB. Which does kind of make sense from a security standpoint, as DHCP is never externally facing whilst DNS is far more likely to be. Still, it causes me no end of pain as I haven't found a DHCP server that will update my LDAP...and I haven't got the faintest idea where to begin hacking ISC's dhcpd.

Slashdot Top Deals

8 Catfish = 1 Octo-puss

Close