[Cialug] internal DNS

Josh More morej at alliancetechnologies.net
Thu Nov 29 11:57:19 CST 2007 

It is almost always a better plan to learn how to use an existing
technology than to try to roll your own quick-n-dirty solution.  That
way you get to use a system that should already have security, load
balancing, and error detection built in.  (For some reason, people tend
to ignore these when writing a quick-n-dirty hack).

Specifically, if you have to change the permissions on secure files to
get things to work, that's a really good clue that you're in the process
of making a mistake.

Is this a business network or personal?  Who has access to it?

The answers to those might impact which solution you use.  However, in
a very general case, you will likely be better off if you just get DNS
working as it should.  Also, if bind is too complex for your needs and
you don't mind ego issues, you could always try djbdns.


 

-Josh More, RHCE, CISSP, NCLP, GIAC 
 morej at alliancetechnologies.net 
 515-245-7701



>>> "Matthew Nuzum" <newz at bearfruit.org> 11/29/07 9:35 AM >>> 
I have this small network (~20 hosts) and doing name resolution is
getting
to be a pain. I have a DNS server but I use it for external requests
and
whenever I try using the "view" feature of bind to answer differently
for
requests coming from the private side it stops working.

I personally don't like messing with DNS. I would be far happier if
there
were some system of synchronizing /etc/hosts files. I could write a
python
script that does this in half the time I spent last night.

However, I have two fears: The python script needs to run as root or I
need
to modify permissions on the hosts file (I'd be inclined to modify
permissions) *and* I didn't realize how far-reaching the implications
of a
fubar'd /etc/hosts file was until Nathan mailed us yesterday. I don't
have
physical access to these servers so rebooting in single user mode is
not
available to me (though if I modify permissions on the file then maybe
it
won't be as bad either).

Anyone have any thoughts (including a different solution entirely)? My
configuration is Ubuntu 6.06 server and I'm using bind9 for the primary
DNS
and powerdns for secondary (configured to use the bind style backend
storage).

-- 
Matthew Nuzum
newz2000 on freenode

More information about the Cialug mailing list