New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Which DNS tool/service do you use (wanna get rid of bind9)
So,
i know, never change a running system, but I have an old debian 5(!) server which is running bind9 and managing the zones with vi is pain in the butt. also i want to relieve this server from it's hard work :^)
Is there any fancy dns management tool with webinterface, so I can get rid of this old system? (something like the webinterface cloudflare has)
I'm getting sick of changing serial and reloading bind everytime. and there's no syntax check.
There are about 200 zone files to manage.
Edit: I has to be self hosted.
Comments
Hurricane electric (dns.he.net) only limits the number of different sites, so that may be something to look into.
Also when using cloudflare, you can always turn off their "DDoS shield". If you do that, it's basically a DNS hosting service.
Maybe afraid.org is interesting for you. I've happily used it for years, and it seems that nothing has changed in the mean time.
I think you should migrate to nsd - you can still use vi (or vim and/or sed/awk etc.) and get the job done really fast and of course it also comes with tools to check the zone files. Unless of course you really want a web interface (etc.)
I want it to be self hosted, that old bind server is the registered nameserver for all the domains, so cloudflare wont do it, it was just a comparison.
The already suggested nsd should be pretty easy to implement if you're coming from BIND. Besides, if you're looking to "secure" your EOL installation and if you want a web server on top of it, you should really give a look at dnsdist (you can place it in front of any DNS server).
This.
nsd will even accept your old BIND file format, so other than configuring NSD itself, you can hit the ground running in minutes (and it's config file is a pile of piss- think of it like moving from sendmail to postfix/exim). The DNSSEC and private shared-key transfer between slave and master is trivial to configure.
@mfs, @nullnothere NSD bros.
named-checkzone is helpful for this. Never restart bind9 without running it first.
Who the fuck restarts their nameservice instead of just HUPping it? What bass-ackwards service doesn't reload zones and config with a hup (or nsd reload)?
this doesn't work since i can remember, it says every file has wrong syntax, and i'm not going to fix every single file for perfect syntax, because i'm very very veryyyy lazy
True dat - reload rather than restart unless you're changing config options (caching and the like).
i'll have a look into it, but it seems like much work.
is there nothing where i have to do the least?
maybe this is the wrong forum to ask, but it's ok if it is a commercial (paid) product
Now which one still shits when a config is broken rather than saying "Hey fuckpocket, I can't read this zone, so I'm not touching it"?
They you probably should be reconsidering your choice to run your own DNS service. If you can't be bothered with proper syntax to ensure you don't hose something on a reload.
This is an example config, please tell me whats wrong.
It was written for BIND 4, not BIND 8+. You haven't set an $ORIGIN, et al.
webmin will give you a interface to bind that auto increments serials and is self hosted.
You couldn't write a little script which would autogenerate serial and put it into place where your source zonefile has %SERIAL% in it (or the like) -- and reload the nameserver for you?
It was written for bind9, like the man page shows it: https://wiki.debian.org/Bind9#Files_in_var.2Fcache.2Fbind.2F
Just no global TTL.
$ORIGIN needed?
well, thats just a little aspect of the whole problem.
as i said, the system is very old, and shall be replaced by something nicer, if bind is top notch, i'll stay with it, just migrate to the latest debian.
You're asking why it's angry; I answered you. Falling back on compatibility mode with a 20+ year old syntax is no excuse. I'm changing my vote to "Use whatever your registrar offers for free."
What if I'm the registrar or cannot use the registrars solution?
I still don't know whats wrong with the syntax, when did it change? And what does the syntax should look like nowdays? Everything I can find in the internet is exactly the same than my example. And why does it claims a bad syntax when theres no $ORIGIN, as it's pulling the value from the config?
God forbid.
After BIND 4, as mentioned. With 9+ I'm pretty sure it went from deprecated to "warning" levels. O haven't used bind since there's been an OSS alternative, and that includes djbdns. Bind made my life hell for years, so I avoid it like the plague. That said, others which use their same zones make it much easier..
Here's a sample of whats' accepted by bind/nsd/compatibles. You'll notice that not only do I have short (5 minute) TTLs, but I use the numeric syntax so there's no late-night flubbing numbers.
E: Technically, the second/third $ORIGIN isn't required here. I always do that for special records as a mental reference.
Call me a retard but I don't see major differences here.
Can't bind handle tabs anymore the way it was? Or is it because 1D, 5H etc.pp. ?
Your @ IN SOA is probably what's pissing it off. I don't use bind.
I am using PowerDNS and erl-dns. PowerDNS is really flexible in regards to the backend, you could easily use a BIND backend and keep your zone files or migrate to a SQL backend and write a little script that communicates with the SQL backend. PowerDNS also does offer an API.
Erl-DNS is written by dnsimple and I really like the idea of having json files as zone files. Also it's written in Erlang, a language that is suited for these kind of things.
But does it have a webinterface? I'm searching for something with a graphic interface, otherwise switching from bind to another thing is unnecessary as bind runs fine.
There are multiple tools:
https://github.com/PowerDNS/pdns/wiki/WebFrontends
https://github.com/ngoduykhanh/PowerDNS-Admin
I use nsd with an in-house web interface for about 150 domains.
You might have a look at https://github.com/msimerson/NicTool which is a DNS web interface that supports several backend DNS servers, including nsd.
How about dnscontrol?
I'm using it to manage 40 domain zones between DNSimple and Digital Ocean. It can output bind zones or push directly to something like Window DNS. Adding more providers is trivial.
I'm using PowerDns with a galera cluster for replication of the DB + DNSdist for some load balancing and extra control. We have our own scripted panel but there's multiple webinterfaces available. PowerAdmin is a nice one. Not fancy looking but it gets the job done. Serving over 2K zones without issues.
looks promising, but holy moly, this desgin!
straight outta the 90s