External DNS Virtual Appliance or similar suggestion?

Sphinx2000 · 14th August 2012, 6:55 PM

Hey guys,

I'm looking for a good External DNS Virtual Appliance or similar to handle external DNS queries for about 2 dozen domains we manage.

Preferable to have:

- Webmin type interface for ease of use for engineers.
- Auto replication from ns0.blah to ns1.blah host for any changes (not critical)
- Easy to whack in a VMware environment at either location / low resources.

Currently using a couple of aging Redhat VM boxes running Bind for years at different locations, but the replication is sort of broken amongst other things and one is becoming less reliable by the day.. requiring weekly babying / rebooting, etc..

Googling around gives mixed results. Many suggesting Ubuntu with Bind again, but I was hoping for something more as per the above - preferably a pre-complied appliance ot the like (do they exist?), if not free - some pricing may be still an option.

Anyone here have suggestions / use something similar?

Thanks.

Wynne · 15th August 2012, 2:03 AM

We have Bind on OpenBSD, but it sounds like you're over that.

Have heard good things about Infoblox if thats what you would prefer.

username_taken · 15th August 2012, 9:13 AM

Infoblox is perfect if you're looking for a turnkey appliance.

Sphinx2000 · 15th August 2012, 12:33 PM

Thanks for the suggestion, will check it out.

f3n1x · 15th August 2012, 1:15 PM

Quote:

Originally Posted by Sphinx2000

Currently using a couple of aging Redhat VM boxes running Bind for years at different locations, but the replication is sort of broken amongst other things and one is becoming less reliable by the day.. requiring weekly babying / rebooting, etc..

A common reason for broken replication and DNS slaving is if a tech forgets to update the zone file serial number, I'd make sure that's not happening before i roll out a new solution.

phreeky82 · 15th August 2012, 11:24 PM

Is there anything fundamentally wrong with running bind on a primary and secondary and simply doing an rsync of the zone files to the secondary?

I only have simple requirements, but I have bind+smbind installed on a debian machine (smbind is only enabled when needed, I don't trust such web GUIs), and after making changes I rsync the files to the secondary (Ubuntu machine with bind) and all seems well.

Primüs · 16th August 2012, 8:02 AM

Perhaps also look at cPanel DNS only. Easy to set up replication between them and it is a nice GUI.

Iceman · 16th August 2012, 9:46 AM

Honestly, "you're doing it wrong".

If you don't have enough in house skill / time to properly manage two internet facing linux boxes and a single application (bind) without a preconfigured VM and a web gui, you're wasting your time trying to DIY something as mission critical as DNS.

The amount time you'll spend keeping them secured and troubleshooting someone elses build you might as well just spend less dollars on an external host.

Here is a company I used for a few years. They're one of many who'll give you a web interface and geographically dispersed servers. $60 per year for 25 domains + the time it takes your staff to transfer the records.

I'd be really interested to know if there's a reason that wouldn't be a better solution?

scrantic · 16th August 2012, 7:17 PM

+1 to DNS Made Easy used them for years been rock solid except for 1 DDOS attack they couldn't mitigate.

VR4hore · 16th August 2012, 11:42 PM

Quote:

Originally Posted by phreeky82

Is there anything fundamentally wrong with running bind on a primary and secondary and simply doing an rsync of the zone files to the secondary?

I only have simple requirements, but I have bind+smbind installed on a debian machine (smbind is only enabled when needed, I don't trust such web GUIs), and after making changes I rsync the files to the secondary (Ubuntu machine with bind) and all seems well.

Yes I find there is something fundamentally wrong with running rsync for a function that bind has built in.

Gecko · 17th August 2012, 9:02 AM

Quote:

Originally Posted by phreeky82

Is there anything fundamentally wrong with running bind on a primary and secondary and simply doing an rsync of the zone files to the secondary?

I only have simple requirements, but I have bind+smbind installed on a debian machine (smbind is only enabled when needed, I don't trust such web GUIs), and after making changes I rsync the files to the secondary (Ubuntu machine with bind) and all seems well.

Once you get zone transfers working, it works like magic. I can change any of our zones on the master server, and have them propogated out to the slaves within about 10 seconds. All I have to do is increment the serial number and do "rndc reload"

Setting up bind with a master and a couple of slaves is a few hours work at max.

Anyway, I agree with Iceman, just outsource it. Plenty of DNS providers out there.

elvis · 17th August 2012, 10:54 AM

Quote:

Originally Posted by phreeky82

Is there anything fundamentally wrong with running bind on a primary and secondary and simply doing an rsync of the zone files to the secondary?

I only have simple requirements, but I have bind+smbind installed on a debian machine (smbind is only enabled when needed, I don't trust such web GUIs), and after making changes I rsync the files to the secondary (Ubuntu machine with bind) and all seems well.

No, there's nothing wrong with this. I've got a few large DNS servers hosting a huge volume of domains and traffic that are controlled by Puppet, with each running as a master. The reliability that gives me is fantastic.

Quote:

Originally Posted by VR4hore

Yes I find there is something fundamentally wrong with running rsync for a function that bind has built in.

I disagree. just because functionality is "built in" doesn't make it better, more reliable or more secure. DNS replication dramas have plagued many places I've worked for over the years, and through no fault of the good staff who managed it.

7nothing · 19th August 2012, 2:05 PM

Quote:

Originally Posted by VR4hore

Yes I find there is something fundamentally wrong with running rsync for a function that bind has built in.

There's something fundamentally wrong with running bind when there's djbdns.

username_taken · 21st August 2012, 11:00 AM

Quote:

Originally Posted by 7nothing

There's something fundamentally wrong with running bind when there's djbdns.

There's something fundamentally wrong with using any product written by Dan J Bernstein. I keep expecing to hear about him moving in with Hans Reiser.

7nothing · 21st August 2012, 2:13 PM

Quote:

Originally Posted by username_taken

I keep expecing to hear about him moving in with Hans Reiser.

With the attention to detail DJB puts into his work, I bet he could murder a dozen women and not get caught.

He may be quite crazy, but the quality of the product speaks for itself. Especially when compared with bind. Just cos it's from Berkley and not Washington U, doesn't mean it's not crap

14th August 2012, 6:55 PM	#1
Sphinx2000 Member Join Date: Sep 2001 Location: Brisbane Posts: 1,473	External DNS Virtual Appliance or similar suggestion? Hey guys, I'm looking for a good External DNS Virtual Appliance or similar to handle external DNS queries for about 2 dozen domains we manage. Preferable to have: - Webmin type interface for ease of use for engineers. - Auto replication from ns0.blah to ns1.blah host for any changes (not critical) - Easy to whack in a VMware environment at either location / low resources. Currently using a couple of aging Redhat VM boxes running Bind for years at different locations, but the replication is sort of broken amongst other things and one is becoming less reliable by the day.. requiring weekly babying / rebooting, etc.. Googling around gives mixed results. Many suggesting Ubuntu with Bind again, but I was hoping for something more as per the above - preferably a pre-complied appliance ot the like (do they exist?), if not free - some pricing may be still an option. Anyone here have suggestions / use something similar? Thanks.

15th August 2012, 2:03 AM	#2
Wynne Member Join Date: Sep 2003 Location: sydney.au Posts: 222	We have Bind on OpenBSD, but it sounds like you're over that. Have heard good things about Infoblox if thats what you would prefer. __________________ That it comes as no surprise takes me by surprise

15th August 2012, 11:24 PM	#6
phreeky82 Member Join Date: Dec 2002 Location: Townsville Posts: 9,104	Is there anything fundamentally wrong with running bind on a primary and secondary and simply doing an rsync of the zone files to the secondary? I only have simple requirements, but I have bind+smbind installed on a debian machine (smbind is only enabled when needed, I don't trust such web GUIs), and after making changes I rsync the files to the secondary (Ubuntu machine with bind) and all seems well. __________________ Successful trades: eyusuf, andy8, stuartl, michaeliam, theDarkHorse, bob

16th August 2012, 8:02 AM	#7
Primüs Member Join Date: Oct 2005 Location: Coffs Harbour, NSW Posts: 2,712	Perhaps also look at cPanel DNS only. Easy to set up replication between them and it is a nice GUI. __________________ I has blog!

16th August 2012, 9:46 AM	#8
Iceman Member Join Date: Jun 2001 Location: Brisbane (nth), Australia Posts: 6,304	Honestly, "you're doing it wrong". If you don't have enough in house skill / time to properly manage two internet facing linux boxes and a single application (bind) without a preconfigured VM and a web gui, you're wasting your time trying to DIY something as mission critical as DNS. The amount time you'll spend keeping them secured and troubleshooting someone elses build you might as well just spend less dollars on an external host. Here is a company I used for a few years. They're one of many who'll give you a web interface and geographically dispersed servers. $60 per year for 25 domains + the time it takes your staff to transfer the records. I'd be really interested to know if there's a reason that wouldn't be a better solution? __________________ _,ø¤°`°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°`°¤ø,¸_ WTB: Cisco 1801-M PM me Please rehash my posts and pass them off as your own ideas! Triple points for doing it in the same page of the thread. Plagiarism is the sincerest form of copyright infringement.

15th August 2012, 9:13 AM	#3
username_taken Member Join Date: Oct 2004 Location: Austin, TX Posts: 1,293	Infoblox is perfect if you're looking for a turnkey appliance.

15th August 2012, 12:33 PM	#4
Sphinx2000 Member Join Date: Sep 2001 Location: Brisbane Posts: 1,473	Thanks for the suggestion, will check it out.

16th August 2012, 7:17 PM	#9
scrantic Member Join Date: Apr 2002 Location: Melbourne Posts: 1,024	+1 to DNS Made Easy used them for years been rock solid except for 1 DDOS attack they couldn't mitigate. __________________ \| Intel Core i7-860 \| Gigabyte GA-P55A-UD3P \| \| Corsair X128 Extreme SSD \| 8GB Corsair DDR3 1333 \| \| MSI GTX275 896MB\| Antec P183 \| Antec 750W PSU \| Storage Synology DS1511+ 4 x Hitachi 3TB Deskstar 5K3000