Distribute named.conf
Hi all, we are currently using PowerDNS on our 12 Nameservers. Now we are thinking about a migration to bind. So we are seeking a way to distribute the named.conf.x for the several zonfiles. Currently this is solved by powerdns via mysql replication. Is there any tool in bind we could use. Generating the conf file and syncing via ssh/rsync is discussed on our side, and we hoped that there is a "nicer" way. Many registrys are testing the dns server if the zone is available during the registration. Genrating the new files via cron would cause the registration to fail. Regards Jörg ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Distribute named.conf
Hi Joerg, Is there any specific reason for migration from powerdns to bind? Br Ben On Thu, Jan 3, 2013 at 4:36 PM, Joerg Stephan wrote: > Hi all, > > > we are currently using PowerDNS on our 12 Nameservers. Now we are thinking > about a migration to bind. > > So we are seeking a way to distribute the named.conf.x for the several > zonfiles. Currently this is solved by powerdns via mysql replication. Is > there any tool in bind we could use. Generating the conf file and syncing via > ssh/rsync is discussed on our side, and we hoped that there is a "nicer" way. > > Many registrys are testing the dns server if the zone is available during the > registration. Genrating the new files via cron would cause the registration > to fail. > > Regards > > Jörg > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Distribute named.conf
On 03/01/13 11:06, Joerg Stephan wrote:
Hi all,
we are currently using PowerDNS on our 12 Nameservers. Now we are
thinking about a migration to bind.
So we are seeking a way to distribute the named.conf.x for the
several zonfiles. Currently this is solved by powerdns via mysql
replication. Is there any tool in bind we could use. Generating the
conf file and syncing via ssh/rsync is discussed on our side, and we
hoped that there is a "nicer" way.
There are innumerable options for doing this. As written, the question
is way too vague - "how do I copy a file".
FWIW we use a cron job on the nameservers to pull a .csv file from a
master server, which builds the named.conf and does and "rndc reconfig"
(if it has changed). But there are many, many ways to do this...
Many registrys are testing the dns server if the zone is available
during the registration. Genrating the new files via cron would cause
the registration to fail.
So don't use cron. Push the creation from a central server and then
register the domain.
You may also want to investigate "rndc addzone" in the new version of
bind. Something like:
# add the zone locally
rndc addzone ... "{ type master; allow-transfer ...; ...};"
# add zone on all slaves
for slave in server1 server2
do
ssh root@$slave 'rndc addzone .. "{ type slave; master x.x.x.x; ...};'
done
# contact registrar
./do_register
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Distribute named.conf
于 2013-1-3 19:06, Joerg Stephan 写道: So we are seeking a way to distribute the named.conf.x for the several zonfiles. Currently this is solved by powerdns via mysql replication. Is there any tool in bind we could use. Generating the conf file and syncing via ssh/rsync is discussed on our side, and we hoped that there is a "nicer" way. #1 BIND also has the feature called DLZ, which run with a database backend. So you could use database replication to get the zones synced the same way as powerdns. #2 if you do run BIND with static zone files, thus you could run a CGI to create/delete zones from the file on each remote nameserver host. My site www.dnsbed.com is doing this way. #3 A question is, why you switch from powerdns to BIND? is there any items to share? thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: open-source tool for filter out stats from dns logs
There might be some tools already out there (like Splunk) that do this for you. I think you can get a free Splunk license if you parse relatively small amounts of daily data. If you're particularly concerned about open-source, this thread might also help: http://stackoverflow.com/questions/183977/what-commercial-and-open-source-competitors-are-there-to-splunk. Regards, Jeff ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Distribute named.conf
On Jan 3, 2013, at 6:06 AM, Joerg Stephan wrote:
> Hi all,
>
>
> we are currently using PowerDNS on our 12 Nameservers. Now we are thinking
> about a migration to bind.
>
> So we are seeking a way to distribute the named.conf.x for the several
> zonfiles. Currently this is solved by powerdns via mysql replication. Is
> there any tool in bind we could use. Generating the conf file and syncing via
> ssh/rsync is discussed on our side, and we hoped that there is a "nicer" way.
Yup, have a look at Puppet.
For the first while it will seem like way way more work than it is worth (and
the whole declarative language bit makes my head hurt) but after investing a
few hours getting things setup you'll wonder how you ever managed without it…
Deploying a new server (or configs, etc to a bunch of servers) suddenly becomes
trivial...
>
> Many registrys are testing the dns server if the zone is available during the
> registration. Genrating the new files via cron would cause the registration
> to fail.
Setup Puppet to distribute the file, and then have an exec action that does:
rndc addzone example.com '{type master; file "master/example.com"; };'
on master(s) and:
rndc addzone example.com '{type slave; master 192.0.2.1; };'
on devices that you have told Puppet are slaves.
After investing the time you'll wonder how you ever managed >2 boxes without it…
More more info on Puppet at: http://puppetlabs.com/puppet/puppet-open-source/
and http://docs.puppetlabs.com/learning/
W
>
> Regards
>
> Jörg
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
"I think perhaps the most important problem is that we are trying to understand
the fundamental workings of the universe via a language devised for telling one
another when the best fruit is." --Terry Prachett
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Distribute named.conf
Hello everybody. I have puppet running in my infraestructure and works like
a charm.
By the way, im using named+dlz and i really have forgotten about zone files
tranfer and things like that.
Hope that help,
Kind regards,
Leonardo Santagostini
2013/1/3 Warren Kumari
>
> On Jan 3, 2013, at 6:06 AM, Joerg Stephan wrote:
>
> > Hi all,
> >
> >
> > we are currently using PowerDNS on our 12 Nameservers. Now we are
> thinking about a migration to bind.
> >
> > So we are seeking a way to distribute the named.conf.x for the several
> zonfiles. Currently this is solved by powerdns via mysql replication. Is
> there any tool in bind we could use. Generating the conf file and syncing
> via ssh/rsync is discussed on our side, and we hoped that there is a
> "nicer" way.
>
> Yup, have a look at Puppet.
>
> For the first while it will seem like way way more work than it is worth
> (and the whole declarative language bit makes my head hurt) but after
> investing a few hours getting things setup you'll wonder how you ever
> managed without it…
> Deploying a new server (or configs, etc to a bunch of servers) suddenly
> becomes trivial...
>
> >
> > Many registrys are testing the dns server if the zone is available
> during the registration. Genrating the new files via cron would cause the
> registration to fail.
>
>
> Setup Puppet to distribute the file, and then have an exec action that
> does:
> rndc addzone example.com '{type master; file "master/example.com"; };'
>
> on master(s) and:
> rndc addzone example.com '{type slave; master 192.0.2.1; };'
> on devices that you have told Puppet are slaves.
>
> After investing the time you'll wonder how you ever managed >2 boxes
> without it…
>
> More more info on Puppet at:
> http://puppetlabs.com/puppet/puppet-open-source/ and
> http://docs.puppetlabs.com/learning/
>
> W
>
>
>
> >
> > Regards
> >
> > Jörg
> > ___
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> >
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> >
>
> --
> "I think perhaps the most important problem is that we are trying to
> understand the fundamental workings of the universe via a language devised
> for telling one another when the best fruit is." --Terry Prachett
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Distribute named.conf
On 03/01/13 14:36, Warren Kumari wrote:
Yup, have a look at Puppet.
For the first while it will seem like way way more work than it is
worth (and the whole declarative language bit makes my head hurt) but
after investing a few hours getting things setup you'll wonder how
you ever managed without it… Deploying a new server (or configs, etc
to a bunch of servers) suddenly becomes trivial...
A bit OT, but we use cfengine (because puppet didn't exist when we
started doing it), but I strongly endorse the general sentiment behind
this statement; if you run any number of servers at all, a config
management tool like puppet/cfengine will transform your working life.
Setup Puppet to distribute the file, and then have an exec action
that does: rndc addzone example.com '{type master; file
"master/example.com"; };'
Does puppet provide built-in facilities to synchronise events across
multiple servers, because that was a concern to the OP.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Distribute named.conf
On Jan 3, 2013, at 9:44 AM, Phil Mayers wrote:
> On 03/01/13 14:36, Warren Kumari wrote:
>
>> Yup, have a look at Puppet.
>>
>> For the first while it will seem like way way more work than it is
>> worth (and the whole declarative language bit makes my head hurt) but
>> after investing a few hours getting things setup you'll wonder how
>> you ever managed without it… Deploying a new server (or configs, etc
>> to a bunch of servers) suddenly becomes trivial...
>
> A bit OT, but we use cfengine (because puppet didn't exist when we started
> doing it), but I strongly endorse the general sentiment behind this
> statement; if you run any number of servers at all, a config management tool
> like puppet/cfengine will transform your working life.
>
>> Setup Puppet to distribute the file, and then have an exec action
>> that does: rndc addzone example.com '{type master; file
>> "master/example.com"; };'
>
> Does puppet provide built-in facilities to synchronise events across multiple
> servers, because that was a concern to the OP.
Oh, yeah, in my Puppet zealotry I forgot about that bit :-)
AFAIK Puppet doesn't natively support this, but on the few occasions I have
needed to do something like this from Puppet I have done something a little
clunky. It involves taking the time on the puppet master and then using that to
schedule a job in N minutes from that time on all the boxes.
Something along the lines of:
AT_TIME=`date +"%H:%M %m/%d/%y" --date='$MASTER_TIME + 2 minutes'`; echo '
$SOME_COMMAND ' | at $AT_TIME
This *is* very clunky and so in a fit of pique I deleted it…
W
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Eagles soar but a weasel will never get sucked into a jet engine
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Distribute named.conf
-Original Message-
From: Phil Mayers
Date: Thursday, January 3, 2013 9:44 AM
To: "bind-users@lists.isc.org"
Subject: Re: Distribute named.conf
>On 03/01/13 14:36, Warren Kumari wrote:
>
>> Yup, have a look at Puppet.
>>
>> For the first while it will seem like way way more work than it is
>> worth (and the whole declarative language bit makes my head hurt) but
>> after investing a few hours getting things setup you'll wonder how
>> you ever managed without itŠ Deploying a new server (or configs, etc
>> to a bunch of servers) suddenly becomes trivial...
>
>A bit OT, but we use cfengine (because puppet didn't exist when we
>started doing it), but I strongly endorse the general sentiment behind
>this statement; if you run any number of servers at all, a config
>management tool like puppet/cfengine will transform your working life.
We started with cfengine as well, for the same reason...I still love it,
but we are moving to Puppet mostly because they are very similar at a high
level, the mothership invests and other acquisitions use it (convergence).
That said, fully agree the tool doesn't matter -- you want configuration
management. To me that minimally includes a tool like cfengine or puppet
and some sort of CMDB to track objects (and serve as an ENC).
>> Setup Puppet to distribute the file, and then have an exec action
>> that does: rndc addzone example.com '{type master; file
>> "master/example.com"; };'
>
>Does puppet provide built-in facilities to synchronise events across
>multiple servers, because that was a concern to the OP.
Yes, and so did cfengine all the way back to 2.x...though it was a bit
scary to try and use the RPC functionality. :-) In Puppet MCollective
should be able to handle this. While it takes more setup than the usual
client install, it also provides functionality larger shops will likely
not want to live without.
There are also other "orchestration layers" beside MC, this paper gives a
good overview:
http://www.puppetlabs.com/wp-content/uploads/2010/03/FullyAutomatedProvisio
ning_Whitepaper7.pdf
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: open-source tool for filter out stats from dns logs
-Original Message- From: Jeff Wright Date: Thursday, January 3, 2013 8:41 AM To: "bind-users@lists.isc.org" Subject: Re: open-source tool for filter out stats from dns logs >There might be some tools already out there (like Splunk) that do this >for you. I think you can get a free Splunk license if you parse >relatively small amounts of daily data. If you're particularly >concerned about open-source, this thread might also help: >http://stackoverflow.com/questions/183977/what-commercial-and-open-source- >competitors-are-there-to-splunk. Just wanted to add a few things based on some research I've been doing... By all means, start with the SO thread above and [your favorite search engine] as I did. This may just save folks some time. :-) Splunk is an amazing tool, but gets expensive fast when indexing much data... With the maturity of many OSS solutions, I'm not sure it even makes sense on a small scale these days (unless you plan to stick with it). After reading through several SO threads and spending many late nights searching, I've mostly concluded that there are two OSS "solutions" (a mix of technologies/tools) that can fill this gap. You can go the "neato" (newer, being discussed more) way of [ logstash + graylog + elastic search ] or the "oldschool" (relatively at this point) of [ syslog-ng + mysql + sphinx ] (ELSA). For the prior, my initial research let to buzzword/acronym overload. This post helped immensely: http://jpmens.net/2012/08/06/my-logstash-and-graylog2-notes/ And also led me to find this useful ES utility: http://jpmens.net/2012/08/09/must-have-ui-for-elasticsearch/ These are also obvious places to start playing (the first is worth visiting just to watch the, hilarious IMCO, video on the front page): http://logstash.net/ http://graylog2.org/ http://www.elasticsearch.org/ Of course after setting all that up, some conclude it's too slow for real-time analytics. There's discussion about this on SO and other places. Based on your use cases, you might not care. If you do, consider ELSA: https://code.google.com/p/enterprise-log-search-and-archive/ Somewhat dated, but great overview by the author (refer to the docs for latest features): http://ossectools.blogspot.com/2011/03/fighting-apt-with-open-source-softwa re.html We are in the process of building prototype environments for both of these atm, so wanted to share. hth ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Distribute named.conf
How does Puppet compare to Ansible? http://ansible.cc/ -- William Brown Core Hosted Application Technical Team and Messaging Team Technology Services, WNYRIC, Erie 1 BOCES (716) 821-7285 Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Distribute named.conf
-Original Message- From: "wbr...@e1b.org" Date: Thursday, January 3, 2013 2:29 PM To: "bind-users@lists.isc.org" Subject: Re: Distribute named.conf >How does Puppet compare to Ansible? http://ansible.cc/ Thanks for sharing, first I'd heard of it... >From a quick glance (in a rush atm), it seems ansible uses SSH and PUSH whereas cfengine/puppet use TLS/SSL and PULL. In general, scaling is easier with non-SSH approaches built around PULL. That said, Puppet is not scalable out of the box (unlike cfengine's server, though you still need to tune several knobs there) -- but it's not intended to be, a common mis-conception. The bulit-in webrick server is for development only, and building the more scalable web services infrastructure (apache, passenger) is not as difficult as it first seems. Many folks also run without a puppetmaster (masterless/nodeless). It'd been awhile since I'd checked, but I see ansible is not listed here (in case others haven't seen the master table): http://en.wikipedia.org/wiki/Comparison_of_open_source_configuration_manage ment_software I highly advise anyone new to configuraton management to setup some virtual machines and play with as many solutions as time permits...they each have interesting features, and no one solution will work for everyone IMHO. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Distribute named.conf
Mike wrote on 01/03/2013 02:45:29 PM: > Thanks for sharing, first I'd heard of it... I read about it on http://jpmens.net/ > http://en.wikipedia.org/wiki/Comparison_of_open_source_configuration_manage > ment_software It's there today. > I highly advise anyone new to configuraton management to setup some > virtual machines and play with as many solutions as time permits...they > each have interesting features, and no one solution will work for everyone > IMHO. Good advice! Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Distribute named.conf
-Original Message- From: "wbr...@e1b.org" Date: Thursday, January 3, 2013 3:15 PM To: Mike Hoskins Cc: "bind-users@lists.isc.org" , "bind-users-bounces+wbrown=e1b@lists.isc.org" Subject: Re: Distribute named.conf >Mike wrote on 01/03/2013 02:45:29 PM: > >> Thanks for sharing, first I'd heard of it... > >I read about it on http://jpmens.net/ > >> >http://en.wikipedia.org/wiki/Comparison_of_open_source_configuration_manag >e > >> ment_software > >It's there today. Apologies to the list, it's what I get for typing on the run... I meant to say, I see it there (it just wasn't there in the past when I last looked at that list). Glad to see wikipedia is staying up to date. :-) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
