Mailinglist Archive: opensuse (1420 mails)

< Previous Next >
Re: [opensuse] Should I switch to DNSmasq and forget bind? [WAS: optimizing resolv.conf]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/07/2014 06:28 AM, Carlos E. R. wrote:
I have bind running on this 12.3 setup. I have had it for ages. But I
know I have errors on it, which I'm too lazy to correct. Each time I add
a machine I have to edit two files (direct and reverse). Be careful with
the timestamps. And then I see little inconsistencies which I try to
correct, and there is always some little new mistake.



No problem. The have these neat little tools that ship like named-checkzone,
named-checkconfig, etc.. The slickest part about the setup is using dynamic
update from dhcpd to keep your zones updated automagically when new devices plug
in or connect wirelessly. Take for example all the wireless stuff that wants an
address everyday, even at home it is a blessing. Example from the forward zone:

<snip>
$TTL 3600 ; 1 hour
davids-iPhone A 192.168.6.110
TXT "31de32cd4c301bc6e6e8526f436b2118f6"
dcrgx A 192.168.6.111
TXT "315bafb7bcb07998abd2a40f11eb09219c"
Deborahs-iPhone A 192.168.6.122
TXT "31a5bf958f65a6efa478be2842c3f9b936"
iPhone A 192.168.6.137
TXT "31de32cd4c301bc6e6e8526f436b2118f6"
Jordan-Rankin-1 A 192.168.6.144
TXT "31d202900ab3d104fe54191d6673301af1"
ripper A 192.168.6.149
TXT "313f41f262462bc25dedb4fa3bb99bc318"
Sydney-Rankin A 192.168.6.131
TXT "3112768425732e649608601ac373cfca0e"
Sydneys-iPad A 192.168.6.147
TXT "313c6b00df734206b614790a9a4806fec8"
Sydneys-IPod A 192.168.6.136
TXT "311da689704c4fb2be7d4edcaabc67107f"

each of those are wired/wireless examples that requested an IP via dhcp. My
server said OK, your MAC is in my allow filter, so here is your address, updated
both forward and reverse zones and then signed the zone. Never had to touch a
thing. An for those time when you add a host on a static IP, or assign it a
non-changing IP via dhcpd, then simple issue "rndc freeze" to suspend dynamic
updates (this conveniently forces the journal cache to be written to the zones),
use vi to make needed changes in the zones (increment serial by 1 also), then
simply "rndc thaw" and you are done.

Literally makes adding new dhcp devices to your network plug-n-play, your
zones are automatically and securely updated :-)

I have a virtual machine where I installed bind afresh, using the YaST
module. But something went wrong and it doesn't work at all. The
instructions on the openSUSE book, plus the YaST module online help are
not clear enough. They assume you really know about zones and DNS and
what each particular type of entry is for. And I don't, not really.

So it is a pending task.


Piece of cake, 99.9% of the diagnosis is

# named-checkzone zonename filename

real-world:

[03:23 nemesis:/home/david] # named-checkzone rlfpllc.com
/var/lib/named/dyn/rlfpllc.com
zone rlfpllc.com/IN: loaded serial 2013113017
OK

If there is an issue with the zone file, it will flag it and you can fix it
long before you issue rcnamed start or systemctl start named.service


And here comes DNSmasq. It is so easy! Just write an /etc/host file and
off you go. No more zones, no direct, no reverse, no mismatches. No MX
registers. No pointers. Nothing to do to it.


So... is the effort to insist on using bind worth it?

I see the allure... I would still need to do a bit more digging to see if
dnsmasq can facilitate backup dnshandling handling like named does, but so far
it looks pretty good.


- --
David C. Rankin, J.D.,P.E.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlLNGv0ACgkQZMpuZ8Cyrci7OgCfe2kVRLlBcFl84MwT7gnQu38K
g40Anjk4EQYZpNZmwo40Hyi8ixs+9hzu
=HucH
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread