Slashdot Mirror
Organizing Your DNS?
Neil Watson asks: "In previous organizations I've kept track of IPs, hostnames and DNS entries by using a single hosts file. I used a script (h2n) to convert the hosts file to DNS entries (BIND). Thus, all information was available in a single text file. For Microsoft Active Directory servers, we had that system's DNS server simply forward all of its requests to the BIND server. Now, I find myself at another organization. This network is considerably larger, with more name servers. The control of IPs, hostnames and DNS entries is somewhat loose, and it is starting take its toll. How do you organize all of your DNS information in order to easily assign and track all of the entries?"
It seems to me that most of your problems can be solved with a little politcal weight-throwing.
This network is considerably larger, with more name servers. The control of IPs, hostnames and DNS entries is somewhat loose, and it is starting take its toll.
The number of nameservers is irrelevant as long as they're master/slave. Are each of these NS boxen run by a different business unit/department? If so, find the group with the organizational proponency for DNS (probably you) and demand that they be given full control. Assign a hostmaster for your organization and funnel ANY and ALL dns changes through him/her/it. Authority for subdomains can still be given out, but force a signed waiver to cover your ass when they shoot themselves in the foor by running 2k3 AD as a production NS service.
Once this is done you'll probably want to ditch the flat-file approach and run some sort of frontend. It guarantees that when your hostmaster eventually quits you wont have to find another expensive geek. I used to run the webmin plugin for BIND, but stopped once I saw what a security nightmare webmin was. Don't have much experience with anything else besides custom solutions but nictool and oDNS have their supporters.