Building a Dynamic DNS Server for Your Enterprise?

← Back to Stories (view on slashdot.org)

Building a Dynamic DNS Server for Your Enterprise?

Posted by Cliff on Thursday April 26, 2007 @01:17AM from the your-own-mutant-hostnames dept.

Biff98 asks: "We manage thousands of hostnames for field gear with DynDNS.org. It's always been our intention of configuring our own DDNS server and bring it in-house. Given the recent DynDNS outage due to a DDOS attack, resulting in the inability to resolve names for multiple days, there has been 'encouragement' from management to move forward on bringing DDNS in-house. Here's the problem: I can't find any easy-to-use, scalable software to accomplish this task! BIND doesn't scale well, and I don't consider MintDNS an option due to the required platform (Windows Server w/ AD & IIS). Has anyone out there solved this problem before?"

4 of 67 comments (clear)

Min score:

Reason:

Sort:

BIND does not scale??? by WindBourne · 2007-04-26 01:27 · Score: 4, Insightful

Exactly what do you think runs the bulk of the internet? That is like saying Linux or Solaris or sendmail do not scale well.

--
I prefer the "u" in honour as it seems to be missing these days.
1. Re:BIND does not scale??? by Spazmania · 2007-04-26 01:46 · Score: 4, Interesting
  
  Bind's implementation of dynamic dns is... funky at best. It syncs changes to disk infrequently and unpredictably, and it does so by rewriting the entire zone file in the same format as it uses for secondaried zones so that any comments or other organization in the affected file is lost. The security is also relatively coarse: the tools don't allow a particular security key to apply to a particular name -- the key applies to a whole zone. If you have a large number of devices and want to tightly constrict update access, that poses a scalability problem as you need one zone per device.
  
  Dyndns is likely using Bind at the back end, but they've built another layer of security and management on top of it. Biff98 is looking for software that does the whole job out of the box.
  
  --
  Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
2. Re:BIND does not scale??? by Just+Some+Guy · 2007-04-26 02:01 · Score: 4, Interesting
  
  The security is also relatively coarse: the tools don't allow a particular security key to apply to a particular name -- the key applies to a whole zone.
  
  BIND9 addresses this with update-policy which can map an individual TSIG key to a specific name (or subdomain or wildcard). You can say that "key 'laptop23.example.com.' can update an A record with the same name".
  
  I won't disagree about the dynamic zone file ugliness. I usually put dynamic hosts in their own subdomain so that my main zone file can remain nicely human-friendly. For example, we'd use ".mobile.example.com" and put it in its own zone file. The file for ".example.com" will still be nice, and if every record in ".mobile.example.com" is dynamic, who cares if it's a machine-generated mess?
  
  --
  Dewey, what part of this looks like authorities should be involved?
BIND doesn't scale well by JackHoffman · 2007-04-26 01:33 · Score: 4, Funny

BIND does indeed not scale well. Down, that is.