Decided to move my windows based DNS servers to linux. The problem is I need to be able to dynamically update zone files without having to restart bind. It seems the most popular solution is to install bind drivers for a database server ( postgresql, sqlite, mysql ) and then update the zone file. Seems simple enough but I can't get it to work for the life of me.
I'm currently using Amazon Linux distribution but I've tried everything in RHEL 6.2 as well with no more luck.
I've tried a few different methods. The first one was to compile bind with the source code changes for mysql support http://pbraun.nethence.com/doc/net/bind-mysql.html. This compiles fine with the changes and I get no errors but after running make install
all the binaries get copied to /usr/local/sbin but I can't seem to start the daemon process I run service named start
and it just tells me there's no service named named ( no pun intended ). Secondly none of the configuration files are generated. So I created a file named.conf and put it in /etc/named.conf then ran /usr/local/sbin/named-checkconf
and it told me it couldn't find the file /etc/named.conf so i have no idea.
Next thing I tried was to install the package bind-sdb and use postgresql. Packages installed
yum -qy bind bind-sdb bind-utils postgresql postgresql-server
Following the steps on http://bind-dlz.sourceforge.net/postgresql_example.html I created a new postgre database and table etc. Below is my current named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
dlz "my.zone" {
database "postgres 1
{host=localhost port=5432 dbname=bind user=postgre password=****}
{select zone from dns_records where zone = '%zone%'}
{select ttl, type, mx_priority, case when lower(type)='txt' then '\"'
|| data || '\"' when lower(type)='soa' then data || ' ' || resp_person || ' '
|| serial || ' ' || refresh || ' ' || retry || ' ' || expire || ' ' || minimum
else data end from dns_records where zone = '%zone%' and host = '%record%'}";
};
include "/etc/named.rfc1912.zones";
Output from my database table
zone | host | ttl | type | mx_priority | data | resp_person | serial | refresh | expire | minimum ------------+-------------+--------+------+-------------+------------------------+----------------------+--------+---------+--------+--------- my.cloud | my.cloud. | 259200 | SOA | 0 | dns01.my.cloud. | it.cloud.com. | 1 | 28800 | 86400 | 28800 my.cloud | my.cloud. | 259200 | NS | 0 | dns01.my.cloud. | | 0 | 0 | 0 | 0 my.cloud | dns01 | 259200 | A | 0 | 127.0.0.1 | | 0 | 0 | 0 | 0 (3 rows)
Open to any solutions really if someone could point me in the right direction. I'd prefer to use MySQL as the database because I have 0 experience using postgresql or sqlite.
Maybe be not really an answer to your question, but anyway. (I was also investigating this issue recently, and here's my conclusions):
DLZ support in BIND9 looks more like a "patch". It is not well documented - not a single word about it in BIND ARM. It seems to be not widely used. Query performance is terrible - according to this benchmark, PostgreSQL is going to be 30 times (!) slower than the normal in-memory operation. (the benchmark is old, but there's no reason to assume that things improved drastically).
I don't think it's a "most popular solution".
Other options:
BIND9 supports dynamic updates. It's well documented, widely used and is easy to implement. No performance penalty - all the queries still answered from memory. Setup is simplier as no database required. You perform updates programmatically using DNS protocol libraries (which probably exist for most languages, I myself use PHP) or via command line
nsupdate
tool. This is the solution I'd recommend.If you really want database - PowerDNS seems to be designed to be used with database backend. It have features that may help not completely sacrifice the performance when using database, like it can cache database queries for some while instead of querying database each time. Some decent DNS hostings use PowerDNS.
More exotic option - BIND10, while still work in progress, yet developers claim that people actually use it in production. Currently BIND10 uses SQLITE backend.
For completeness, to address the original requirement ("dynamically update zone files without having to restart bind"): edit the zone file(s), send SIGHUP to named. The daemon will re-read the zone files.
It's a bit late, but I have made a tutorial here.
DLZ support is fully integrated into bind9, you just need to enable it when running
./configure
.It's not difficult, in fact, it's quite simple, but it's very badly documented.
My tutorial changes that.
Now it shouldn't take you longer than 30 minutes (including compilation time) to get it up and running.
Unfortunately, I can't copy the tutorial here, it's too large.
# yum install -y bind bind-sdb