7

Decided to move my windows based DNS servers to linux. The problem is I need to be able to dynamically update zone files without having to restart bind. It seems the most popular solution is to install bind drivers for a database server ( postgresql, sqlite, mysql ) and then update the zone file. Seems simple enough but I can't get it to work for the life of me.

I'm currently using Amazon Linux distribution but I've tried everything in RHEL 6.2 as well with no more luck.

I've tried a few different methods. The first one was to compile bind with the source code changes for mysql support http://pbraun.nethence.com/doc/net/bind-mysql.html. This compiles fine with the changes and I get no errors but after running make install all the binaries get copied to /usr/local/sbin but I can't seem to start the daemon process I run service named start and it just tells me there's no service named named ( no pun intended ). Secondly none of the configuration files are generated. So I created a file named.conf and put it in /etc/named.conf then ran /usr/local/sbin/named-checkconf and it told me it couldn't find the file /etc/named.conf so i have no idea.

Next thing I tried was to install the package bind-sdb and use postgresql. Packages installed yum -qy bind bind-sdb bind-utils postgresql postgresql-server Following the steps on http://bind-dlz.sourceforge.net/postgresql_example.html I created a new postgre database and table etc. Below is my current named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { 127.0.0.1; };
    listen-on-v6 port 53 { ::1; };
    directory       "/var/named";
    dump-file       "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; };
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";
};

logging {
    channel default_debug {
            file "data/named.run";
            severity dynamic;
    };
};

zone "." IN {
    type hint;
    file "named.ca";
};

dlz "my.zone" {
   database "postgres 1
   {host=localhost port=5432 dbname=bind user=postgre password=****}
   {select zone from dns_records where zone = '%zone%'}
   {select ttl, type, mx_priority, case when lower(type)='txt' then '\"'
         || data || '\"' when lower(type)='soa' then data || ' ' || resp_person || ' '
         || serial || ' ' || refresh || ' ' || retry || ' ' || expire || ' ' || minimum
         else data end from dns_records where zone = '%zone%' and host = '%record%'}";
};

include "/etc/named.rfc1912.zones";

Output from my database table

    zone    |    host     |  ttl   | type | mx_priority |          data          |     resp_person      | serial | refresh | expire | minimum
------------+-------------+--------+------+-------------+------------------------+----------------------+--------+---------+--------+---------
 my.cloud   | my.cloud.   | 259200 | SOA  |           0 | dns01.my.cloud.        | it.cloud.com.        |      1 |   28800 |  86400 |   28800
 my.cloud   | my.cloud.   | 259200 | NS   |           0 | dns01.my.cloud.        |                      |      0 |       0 |      0 |       0
 my.cloud   | dns01       | 259200 | A    |           0 | 127.0.0.1              |                      |      0 |       0 |      0 |       0
(3 rows)

Open to any solutions really if someone could point me in the right direction. I'd prefer to use MySQL as the database because I have 0 experience using postgresql or sqlite.

bwight
  • 793
  • 1
  • 6
  • 14
  • I noticed that the database table was missing the RETRY column so i added that, but still the same result. I try to start the service and it fails with no errors. – bwight Mar 01 '12 at 21:34

4 Answers4

11

Maybe be not really an answer to your question, but anyway. (I was also investigating this issue recently, and here's my conclusions):

DLZ support in BIND9 looks more like a "patch". It is not well documented - not a single word about it in BIND ARM. It seems to be not widely used. Query performance is terrible - according to this benchmark, PostgreSQL is going to be 30 times (!) slower than the normal in-memory operation. (the benchmark is old, but there's no reason to assume that things improved drastically).

I don't think it's a "most popular solution".

Other options:

BIND9 supports dynamic updates. It's well documented, widely used and is easy to implement. No performance penalty - all the queries still answered from memory. Setup is simplier as no database required. You perform updates programmatically using DNS protocol libraries (which probably exist for most languages, I myself use PHP) or via command line nsupdate tool. This is the solution I'd recommend.

If you really want database - PowerDNS seems to be designed to be used with database backend. It have features that may help not completely sacrifice the performance when using database, like it can cache database queries for some while instead of querying database each time. Some decent DNS hostings use PowerDNS.

More exotic option - BIND10, while still work in progress, yet developers claim that people actually use it in production. Currently BIND10 uses SQLITE backend.

Sandman4
  • 4,045
  • 2
  • 20
  • 27
  • I'll investigate a few of these options. Really performance is not a big problem for my scenario. I have 2 zones with maybe 20 hosts if that. I need a database or a good API to add / remove records because the environment is dynamic and each server is responsible for updating the dns server when its created. I had another solution which edits the text files but that just gets messy i'd prefer to store it in a db or have an api command i can run remotely. – bwight Mar 01 '12 at 23:02
  • Can you link me to where you found the PHP api to perform these updates programmatically. That could solve the problem for me as I plan on having a php webservice that's responsible for updating dns. The original plan was to update the database but if i can update bind directly using an api that will work too. – bwight Mar 01 '12 at 23:04
  • It's on PEAR. NET_DNS and NET_DNS2. I use 2. – Sandman4 Mar 02 '12 at 03:59
  • 1
    I think all these solutions would work but I was able to get powerDNS running without any problems yesterday with a MySQL database. Thanks for your help. – bwight Mar 02 '12 at 14:35
  • BIND10 was abandoned by ISC by the way. – Thomas Ward Mar 12 '20 at 13:30
6

For completeness, to address the original requirement ("dynamically update zone files without having to restart bind"): edit the zone file(s), send SIGHUP to named. The daemon will re-read the zone files.

Mark Wood
  • 161
  • 1
  • 2
2

It's a bit late, but I have made a tutorial here.

DLZ support is fully integrated into bind9, you just need to enable it when running ./configure.
It's not difficult, in fact, it's quite simple, but it's very badly documented.
My tutorial changes that.
Now it shouldn't take you longer than 30 minutes (including compilation time) to get it up and running.

Unfortunately, I can't copy the tutorial here, it's too large.

Quandary
  • 974
  • 4
  • 18
  • 34
1

you can use bind-sdb module, but unfortunately its just support ldap and pgsql

# yum install -y bind bind-sdb

Ehsan Hedayatpour
  • 11
  • 3