Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Networking: Full DNS Server

It would be nice if Astaro could be used as a fully-functional DNS server with backward look up zones and all.
At the moment SOHO networks with no internal DNS server are unable to perform reverse DNS and other features.

619 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    wingmanwingman shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    Linkz0rsLinkz0rs shared a merged idea: Full DNS Server Management  ·   · 
    markmurphymarkmurphy shared a merged idea: Configure DNS as a Secondary server for internal DNS  ·   · 

    27 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        Currently, it's a limitation of utm that only one ip address is allowed per static host. If you want to allocate static ip addresses for a laptop which has wired and wireless NICs, this means you have to create two static hosts. This uses two of the allowed number of hosts when there is actually only one physical host. Even if there is not a "full DNS server", this limitation should be fixed.

      • Leen KeusLeen Keus commented  ·   ·  Flag as inappropriate

        This feature request is here now for several years, why is it so difficult? I have installed 2 FreeNAS systems (1 backup), but we could not reach them because of this lack. I had to install a Linux machine with dnsmasq to solve this problem. Please solve it!

      • christian kuepperschristian kueppers commented  ·   ·  Flag as inappropriate

        That´s what I´m looking for. Can´t be difficult.UTM is now creating a zone in BIND for every host and reverse entry, regardsless the DNS-Suffix.

      • Linkz0rsLinkz0rs commented  ·   ·  Flag as inappropriate

        One more thing... I would prefer this (since by slaving OpenNICs root zone) I would avoid having to set DNS forwarders, and can instead receive DNS info/traffic from OpenNIC... I have tested this fully on Bind before, and would like this in Astaro. :)
        This way, using OpenNIC as my trusted ROOT server... I trust OpenNIC fully, as I have used them previously (but using an already existing T2 server is a bit slow... Using my own is VERY FAST).

      • tomtom commented  ·   ·  Flag as inappropriate

        This is especially important as Astaro supports IPv6, and it would be really nice if it could automatically create IPv6 reverse DNS for RADVD clients.

      • Bob AlfsonBob Alfson commented  ·   ·  Flag as inappropriate

        Also, the ability to create multiple A records for an FQDN. That would solve a long-standing problem with Network Definitions. At present, it's not possible to create a network which is a list of IPs; each IP must be assigned to a separate Host definition, and then the separate definitions loaded into a Network Group. If it were possible to assign multiple IPs in a static DNS mapping, a 'DNS Group' Network Definition would solve the problem cleanly.

      • Andreas MelcherAndreas Melcher commented  ·   ·  Flag as inappropriate

        I would suggest looking into http://cr.yp.to/djbdns.html for this task. There is a single program for each DNS task so that all duties are separated as one would like to have on a firewall. Furthermore the config files are already prepared to be worked on by programs. Most important: this tool has an extremely low memory and performance footprint which makes it usable even in the smallest boxes.

      • markmurphymarkmurphy commented  ·   ·  Flag as inappropriate

        Would like a option to create internal zone both forward and reverrse so internal DNS would not be needed. There is another reqest for full fuction DNS so I will support that reqest as it more accurately reflects what I am asking for

      • ktsumuraktsumura commented  ·   ·  Flag as inappropriate

        Lotus Domino/Notes user has many cases that install an SMTP relay server and an outside public DNS server in the DMZ. There is a demand to want to use those functions in Astaro, and want to remove a DNS/SMTP relay server in the DMZ.

      • Poul PetersenPoul Petersen commented  ·   ·  Flag as inappropriate

        In a few words, there are two reasons:
        1) Allowing the branch offices to be authoritative reduces load on the central server
        2) Caches expire, an authoritative slave can continues to function indefinitely.

      • rene.gordonrene.gordon commented  ·   ·  Flag as inappropriate

        This is a required feature especially for the home use market. Everyone now has an access point and several devices in the home.

      • Poul PetersenPoul Petersen commented  ·   ·  Flag as inappropriate

        No - because in a split DNS configuration, I have zones that are only available to my internal network. So the ISP DNS servers have no knowledge of those domains. And just because the link to my primary internal DNS server might be down, does not mean that those internal domains are not needed. For example, even the branch office itself may need to resolve local resources (say an office printer).

        Being able to slave domains also means that I can manage the domains using bind configuration files (or powerDNS etc etc) instead of the astaro GUI at each of dozens of sites.

        -poul

      • Bob AlfsonBob Alfson commented  ·   ·  Flag as inappropriate

        If the local ISP DNS Forwarders are listed after the "master proxy" at each location then doesn't that give you what you want?

      • Poul PetersenPoul Petersen commented  ·   ·  Flag as inappropriate

        Ideally, I want each branch office to be able to function completely independently even if the core office is hit by a tornado (or a long power outage for that matter). Working as a cache is insufficient in two ways:

        1) Caches expire, so if the outage is long the DNS server will eventually stop working. If I increase the cache timeout, then I can't change records quickly

        2) Relying on a single proxy master makes it difficult for the branch offices to use their own local ISP DNS servers as forwarders, so that they can resolve domains that I don't serve directly from their own DNS service.

        The second point is especially difficult in the case of split domains. Say my "external" ips are "foo.com" and my branch offices are "city1.foo.com" and "city2.foo.com", and that the internal and external domains are served by separate DNS servers. If the connection to the internal DNS servers goes down, then even though the external DNS servers are still working correctly, the branch offices will not be able to resolve even the "external" IPs which may be working fine.

        In any event, slaving the domains allows each branch office DNS server to be authoritative for all internal domains and for the branch office domain itself, which is more tolerant of failures.

      • Bob AlfsonBob Alfson commented  ·   ·  Flag as inappropriate

        Interesting, Poul. Can you explain in just a few words why this cannot be accomplished by having the branch Astaro DNS Proxies point to the central DNS server as a unique forwarder? In the event of a network disruption, wouldn't the local DNS cache of each Astaro likely have the needed information?

        Cheers - Bob
        PS I'm not suggesting that my idea will work, I'm just trying to understand your idea better.

      • wingmanwingman commented  ·   ·  Flag as inappropriate

        That's really useful for home users with no internal DNS. At the moment, I have not reverse dns ability

      ← Previous 1

      Feedback and Knowledge Base