Networking: Full DNS Server
It would be nice if Astaro could be used as a fully-functional DNS server with backward look up zones and all.
At the moment SOHO networks with no internal DNS server are unable to perform reverse DNS and other features.
wingman
shared this idea
23 comments
-
christian kueppers
commented
That´s what I´m looking for. Can´t be difficult.UTM is now creating a zone in BIND for every host and reverse entry, regardsless the DNS-Suffix.
-
Dave Crumbacher commented
At a minimum, supporting reverse DNS would be very helpful.
-
Linkz0rs commented
One more thing... I would prefer this (since by slaving OpenNICs root zone) I would avoid having to set DNS forwarders, and can instead receive DNS info/traffic from OpenNIC... I have tested this fully on Bind before, and would like this in Astaro. :)
This way, using OpenNIC as my trusted ROOT server... I trust OpenNIC fully, as I have used them previously (but using an already existing T2 server is a bit slow... Using my own is VERY FAST). -
tom
commented
This is especially important as Astaro supports IPv6, and it would be really nice if it could automatically create IPv6 reverse DNS for RADVD clients.
-
darko
commented
unbound
-
Bob Alfson
commented
Also, the ability to create multiple A records for an FQDN. That would solve a long-standing problem with Network Definitions. At present, it's not possible to create a network which is a list of IPs; each IP must be assigned to a separate Host definition, and then the separate definitions loaded into a Network Group. If it were possible to assign multiple IPs in a static DNS mapping, a 'DNS Group' Network Definition would solve the problem cleanly.
-
Andreas Melcher
commented
I would suggest looking into http://cr.yp.to/djbdns.html for this task. There is a single program for each DNS task so that all duties are separated as one would like to have on a firewall. Furthermore the config files are already prepared to be worked on by programs. Most important: this tool has an extremely low memory and performance footprint which makes it usable even in the smallest boxes.
-
markmurphy commented
Would like a option to create internal zone both forward and reverrse so internal DNS would not be needed. There is another reqest for full fuction DNS so I will support that reqest as it more accurately reflects what I am asking for
-
ktsumura
commented
Lotus Domino/Notes user has many cases that install an SMTP relay server and an outside public DNS server in the DMZ. There is a demand to want to use those functions in Astaro, and want to remove a DNS/SMTP relay server in the DMZ.
-
Poul Petersen
commented
In a few words, there are two reasons:
1) Allowing the branch offices to be authoritative reduces load on the central server
2) Caches expire, an authoritative slave can continues to function indefinitely. -
rene.gordon
commented
This is a required feature especially for the home use market. Everyone now has an access point and several devices in the home.
-
Poul Petersen
commented
No - because in a split DNS configuration, I have zones that are only available to my internal network. So the ISP DNS servers have no knowledge of those domains. And just because the link to my primary internal DNS server might be down, does not mean that those internal domains are not needed. For example, even the branch office itself may need to resolve local resources (say an office printer).
Being able to slave domains also means that I can manage the domains using bind configuration files (or powerDNS etc etc) instead of the astaro GUI at each of dozens of sites.
-poul
-
Bob Alfson
commented
If the local ISP DNS Forwarders are listed after the "master proxy" at each location then doesn't that give you what you want?
-
Poul Petersen
commented
Ideally, I want each branch office to be able to function completely independently even if the core office is hit by a tornado (or a long power outage for that matter). Working as a cache is insufficient in two ways:
1) Caches expire, so if the outage is long the DNS server will eventually stop working. If I increase the cache timeout, then I can't change records quickly
2) Relying on a single proxy master makes it difficult for the branch offices to use their own local ISP DNS servers as forwarders, so that they can resolve domains that I don't serve directly from their own DNS service.
The second point is especially difficult in the case of split domains. Say my "external" ips are "foo.com" and my branch offices are "city1.foo.com" and "city2.foo.com", and that the internal and external domains are served by separate DNS servers. If the connection to the internal DNS servers goes down, then even though the external DNS servers are still working correctly, the branch offices will not be able to resolve even the "external" IPs which may be working fine.
In any event, slaving the domains allows each branch office DNS server to be authoritative for all internal domains and for the branch office domain itself, which is more tolerant of failures.
-
Bob Alfson
commented
Interesting, Poul. Can you explain in just a few words why this cannot be accomplished by having the branch Astaro DNS Proxies point to the central DNS server as a unique forwarder? In the event of a network disruption, wouldn't the local DNS cache of each Astaro likely have the needed information?
Cheers - Bob
PS I'm not suggesting that my idea will work, I'm just trying to understand your idea better. -
wingman
commented
That's really useful for home users with no internal DNS. At the moment, I have not reverse dns ability
-
Bob Alfson
commented
Yes, it shouldn't be that difficult to make the proxy into a full-fledged DNS.
-
Bob Alfson
commented
Mark, do you have the Astaro listed as a forwarder for your internal DNS? Isn't this functionality already available if your internal DNS server allows it?
