[114942] in North American Network Operators' Group
In a bit of bind...
daemon@ATHENA.MIT.EDU (Ben Matthew)
Mon Jun 1 06:59:48 2009
From: Ben Matthew <Ben.Matthew@timlradio.co.uk>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Mon, 1 Jun 2009 11:59:30 +0100
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Firstly... I apologise for the atrocious pun in the subject; just can't see=
m to help myself.=0D=0A=0D=0AAnyway my company currently uses BIND for our D=
NS requirements (9.6.0). I'm always pretty keen on updating, when advised t=
o, in order to patch vulnerabilities and so forth as we have a fairly popula=
r website and I'm sure there's lots of nasty little tykes out there ready to=
try and take us down. I have six servers in total, two multi-homed servers=
for ordinary DNS and four servers running an Anycast network (2 x master an=
d slave).=0D=0A=0D=0AAnyway I've recently been investigating other options f=
or DNS as, like many companies currently, we've laid off a bunch of staff an=
d the overhead for maintaining BIND is quite high if done, like us, unassist=
ed and you are editing zone files in a text editor.=0D=0A=0D=0AUltimately fo=
r our simple zones (non-Anycast, basic web forwarders) I want to create a we=
b-app to do this for me, probably in PHP. I could create something that=
:=0D=0A=0D=0A=0D=0A1) Creates a zone file for "mydomain.com" and fills in=
defaults; overrides with options from the web-app if needed.=0D=0A=0D=0A2) =
Updates the existing named.conf file=0D=0A=0D=0A3) Opens a secure conn=
ection to the master, and uploads new config files=0D=0A=0D=0A4) Runs a r=
emote process to restart BIND=0D=0A=0D=0A5) Opens a secure connection to =
slave, updates named.conf=0D=0A=0D=0A6) Runs a remote process to restart =
BIND=0D=0A=0D=0ABut I've had a play with "myDNS" (http://mydns.bboy.net) whi=
ch is capable of serving DNS requests directly from a mySQL database. And i=
t seems pretty good. All my web-app now needs to do is adjust some database=
records and everything else updates automatically. All very cool.=0D=0A=0D=0A=
However, my question is this... Has anyone yet experienced any major proble=
ms with myDNS - either security or reliability? Frankly, I'm a little scare=
d of daring to shift away from a well-established system.=0D=0A=0D=0APerhaps=
you've had the chance to poke about in the code... Is it based on the BIND =
codebase? Does it get security updates when exploits are revealed?=0D=0A=0D=0A=
Finally I've managed to successfully configure BIND 9 as a slave to a myDNS=
server and the AXFR transfers seem to be working fine. This strikes me as =
being quite a nice balance of ease of use and reliability in case myDNS fail=
s on me. Ok I appreciate it doesn't get around security concerns but hey ho=
.=0D=0A=0D=0AOpinions much appreciated.=0D=0A=0D=0ACheers,=0D=0A=0D=0ABe=
n=0D=0A=0D=0A--=0D=0ABen Matthew, Senior Network Engineer=0D=0AAbsolute Radi=
o, One Golden Square, London W1F 9DJ=0D=0ATel: 020 7432 3457 Mobile: 0781746=
4623=0D=0Ahttp://www.absoluteradio.co.uk=0D=0A=0D=0AAbsolute Radio, winner o=
f four Sony Radio Awards in 2009=0D=0A=0D=0A=0D=0A__________________________=
______________________=0D=0ADISCLAIMER =0D=0AThis e-mail message, including =
any attachments, is intended solely for the use of the addressee and may con=
tain confidential information. If it is not intended for you, please inform =
the sender and delete the e-mail and any attachments immediately. Any review=
, retransmission, disclosure, copying or modification of it is strictly forb=
idden. Please be advised that the views and opinions expressed in this e-mai=
l may not reflect the views and opinions of TIML Radio Limited or any of its=
parent and subsidiary companies.=0D=0AWhilst we take reasonable precautions=
to ensure that our emails are free from viruses, we cannot be responsible f=
or any viruses transmitted with this e-mail and recommend that you subject a=
ny incoming e-mail to your own virus checking procedures. Use of this or any=
other e-mail facility signifies consent to any interception we might lawful=
ly carry out to prevent abuse of these facilities.=0D=0A____________________=
____________________________=0D=0ATIML Radio Limited (trading as Absolute Ra=
dio)=0D=0ARegistered office: One Golden Square, London. W1F 9DJ=0D=0ARegiste=
red in England No 02674136 VAT No 927 2572 11=0D=0A=0D=0A=0D=0A
