[82395] in North American Network Operators' Group
Re: Customer DNS records best practices
daemon@ATHENA.MIT.EDU (David Nolan)
Thu Jul 14 20:54:08 2005
Date: Thu, 14 Jul 2005 20:53:40 -0400
From: David Nolan <vitroth+@cmu.edu>
To: Peter Kranz <pkranz@unwiredltd.com>, nanog@nanog.org
In-Reply-To: <200507142145.j6ELj6it002841@nudoubt.darkersun.com>
Errors-To: owner-nanog@merit.edu
--On Thursday, July 14, 2005 2:45 PM -0700 Peter Kranz
<pkranz@unwiredltd.com> wrote:
> I am looking for any suggestions on tool/utilities that you are using to
> allow customers to manager their forward/reverse DNS records that reside
> on your DNS servers. Linux/Unix based preferred.
>
I'll put in a plug here for Carnegie Mellon's NetReg, which I'm currently
the primary maintainer of. We use it to maintain approximately 50K
records in over 100 zones, and the matching reverses (in over 300 zones).
(We also maintain our ISC DHCP servers with the same system, but that seems
of less relevance to you.)
It maintains both the zone data and the bind9 config files for 3 groups of
authoritative servers and a set of recursive servers for our users. It can
push zone updates to the servers via either dynamic dns updates (w/ TSIG)
or via static zone pushes via rsync.
Users can have access to register their own machines via a web interface
(protected via any apache authentication method of your choice). Fine
grained access control provides flexible control of which users can do
which operations.
Its released under an open source license. Requires Apache 1.3.x, MySQL
4.0.x, perl, Bind 9+. Its in use at several other universities, and some
large companies as well.
More information and downloads available at http://www.net.cmu.edu/netreg
If you have any questions, feel free to contact me.
-David Nolan
Network Software Designer
Computing Services
Carnegie Mellon University