djbdns: More Than Just a Mouthful of Consonants
There are many other convenience features that tinydns offers. For example, with tinydns, you do not need to remember to increment the serial on the SOA record each time you change something in a zone file. tinydns automatically generates serials from the last-modified timestamp on the data file, which ensures that they are incremented whenever the file changes.
If you ever have had to migrate DNS for an active domain, you will appreciate per-record timestamps. You can specify an exact time in the future for a record to change, without worrying about how it is cached around the Internet. tinydns dynamically calculates the TTL as it responds to queries. For example, if you want to migrate samba.example.com from 192.168.10.25 to 192.168.10.35 at 2 AM on October 15, 2008, you can add the following two records:
The last field on these records is a TAI64 timestamp representing 2008-10-15 02:00:00. (See Resources for tips on generating TAI64 timestamps.)
A cache that requests the A record for samba.example.com at 1:50:00 AM on October 15, 2008, will receive a response of 192.168.10.25 with a TTL of 600 seconds (ten minutes). A cache that requests the same record at 1:59:45 AM will receive the same response, except with a TTL of 15 seconds. After 2:00 AM, tinydns will begin responding automatically with the new IP, 192.168.10.35. Because all prior responses were set to expire at exactly 2:00 AM, all caches will check back immediately for the new address.
It's the little things like this that make djbdns such a wonderful piece of software.
BIND servers use zone transfers to replicate DNS data between servers. This process is rather complicated, has a history of problems and is not exactly easy to configure. Instead, Bernstein recommends using existing data transfer tools, such as rsync or scp, that are known to be fast, efficient and secure.
Let's add linux3.example.com as second DNS server for the example.com domain. Install djbdns on linux3 and configure tinydns as above (using the appropriate IP address). Update your data file on linux2 with the new record (anywhere in the file is fine):
Next, update /service/tinydns/root/Makefile on linux2 with the new make target. Replace everything in the Makefile with the following:
remote: data.cdb rsync -az -e ssh data.cdb \ 192.168.10.30:/service/tinydns/root/data.cdb data.cdb: data /usr/local/bin/tinydns-data
Be sure to use tabs instead of spaces at the beginning of the command lines in your Makefile. Now, when you run make it will compile data.cdb and immediately rsync it to linux3. We are using the IP for linux3 in the rsync command, because DNS should not rely on itself (it would fail if your DNS was broken). Also, you may want to create a special account for this purpose and configure passwordless ssh access using keys. Dan Bernstein provides more thorough instructions on his Web site for configuring DNS replication.
As I hope you have seen, DNS does not have to be a headache. Although BIND is ubiquitous on Linux, djbdns is more secure, more efficient and simply easier to use. And, now that it has been released into the public domain, there are no longer any philosophical reasons for rejecting it. We've only briefly covered what djbdns has to offer, so I hope you will read the on-line documentation, download it and experiment with it yourself. If you ever have found yourself babysitting a BIND instance, you may want to consider giving djbdns a chance.
Google Disappearing Act: tinyurl.com/ckx6x
DNS Fool Tips: www.dnsfool.com/tips
How to Install djbdns, by D. J. Bernstein: cr.yp.to/djbdns/install.html
Paul Jarc's cache-effect.pl: code.dogmap.org/djbdns
Mike Babcock's dnscacheproc.py: mikebabcock.ca/code/dnscacheproc
Replicating Your DNS Service: cr.yp.to/djbdns/run-server.html#replicate
Getting Started with DevOps - Including New Data on IT Performance from Puppet Labs 2015 State of DevOps Report
August 27, 2015
12:00 PM CDT
DevOps represents a profound change from the way most IT departments have traditionally worked: from siloed teams and high-anxiety releases to everyone collaborating on uneventful and more frequent releases of higher-quality code. It doesn't matter how large or small an organization is, or even whether it's historically slow moving or risk averse — there are ways to adopt DevOps sanely, and get measurable results in just weeks.
Free to Linux Journal readers.Register Now!
- Hacking a Safe with Bash
- Django Models and Migrations
- Secure Server Deployments in Hostile Territory, Part II
- The Controversy Behind Canonical's Intellectual Property Policy
- Huge Package Overhaul for Debian and Ubuntu
- Home Automation with Raspberry Pi
- Shashlik - a Tasty New Android Simulator
- Embed Linux in Monitoring and Control Systems
- KDE Reveals Plasma Mobile
- diff -u: What's New in Kernel Development