One of my current projects is to create a new public dns authoritative nameserver set (fully HA). For this I spent a couple of days doing research which open source software is currently available and up to date.
Obviously the first software which pop into mind is Bind. It's been there forever, at least it feels that way, and is still probably the most used DNS software for authoritative nameservers. On the other hand Bind can be complex to users which do not fancy the command line. This means I want to offer a user interface. As we've entered the ages of Devops and CI/CD, the new DNS servers should also be capable to receive updates or new entries "from a machine" using an API or something similar.
Recent blog articles and discussions led me to PowerDNS. At the begin I was skeptic (as always) but the more I read about it, it started to make sense to use PowerDNS as new "core" software because it already comes with an API.
As companies and in general the Internet (finally) becomes more security-aware, there is also need for DNSSEC. At the moment this is optional because the projects goal is to replace the old nameserver set, but I want to enable DNSSEC for all hosted domains later this year. So the better DNSSEC is integrated into the DNS server software, the easier it will be later to activate it.
Last but not least the user interface. That's something I don't really care about that because I'm working on the cli anyway, but I do understand the need for other users. A request I heard a couple of times in the past years came from developers. They wanted to create or modify some entries of a certain subdomains which was used to test new applications. This actually makes sense. Why wait for the admin to change a record in a subdomain which is in the dev environment in the first place? So I was also looking for different user interfaces, especially for UI's with RBAC (role based access control).
After a basic comparison of available software, I came to the following list:
||DNS Software (Core)
| Atomia DNS
||PowerDNS||yes||yes||yes||no*||no*|| February 2019
| Opera DNS UI
||PowerDNS°||yes||yes||yes||yes||yes|| March 2019
* = unable to find documentation
° = Currently only compatible with PowerDNS 4.1 (4.2 not supported yet as of this writing)
+ = documentation states: Note: There's no real support in Poweradmin for DNSSEC record signing, key management and rollover.
There are of course more DNS UI softwares available, but I focused on project activity and recent updates. After some basic and quick&dirty installations of these applications, I finally decided to use the following combination: PowerDNS + Opera DNS UI.
A special article series about PowerDNS will follow. Stay tuned.
No comments yet.
AWS Android Ansible Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Container Containers CouchDB DB DNS Database Databases Docker ELK ElasticSearch Elasticsearch Filebeat FreeBSD GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Icingaweb2 InfluxDB Internet Java Kibana Kubernetes LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Rancher SSL Security Shell SmartOS Solaris Surveillance SystemD TLS Tomcat Ubuntu Unix VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder