One of my current projects is to create a new public dns authoritative nameserver set (fully HA). For this I spent a couple of days doing research which open source software is currently available and up to date.
Obviously the first software which pop into mind is Bind. It's been there forever, at least it feels that way, and is still probably the most used DNS software for authoritative nameservers. On the other hand Bind can be complex to users which do not fancy the command line. This means I want to offer a user interface. As we've entered the ages of Devops and CI/CD, the new DNS servers should also be capable to receive updates or new entries "from a machine" using an API or something similar.
Recent blog articles and discussions led me to PowerDNS. At the begin I was skeptic (as always) but the more I read about it, it started to make sense to use PowerDNS as new "core" software because it already comes with an API.
As companies and in general the Internet (finally) becomes more security-aware, there is also need for DNSSEC. At the moment this is optional because the projects goal is to replace the old nameserver set, but I want to enable DNSSEC for all hosted domains later this year. So the better DNSSEC is integrated into the DNS server software, the easier it will be later to activate it.
Last but not least the user interface. That's something I don't really care about that because I'm working on the cli anyway, but I do understand the need for other users. A request I heard a couple of times in the past years came from developers. They wanted to create or modify some entries of a certain subdomains which was used to test new applications. This actually makes sense. Why wait for the admin to change a record in a subdomain which is in the dev environment in the first place? So I was also looking for different user interfaces, especially for UI's with RBAC (role based access control).
After a basic comparison of available software, I came to the following list:
||DNS Software (Core)
| Atomia DNS
||PowerDNS||yes||yes||yes||no*||no*|| February 2019
| Opera DNS UI
||PowerDNS°||yes||yes||yes||yes||yes|| March 2019
* = unable to find documentation
° = Currently only compatible with PowerDNS 4.1 (4.2 not supported yet as of this writing)
+ = documentation states: Note: There's no real support in Poweradmin for DNSSEC record signing, key management and rollover.
There are of course more DNS UI softwares available, but I focused on project activity and recent updates. After some basic and quick&dirty installations of these applications, I finally decided to use the following combination: PowerDNS + Opera DNS UI.
A special article series about PowerDNS will follow. Stay tuned.
No comments yet.
Personal Internet VMware PHP Linux Shell Bluecoat Proxy Windows Hardware Virtualization Nagios MySQL DB Monitoring Mail Android Network Wyse Hacks Tomcat Postgres Apple Mac Surveillance Backup BSD ZFS Solaris SmartOS Unix Multimedia Perl Database MongoDB CMS OTRS FreeBSD Wordpress LXC Nginx Proxmox DNS Graphics GlusterFS Security Chef HAProxy Icinga Ansible HTML MariaDB Containers Rancher Docker AWS ELK Kibana Logstash Filebeat Varnish PGSQL PostgreSQL ElasticSearch CouchDB Bash Macintosh Container Minio Grafana InfluxDB Databases NFS OSSEC SystemD Java Zoneminder Elasticsearch SSL TLS Icingaweb2 Cloud Wireless Kubernetes Ubuntu