New authoritative DNS server setup with user interface in 2019 (a comparison)

Written by - 0 comments

Published on March 15th 2019 - Listed in DNS Linux Ubuntu PowerDNS


One of my current projects is to create a new public dns authoritative nameserver set (fully HA). For this I spent a couple of days doing research which open source software is currently available and up to date.

Obviously the first software which pop into mind is Bind. It's been there forever, at least it feels that way, and is still probably the most used DNS software for authoritative nameservers. On the other hand Bind can be complex to users which do not fancy the command line. This means I want to offer a user interface. As we've entered the ages of Devops and CI/CD, the new DNS servers should also be capable to receive updates or new entries "from a machine" using an API or something similar.

Recent blog articles and discussions led me to PowerDNS. At the begin I was skeptic (as always) but the more I read about it, it started to make sense to use PowerDNS as new "core" software because it already comes with an API.

As companies and in general the Internet (finally) becomes more security-aware, there is also need for DNSSEC. At the moment this is optional because the projects goal is to replace the old nameserver set, but I want to enable DNSSEC for all hosted domains later this year. So the better DNSSEC is integrated into the DNS server software, the easier it will be later to activate it.

Last but not least the user interface. That's something I don't really care about that because I'm working on the cli anyway, but I do understand the need for other users. A request I heard a couple of times in the past years came from developers. They wanted to create or modify some entries of a certain subdomains which was used to test new applications. This actually makes sense. Why wait for the admin to change a record in a subdomain which is in the dev environment in the first place? So I was also looking for different user interfaces, especially for UI's with RBAC (role based access control).

After a basic comparison of available software, I came to the following list:

DNS Solution
DNS Software (Core)
GUI
API DNSSEC
RBAC
Syntax validation
Last change
Atomia DNS
 PowerDNS  yes  yes  yes  no*  no*  February 2019
Opera DNS UI
PowerDNS┬░  yes  yes  yes  yes  yes  March 2019
PowerAdmin  PowerDNS  yes
 no*  no+  no*  yes February 2019
GloboDNS
 BIND
 yes
 yes
 no*
 yes
 yes
February 2019

* = unable to find documentation
┬░ = Currently only compatible with PowerDNS 4.1 (4.2 not supported yet as of this writing)
+ = documentation states: Note: There's no real support in Poweradmin for DNSSEC record signing, key management and rollover.

There are of course more DNS UI softwares available, but I focused on project activity and recent updates. After some basic and quick&dirty installations of these applications, I finally decided to use the following combination: PowerDNS + Opera DNS UI.

A special article series about PowerDNS will follow. Stay tuned.


Add a comment

Show form to leave a comment

Comments (newest first)

No comments yet.