[TriLUG] Need secondary DNS provider

Aaron Joyner aaron at joyner.ws
Wed Feb 17 17:27:08 EST 2010 

Btw... BIND has a provision for doing this already via dynamic DNS.
It's even secure when combined with TSIG.  :)  nsupdate is a pretty
straight forward tool to use, and supports secure authentication.  You
could script the addition of new domains and generation of
administration keys for TriLUG users in probably 1d worth of volunteer
work, at the most.  2h if you're familiar with the problem space and
the TriLUG machines.  Then, users do something akin to this to update
RR in their domain:

$ nsupdate
> update delete oldhost.example.com A
> update add newhost.example.com 86400 A 172.16.1.1
> send

Of course, you can limit updates on a per-domain basis, and if you're
feeling paranoid only allow them from localhost.  You could even go so
far as to wrap nsupdate in a quick shell script that would work
something like:
$ updatedns www.example.com 192.168.1.1

And/or provide a shell script users could drop on their machine to
periodically run from cron and update it's DNS record with the TriLUG
server:
$ pushiptotrilugdns www.example.com

Voila, you've re-implemented dyndns and it's many cousins with secure
open standards and a box provided by your local lug.  To boot, you've
made it easy to operate for hundreds of your lug mates, and would
probably learn a thing or two along the way.  :)

Aaron S. Joyner

PS - No, I'm not volunteering to implement it, although I'll volunteer
to consult or help troubleshoot if someone does implement it and runs
into problems.


On Wed, Feb 17, 2010 at 4:36 PM, Joseph Mack NA3T <jmack at wm7d.net> wrote:
> On Wed, 17 Feb 2010, Alan Porter wrote:
>
>> However, what WOULD be hard is the user interface where we allow our
>> members to make changes to their DNS records. We probably don't want to go
>> passing the root passwords around.
>
> If we really want to not duplicate free services, then we should unplug the
> trilug machine, get yahoo e-mail addresses and move the mailing list to
> yahoo.
>
> How about one of the people whose DNS record is being hosted volunteer to
> handle updates on a rotating basis (say for a year at a time). There must be
> 100 TriLUG'ers with their own domain names and hopefully at least one of
> those people can be trusted with the passwd. Does TriLUG want to be known as
> the bunch of Linux enthusiasts who can't run a name server?
>
> I've had only one IP change in 15yrs and that was when the ISP's blocks were
> reassigned. I can't see much keyboard time being required to maintain DNS.
>
> Joe
>
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>

More information about the TriLUG mailing list