4:34 p.m.
On Tue, 2020-08-04 at 15:35 +0200, Nicolas Quiniou-Briand wrote:
My 2 cents: Imre wrote a role [1] for PowerDns [2].
Yup, we've been using this role to manage ns.ciphermail.com, which is
our (hidden) primary nameserver. PowerDNS Authoritative Server is great
because it can store DNS records in lots of different backends and
makes DNSSEC really easy. The role currently only supports the
PostgreSQL backend, but it should be easy to add support for other
backends as well.
What's really cool is that PowerDNS supports the RFC 2136 DNS UPDATE
mechanism [1] which nicely integrates with our DHCP servers. When a
client (say, a VM) requests an IP address, the DHCP server hands out
the address and simultaneously creates a DNS record pointing to that
address. This record is removed once the client's lease ends. It works
well with DHCPv6 too after a small dhclient configuration change in
Debian 10.
[1] https://doc.powerdns.com/authoritative/dnsupdate.html
There is also a role [3] for Opera DNS UI [4] : "A tool to
manage a
PowerDNS authoritative server in a corporate LDAP-driven
environment."
And Imre is a contributor [5] on this project ;-)
Haha, I guess I am :)
Opera DNS UI is awesome, it uses the PowerDNS API, has a great web
interface and supports LDAP authentication. We're very proud users.
I'm currently focusing on rewriting debops.dhcpd, but I'm thinking
about integrating our powerdns_auth and dnsui roles into DebOps
mainline next.
Imre