On Tue, 2020-08-04 at 15:35 +0200, Nicolas Quiniou-Briand wrote:
My 2 cents: Imre wrote a role  for PowerDns .
Yup, we've been using this role to manage ns.ciphermail.com
, which is
our (hidden) primary nameserver. PowerDNS Authoritative Server is great
because it can store DNS records in lots of different backends and
makes DNSSEC really easy. The role currently only supports the
PostgreSQL backend, but it should be easy to add support for other
backends as well.
What's really cool is that PowerDNS supports the RFC 2136 DNS UPDATE
mechanism  which nicely integrates with our DHCP servers. When a
client (say, a VM) requests an IP address, the DHCP server hands out
the address and simultaneously creates a DNS record pointing to that
address. This record is removed once the client's lease ends. It works
well with DHCPv6 too after a small dhclient configuration change in
There is also a role  for Opera DNS UI  : "A tool to
PowerDNS authoritative server in a corporate LDAP-driven
And Imre is a contributor  on this project ;-)
Haha, I guess I am :)
Opera DNS UI is awesome, it uses the PowerDNS API, has a great web
interface and supports LDAP authentication. We're very proud users.
I'm currently focusing on rewriting debops.dhcpd, but I'm thinking
about integrating our powerdns_auth and dnsui roles into DebOps