WebDNS: A simple system for distributed-management

Thursday, 10 February 2000

Mark Suter <Mark.Suter@member.sage-au.org.au>
Systems Administrator
Information Technology Services
The University of Queensland

WebDNS is a in-house system used to allow support staff to maintain their own host records. This talk will discuss the current system and the future directions that may be taken.

Purpose

Every host that has an IP address should be registered in the DNS.
We should know more than just the hostname.

Assumptions

Cover of_ DNS and BIND_

All DNS related RFCs.

Delegation

At at the University of Queensland, there are three methods of delegation.

None - We edit the zone file on the central nameservers.
Full - A normal DNS delegation to the local nameserver.
WebDNS - A simple system for distributed management.

Delegation: None

Pros
- Simple case - master the zone centrally.
- Administered by Hostmaster (a role - always there).
- Central control for any necessary modifications.
Cons
- Modifications must go via Hostmaster.
- As a result, data often out of date, especially for desktops.

Delegation: Full

Pros
- Total control is passed to department / whatever.
Cons
- No central control short of revoking delegation.
- Requires local nameserver administration and expertise.
- Local Hostmaster is not always present.

Delegation: WebDNS

Pros
- No local nameserver to administer.
- Web interface usable from most clients.
- Less burden of understanding on local support staff.
- Simple host details management.

Some numbers

There are 195 delegated subdomains of uq.edu.au, of which
- 40 are locally edited zone files,
- 42 are delegated to departmental nameservers, and
- 113 are generated by WebDNS, containing 10492 host records.

Architecture

Demonstration: webdns.conf

domain  test2.uq.edu.au
subnet  130.102.93      10-29,30-254
users   suter

The users directive refers to Kerberos accounts, so we benefit from the central account administration. The actual authentication is handled by the webserver, which sets REMOTE_USER appropriately.

Demonstration: host records


130.102.93.10|platypus|Mark Suter|58221|42|411|ASI Pentium III|Linux||950083078|suter
130.102.93.11|bilby|Mark Suter|58221|42|411|Dell PowerEdge 6350|Linux||950083295|suter
130.102.93.12|bigred|Mark Suter|58221|42|411|Sun Ultra 5|Linux||950083295|suter
130.102.93.13||||||||||

Demonstration: WebDNS interface

test2.uq.edu.au

Demonstration: forward zone file

$TTL 86400

@       IN      SOA     cuscus.cc.uq.edu.au. hostmaster.cc.uq.edu.au. (
                        2000020902      ; Serial
                        10800           ; Refresh
                        1800            ; Retry 
                        3600000         ; Expire
                        3600 )          ; RFC 2308 negative cache TTL
        IN      NS      cuscus.cc.uq.edu.au.
        IN      NS      krefti.cc.uq.edu.au.
        IN      MX      0       bunyip.cc.uq.edu.au.

localhost       IN      A       127.0.0.1

bigserver       IN      A       130.102.93.1
; User: Mr Big                  Phone: 112
; Building: AAPT                Room: MR3
; Hardware: Starfire            Operating System: Solaris

platypus        IN      A       130.102.93.10
bilby           IN      A       130.102.93.11
bigred          IN      A       130.102.93.12

Demonstration: reverse zone file

$TTL 86400

@       IN      SOA     cuscus.cc.uq.edu.au. hostmaster.cc.uq.edu.au. (
                        2000020902      ; Serial
                        10800           ; Refresh
                        1800            ; Retry 
                        3600000         ; Expire
                        3600 )          ; RFC 2308 negative cache TTL
        IN      NS      cuscus.cc.uq.edu.au.
        IN      NS      krefti.cc.uq.edu.au.

1       IN      PTR     bigservers.test2.uq.edu.au.

10      IN      PTR     platypus.test2.uq.edu.au.
11      IN      PTR     bilby.test2.uq.edu.au.
12      IN      PTR     bigred.test2.uq.edu.au.

Future Directions

There is a possibility that we may use Lucent's QIP Enterprise or similar in the future.
WebDNS v2.0 may be developed.

WebDNS v2.0

The following items are on the wish list

Use ndc reload <zone> effectively.
Perform more frequent remakes - currently once per hour.
Redesign the front end, possibly in PHP.

More information

Please visit the DNS Resources Directory at http://www.dns.net/dnsrd/. This site contains links to the most useful DNS-related sites on the Internet.
For information on the Apache webserver, go to http://www.apache.org/httpd.html.
The homepage for the Internet Software Consortium's BIND is at http://www.isc.org/products/BIND/.

Thank-you.

Are there any more questions?

Self Reference

This is available on the web at the following addresses.
- As a single page at http://www.uq.edu.au/~suter/talks/webdns/; and
- as slides, starting at http://www.uq.edu.au/~suter/talks/webdns/slide1.html.