ProBIND2 (Re: DNS: BIND vs. WinDNS)

Thu Dec 15 08:10:04 EST 2005

> On 12/14/05, Travis Roy <travis at scootz.net> wrote:
>> Turns out there's ProBIND2, and it's SWEET.
>
>   You might mention *why*... :-)

A couple of reasons Travis didn't mention include:

The configuration files generated by ProBIND are always checked before
they're pushed.  That said, if any errors show up in the process, it will
revert to the last configuration and keep things running until the problem
is worked out.  This is only a feature I was able to reproduce by forcing
a failure to ensure that it worked though, as it never generated a bad
config.

Also, you have a lot of deployment granularity.  You can just push the new
configs to all your name servers if you want and be done with it.  It will
capture the system logs for each server as it reloads configurations so
you can see what happened and confirm thngs if you want. However, you also
have the flexibility to specifically target only one or more DNS servers
with new configurations as a "test" environment of sorts before those
changes are made public.  You can also choose to *just* generate files,
*just* push files, or do both and reconfigure the server to boot (uses
rndc).

It automatically takes care of a lot of the assumed stuff, like PTRs in
reverse DNS, NS records that list your name servers, etc.  That's a great
time saver and certainly helps keep things sane to manage and less of a
hassle, but I find it important also that it allows you to disable them
just as easily.  There's an option when you're adding/editing an A record
to let you decide if you want to add the reverse DNS record or not. 
There's an option when you're adding a target server to include it among
the NS records or not.  And of course, you can go into any of the zones
you've added to the interface to manager and add these records by hand if
you'd prefer.

Finally, templating.  At my last company where I implemented this, we had
lots of domains to manage that were mostly the same.  Tons were registered
just in that period a few years ago where everyone bought every domain
they could find under the sun (I guess some do still do that?) and these
largely all point to the same website, use the same MXs, etc.  Our primary
domains obvously have a lot more details in them for particular hostnames
we use, but the gist is that most are the same. There's a zone in ProBIND2
called TEMPLATE.  Make whatever changes you want globally to start with in
any new zone there and it will act as a template.

Being based on a MySQL database doesn't hurt either as it's easy to get in
and do mass adds/deletes if you want simply by looking at the DB and
formulating a query or two.

>   (Yes, I know I could Google for it myself, and research it, and all
> that.   But:  Travis has already done (at least a little of) that.  If
> he posts his thoughts once, we all benefit from it.  Big benefit
> multiplier there.  Plus I find it more useful when opinions come from
> a known quantity, rather then some random person on the web.  (Not
> everyone here knows Travis, of course, but they at least have his post
> history to go by.)  (And, yes, I *am* going for a world record for
> most convoluted use of parenthetical remarks.  (Just in case you were
> wondering.  (I know you probably weren't.))  (Yes, I'm kidding (about
> the world record part).)))

I'm sorry. I don't speak lisp.
-N