FirstDNS

Archive mensuelles: avril 2015

System NS. The inside

Initially, the intended purpose of the System-NS was to become a service for personal use. However, we (developers) have been carried away while designing it, so our project turned out to become a shared resource.

How it was done

Not so long ago we found ourselves in need of the secondary DNS service in order our servers to be available during the downtime of the master server. Since the solutions available on the market did not meet our needs, we started the development of our own project in November 2012. It was designed to: 1. update and configure the slave-zones of all servers at the fastest possible rate 2. allow avoiding the need to install and configure additional central administration applications or to perform static configuration of updates/add zones with predefined list of master server’s IP-addresses.

Thus, our project became available on January 21, 2013, and its popularity was gradually growing. Initially, only secondary DNS service was available, but then we added the dynamic DNS and the managed DNS services in quick succession. The domain information storage system chosen in a course of the secondary DNS service development allowed reading and editing a huge amount of records almost instantly, which led us to the idea of creating the dynamic DNS. After the successful development and testing of the said service, we found ourselves pondering of what to do next. Some bright guy from the staff (no one knows who exactly, but everyone is sure that it was his very idea) said: “Why would we manually edit domains if we can design a domain management interface.” (I, for one, am positive that the idea was mine).

After implementing the simple interface for editing domain records, we added a feature of transferring the secondary domain to the managed domain, since some of our users could be interested in it. During the course of development we faced the need to import domains by means of a ready zone (e.g. as a bind file) or by using AXFR. This feature came in handy on multiple occasions, thus, we added it to the public release.

Please find below a short summary of our services and their features:

Secondary. Quick, convenient, and easy zone transfer in a single click. Its operating sequence is as follows: “who the domain is served by” request addressed to root servers, polling every server from the received list, and the AFXR transfer attempt prior to the first response. Dynamic. Instant cache reset after updating IP-address. Implementation of IP-address management by means of API calls. Examples of auto-update scripts for Windows, OS X, Linux, EC 2, and OPENWRT are available on our website.

Managed. Provides convenient tools for editing zone contents, including ability to import them from the BIND zone file format, or by the direct AXFR transfer query to the specified master server.

One of our development objectives was to involve as many external modules as possible to avoid writing more code. We spent plenty of time looking for suitable modules (ones that provided all the necessary functions and did not contain bugs). During this search several junior employees lost their faith in the impeccability of open source projects. After a lot of struggle we decided that ZF2 – Doctrine ODM – BjyAuthorize – ZfcUser would be our combination of choice.

Please find below some details about the said components: Frontend: 1. Zend Framework (ZF) 2. We already happened to involve ZF into several prior projects, and after the System-NS development started, we were looking forward to work with ZF2, since it appeared to be more convenient and efficient than its predecessor. 2. Doctrine ODM. Module that enables mongoDB documents conversion into php objects. This module was chosen for virtually one purpose: to see what advantages it could provide when working with mongoDB (usually we work with our own class/wrapper). This module appeared to be excessive and somewhat inconvenient. 3. MongoDB. Distinguished document oriented database, which we use for virtually each of our projects. Its sole disadvantage is a lack of transactions, however, they can be implemented, should one be determined to do so. 4. BjyAuthorize. Provides means of restricting access to certain site sections, based on the user “role”. 5. ZfcUser. User management module complete with configurable registration and authorization procedures. Fully compatible with the Doctrine ODM and the BjyAuthorize. 6. Twitter Bootstrap. Nifty set of the CSS templates that greatly simplify the responsive design task and layout in general.

Backend: 1. Self-written DNS server (C++) – worth attention on its own. Currently, I cannot provide too many details due to the respective NDA terms. The sole reason for writing it was to deal with any performance issues. Our setup includes a single 2 GHz core capable to process up to 3-3.5 million queries per second, which corresponds to approximately 1.4 Gb of DNS traffic (average). The same technology, courtesy of the owner, was implemented into public service in a slightly abridged form. It has its own controllable cache, but generally depends on the external data store. 2. Memcached – used as a binary-structured repository for the domain zone records for the sole purpose of avoiding memory allocation in the DNS daemon (please refer to the next paragraph for details). We also considered the fact that the DNS tcmalloc would be arguably faster, but in the end it was decided not to burden the dns with extra functions. 3. Self-written daemon that replicates server data and saves snapshots to the hard drive (C++).

Physical location of the service is shared between six servers. Four of the said servers (located in Canada, France, Ukraine, and Russia respectively) host the frontend component. The other two servers (located in Norway and Czech Republic) are used only for data replication. We are using failover traffic balancer provided by the Clustertech AS (Norway) located on the anycast segment, which will be presented for public usage in the near future (2015Q2).

Since the basic service is free, we’re not maintaining our own anycast segment by its cost (we have there spective capabilities, however). It is quite possible, though, that we will start to.

We always do everything possible to answer our users’ requests quickly to product support service and check any received feedback. Also, we welcome any suggestions that would help us to improve our services and add new features, so that product can become more convenient to use.

Currently, all the site services are available absolutely free. Upon completing registration, you will get a license to operate a certain number of domains. Subscribing to our Facebook page will yield a nice bonus, too.

Thank you for your attention and being interested in our service.

submitted by systemns
[link] [1 comment]

Powered by WPeMatico

Can DNS respond to a query different depending on which network the client is on?

As an example, I have a DNS server that is on 10.0.1.10 . I have two networks: 10.0.1.1/24 , 10.0.2.1/24, and clients on each network. I have a client (foo.bar.com) which has interfaces on each of these networks: 10.0.1.5 and 10.0.2.5. My DNS server is accessible from all clients on all of my networks.

Is there a term, feature, hack, etc, that would allow this DNS server to respond to queries and give out network specific information? For instance, can a client on 10.0.1.1/24 network ask for foo.bar.com and get a response for 10.0.1.5, and a client on 10.0.2.1/24 ask the same query and get a response for 10.0.2.5? I want clients on each network to always get to foo.bar.com using the interface that foo.bar.com has on that respective network. I am hoping that host-files on clients isn’t the only approach for this…pleease not host files.

submitted by nebbbben
[link] [4 comments]

Powered by WPeMatico

DNS failing for Domain

Hey r/DNS I’m a new sysadmin for a small business and I’ve encountered what I believe to be a strange DNS issue.

Individual clients are unable to correctly resolve host names for servers inside our domain. This issue is intermittent and will only affect a single machine at a time, and I am unable to find any common link between affected machines. It has affected machines in different physical locations, different OS’s (win 7 and 8) and various levels of patching (fresh image to fully patched version of windows). It has affected at some point 70% of the machines on our network, often affecting the same machine multiple times. Frequency is approximately 1 per day across a total of 100 connected machines.

On an affected machine we can still able to ping the IP address directly and NSLOOKUP will correctly return the address. On an individual machine level I can release and renew IP address which resolves the issue. Flushing DNS does not. Affected machines never have issues resolving host names outside of our domain. As I understand NSLOOKUP will bypass the windows DNS client which makes me think the local DNS has been poisoned somehow, but I do not understand what causes this and how to permanently resolve?

Any help or direction you guys could point me in would be much appreciated!

submitted by PStyleZ
[link] [comment]

Powered by WPeMatico

Locally Hosted DNS server?

I’m attempting to create my own server, the goal was to make mini version of a professional platform (minus all the security enhancements) all i have left to do is host my own DNS but I’m having trouble finding any free DNS program that works. I tried Bind but that required an account and subscription which i don’t want to bother with. Like i mentioned, this was meant to be a self-sustaining server with no need for domain hosting services. MaraDNS/Deadwood seemed promising but there were run-time errors and unfortunately couldn’t get it running. The first attempt at making an accessible site was made with PolarWebSrv but I had some problems with it, but it had the most potential for all-in-one hosting. Anyone else know of a way to host your own DNS server?

submitted by whatever_isnt_taken
[link] [4 comments]

Powered by WPeMatico