topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 2:56 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Looking for Free Linux DNS server  (Read 7202 times)

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Looking for Free Linux DNS server
« on: February 05, 2013, 03:30 PM »
Okay, I'm probably completely nuts on this one...but I thought I'd ask anyway.

We have a client that got talked into going with a cloud server for their Windows domain via VPN. ...I'll pause here a bit so you can cringe to...

... :D ...

...So as to be expected, the tunnel goes down from time to time (daily...) which prevents the client machines from accessing the (remotely hosted - cloud situated) domain DNS which is of course running in the remotely hosted (cloud situated) DC. So whoever set this (kluge) up made the obvious (mistake) assumption that they could just add the ISP's DNS server as the secondary DNS server for the client machine (turning everything to shit) so that the users could still access the internet when the tunnel went down...in what was described as a daily fashion.

Is it even necessary to say that the aforementioned configuration is doomed to fail (catastrophically)?

So anyway, just for a bit of cost cutting fun (server OSs being $$$), I thought I'd inquire if any one could think of a free Linux/Unix based DNS solution that could properly handle the DNS records for (_msdcs.*) a Windows domain. GUI-less CLI preferred.

Thank you,

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Looking for Free Linux DNS server
« Reply #1 on: February 05, 2013, 04:31 PM »
I heard it's been attempted. And it's not worth the effort based on everything I've ever read about it by those who tried - and failed.

Windows has that fairly weird implementation of DNS for AD that we all 'love,' which doesn't like it not being under the control of a Windows server.

The present setup you're describing is absolutely doomed to failure. As in epic. No two ways.

Holding out false hopes only gets your client pissed off. Best just let it happen and skip the science fair projects. Once it really tanks on them they'll let you fix it correctly.

Just my :two: anyway.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Looking for Free Linux DNS server
« Reply #2 on: February 05, 2013, 05:57 PM »
I heard it's been attempted. And it's not worth the effort based on everything I've ever read about it by those who tried - and failed.

Crap, I was hoping it would at least point to the DC properly so I could use caching for the rest.

The present setup you're describing is absolutely doomed to failure. As in epic. No two ways.

Count with me brother, 5... 4... 3... (hehe) Why is it that nobody ever seems to read that chapter of the manual?? DNS really is simple as hell.

Holding out false hopes only gets your client pissed off. Best just let it happen and skip the science fair projects. Once it really tanks on them they'll let you fix it correctly.

I hear Ya. I just thought it might be a (cheap fix) fun place to stick Linux ... Did I mention that they have 6 locations this into this mess?

x16wda

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 888
  • what am I doing in this handbasket?
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Looking for Free Linux DNS server
« Reply #3 on: February 05, 2013, 08:12 PM »
It seems to have worked for this guy using BIND.

I had BIND set up and working fine for my old company, then we put in Bay infrastructure and installed Bay's NetID to combine DNS and DHCP.  (Wow, how overly complicated can you get!)  But of course then A/D came in (which was a good choice for this company) and since we had the DCs everywhere that took care of our DNS needs without additional infrastructure.
vi vi vi - editor of the beast

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Looking for Free Linux DNS server
« Reply #4 on: February 05, 2013, 09:45 PM »
@x16 - interesting and thx for the link. I'm working my way (slowly) through it. :Thmbsup:

A crony of mine also just sent me a copy of this post found over on linuxquestions.org

It's fairly long:

Spoiler
Actually Microsoft has made it even easier with Server 2008 R2 and Windows Server 2012.

How i got bind as primary DNS server for domain (.home) running alongside Windows ADDS Domain running on 2008 R2 (homedomain.home) running on same network:
in bind on linux (ubuntu):
in /etc/bind/named.conf.local add:

zone "homedomain.home" {
type slave;
masters { $IPv4_addr_of_DC ;};
notify yes;
allow-transfer {any; };
allow-query {any;};
};

zone "_msdcs.homedomain.home" {
type slave;
masters { $IPv4_addr_of_DC };
notify yes;
allow-transfer {any; };
allow-query {any;};
};

then on your DC and load the DNS mmc snap-in:
for both Forward Lookup Zones
_msdcs.homedomain.home
homedomain.home
select Properties and on the Zone Transfer tab select "Only to the following servers".
click edit and add ipv4 address of your linux bind server.

reload configuration in bind
Your Windows Vista, 7, 8 and Server 2008 R2 and 2012 workstations and servers will now identify the SOA for the Active Directory Directory Services.
This works from installer and from change computer name dialogs.
I found that as soon as i added the _msdcs forward zone domain was found immediately.

As stated in the thread, _ldap._tcp.dc._msdcs.DOMAIN.COM is the really important SRV pointer for adding machine to domain bootstrapping, but hardcoding it into a subzone in bind is a silly idea.
by setting up the _msdcs forward zone as a slave you will have full AD functionality being served from your bind while AD DS maintains state of your domain in its structure

hope this helps someone


EDIT:

From "Pro DNS and Bind" by Zytrax:
---
check-names

check-names (warn|fail|ignore) ;
check-names fail;

The check-names statement will cause any host name for the zone to be checked for compliance with RFC 952 and RFC 1123 and take the defined action. Care should be taken when using this statement because many modern RRs e.g. SRV use names which do not meet these standards (they contain underscore) but which are permitted by RFC 2181 which greatly liberalized the rules for names (see labels and names). The default is not to perform host name checks. check-names may also appear in a view or options clause where it has a different syntax.
---

you may need the check-names ignore directive in your slave definitions as lots of AD DS style queries use underscores if you are enforcing RFC 952 style hostnames.
Last edited by MiWLinuxQuestions; 10-27-2012 at 06:18 AM.


I don't know if this solution is specific to the 2k8-R2/2k12 servers, although I would suspect it is since integrating BIND with AD didn't seem to be very workable for 2k3 and earlier. Possibly MS changed their data structures to be more standards compliant? Either way, the above may be worth a try. Doesn't look too complicated to set up.

 :)

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Looking for Free Linux DNS server
« Reply #5 on: February 06, 2013, 06:59 AM »
Hm... Light at end of tunnel may not be train after all. Altho I'm not entirely sure if their server is 03 or above...I certainly hope it's at least 08.

So the question remains, what would be the best/most ideal light weight flavor of Linux/Unix to try labing this with? I want to be sure I can get it to work before suggesting anything.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Looking for Free Linux DNS server
« Reply #6 on: February 06, 2013, 07:01 AM »
So the question remains, what would be the best/most ideal light weight flavor of Linux/Unix to try labing this with? I want to be sure I can get it to work before suggesting anything.
Debian? There's probably more light-weight distros around, but Debian is known for being stability nuts... that also does mean you won't get bleeding edge updated versions of software in the repositories, but do you want to run corporate infrastructure on bleeding-edge? :)

(Also, would you want to run corporate infrastructure on BIND? Hmm.)
- carpe noctem

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Looking for Free Linux DNS server
« Reply #7 on: February 06, 2013, 07:34 AM »
(Also, would you want to run corporate infrastructure on BIND? Hmm.)

Considering the current stunning lack of performance on their network now, they're already in a bind (sorry couldn't resist).

I'm really just trying to pick a lessor evil here.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Looking for Free Linux DNS server
« Reply #8 on: February 06, 2013, 07:36 AM »
I'd be more inclined to stick with CentOS or something similar. Not exactly lightweight. But it was designed for things you want to do. All the security and stability issues were taken into consideration when they built it. It is a server distro. And it is intended for enterprise.
 8)

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Looking for Free Linux DNS server
« Reply #9 on: February 06, 2013, 07:47 AM »
I'd be more inclined to stick with CentOS or something similar. Not exactly lightweight. But it was designed for things you want to do. All the security and stability issues were taken into consideration when they built it. It is a server distro. And it is intended for enterprise.
Does having "enterprise" in the name make it any better, though? Considering that it's community-driven and doesn't have commercial support?

Asking because I simply don't know, if I had any experience with CentOS I'd probably have added that to recommendations as well... but Debian is old, tried, tested, secure+stable and should be pretty fit for servers as well, IMHO :)
- carpe noctem

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Looking for Free Linux DNS server
« Reply #10 on: February 06, 2013, 07:55 AM »
Does having "enterprise" in the name make it any better, though?

It does when it's a 'free' rebuild of  RHEL. ;D

And commercial support for CentOS has been available for some time.

Purpose of CentOS

CentOS exists to provide a free enterprise class computing platform to anyone who wishes to use it. CentOS 2, 3, and 4 are built from publically available open source SRPMS provided by a prominent North American Enterprise Linux vendor. CentOS conforms fully with the upstream vendors redistribution policies and aims to be 100% binary compatible. (CentOS mainly changes packages to remove upstream vendor branding and artwork.). CentOS is designed for people who need an enterprise class OS without the cost or support of the prominent North American Enterprise Linux vendor.

Neither the CentOS Project (we who build CentOS) nor any version of CentOS is affiliated with, produced by, or supported by the prominent North American Enterprise Linux vendor. Neither does our software contain the upstream vendor's product ... although it is built from the same open source SRPMS as the upstream enterprise products.

Note: by agreement, RedHat is never to be explicitly named in anything CentOS publishes, hence the "prominent North American Enterprise Linux vendor" reference. ;)

All that said, Debian, installed as a server, is a fine choice too.

Of course if you really had a big pair, you could also do a complete custom solution based on Arch. That would muy Macho and good for serious bragging rights come next Friday over pizza with the geeks!
 ;D :Thmbsup:
« Last Edit: February 06, 2013, 08:04 AM by 40hz »

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Looking for Free Linux DNS server
« Reply #11 on: February 06, 2013, 08:30 AM »
Does having "enterprise" in the name make it any better, though?
It does when it's a 'free' rebuild of  RHEL. ;D

And commercial support for CentOS has been available for some time.
I knew about that - my point was more along the lines of if you're not getting the full support package directly from the vendor, how much value do you get from CentOS vs. "something else"? Most people I've heard running RHEL isn't so much because of RHEL itself, but for
1) the direct vendor support
2) direct vendor support for 3rd party licensed products (whOracle).

Of course if you really had a big pair, you could also do a complete custom solution based on Arch. That would muy Macho and good for serious bragging rights come next Friday over pizza with the geeks!
...and a "thanks for your time, you can go find a new job now" notice if you did it in an enterprise :)

(Arch's a decent enough distro, I've ran it myself - but it's an "I like to fiddle" distro where things sometimes break. And if you really want the machismo, you'd be running Gentoo anyway... or LFS ;)).
- carpe noctem

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Looking for Free Linux DNS server
« Reply #12 on: February 06, 2013, 08:50 AM »
^LFS is a science fair project. Gentoo might be the ultimate tech wanker's distro if Gentoo could just get its act together a little better - and which they seem to be doing better lately. Besides, you can't say you've really experienced Linux in all its splendor and mystery until you've successfully done at least one Gentoo Stage 3 install. ;D (@f - Since I'm sure you have, you'll know what I'm taking about.)

re: Centos support, take a look here. Check out their customer list.

And yes, you are correct. In business it isn't (or shouldn't) be the software itself so much as how well it can be supported. No argument from me on that point since my entire business is based on that very premise. ;D