Ahh, finally after a hetic two days I get to chill out for a few hours and catch up on some sleep and mail. Its been a fun move from a rather dodgy & insecure Win2K DNS server to a better higher performance one.
Thankfully my old friends at PowerDNS came to the rescue with the software I needed. PowerDNS is a great little DNS server. Its efficent, speedy and best of all gets its data from MySQL, the webs favorite Databse Server (IMHO).
Of course the server was deployed on RedHat Linux on a few Compaq Proliant servers. Which was really nice to see. Just the sheer of these boxes is enough to make a graphics heads mouth water. And what does it run, striped down RH and DNS.. No matter, I don’t expect them to be busy at the moment, but someday, they’ll be banging out the A or AAAA records faster than my granny can slip a shot of sherry (OK both my grannies have been dead for years but you get the idea).
Its a nice little set up all the same. The master MySQL server is located in a private admi network. Each DNS server has an associated MySQL server assigned to it. So there are two servers on each network really assigned to look after DNS. Each slave MySQL server gets its data via replication from the master through a vpn tunnel that connects at random intervals. The cooler thing about this is, that each DNS server also has a slave Mysql server on it. This slave is a slave to the slave box that is replicating the data from the master server through the VPN connection. This adds to a certain amount of redundancy should there be a problem with the MySQL server in each network. But the best part (well I though it was a cool idea), the MySQL servers monitor the DNS server via serial and ethernet to see it all is okay. If its not, it attempts to restart the services. If not well then it simply shutsdown the DNS server and assumes its identity. All while sending us an email and an rather annoyting SMS using the XIAM kit I rescued recently.
Ahh that was fun. It works quite well too. As much of a headwreaking experience it ws however, it was nothing like what I had to go through with the domain registries. But thats another rant and another time.
Nice setup!
I see comments work then….