NethServer 8 built in DNS

Hi

I am rather curious if NethServer 8 included DNS will in futute also support CNAMES for any host, not only the NethServer itself.

Nethserver 7 only allows CNAMES for the NethServer, not any other host.

If CNAMES are not possible, one is forced to create an A record, creating a second PTR for the same host, but with a “wrong” name! The more CNAMES needed, the more it becomes useless, at least for monitoring.

A DNS with 2 or more PTRs for the same host is either badly set up - or not really usable!

Note:

Some people are not aware of the fact that in most OS one can enter in several DNS servers, Windows Workstations support 3.
But, as long as the first DNS is working, the other DNS will NEVER be queried, even if they could provide the sought answer.

DNS “consolidation” takes a bit more than that!

My 2 cents
Andy

3 Likes

Well by now the only DNS server software included in NS8 is the Samba built-in DNS and that’s not managed automatically: existing modules do not need an internal DNS service to run. ATM DNS is only a service provided by someone else.

Creating a DNS module for NS8 shouldn’t be too difficult though. Of course it would conflict with Samba DC on port 53, so they can’t live on the same node. I think that’s not a big issue because a NS8 system manages also multiple nodes.

What I’d consider an interesting development is integrating the DNS management in the NS8 core, and fully automating it. Not only to integrate and manage an internal DNS module but also external and public DNS providers, through their APIs. This could be a future goal for our project, I mean something to work on after we reach a stable release.


Edit: this is a related card added one year ago to the project board: Trello

3 Likes

At @davidep

To be honest, tthere is DNSMASK on NethServer which could be used for a form of DNS consolidation.
DNSMask and Unbound both can handle this use case with ease…
DNS Server by Domian…

My 2 cents
Andy

…or Technitium. Dockerized, decent GUI, decent API (helpful for Let’s Encrypt purposes):

1 Like

But does have a security gotcha!..

My 2 cents
Andy

Adding to the DNS discussion, I recently just came accross this DNS solution as well:

MAybe it could of help >sharing is caring<

1 Like

Hi @oneitonitram

There are already quite a few known working DNS out there.

BIND, PowerDNS, Unbound, DNSmasq… more than enough.

Don’t really need a nobody like deSEC here!
And: this is not a list about possible DNS servers, who cares about them!

My 2 cents
Andy

1 Like

actually the developers were contemplating a built-in DNS, meaning one built into NS itself, weather this is achieved by building from scratch, or from taking an existing one and building on top of it, or customizing and help improve an existing one, all these are options.

Now when it comes to software Development @Andy_Wismer all available options and alternatives become a basis for building a knowledge graph for utilization when a software development implementation will take place. No developer wants to re-invent the wheel.

As i said, sharing is caring, you might not like the option, someone else might come across it and it helps them in one way or another.

I know for sure you will never use a free hosted DNS service, but someone else might want one, especially one that integrates with self hosted thingies…

I for one use Cloudns and Bunny DNS, i would love cloudflare, but the features i need from them are in a pricing plan i cant afford.

Also, i don’t self host DNS for many of my core, used to, not anymore, because i cant achieve a proper cluster to prevent complete failure, i guess not enough experience, or not enough resources to put that to function.

@oneitonitram

This discussion was more or less about “established” DNS server(s) being integrated to NS8:
DNSmask, Unbound, BIND or PowerDNS.

A responsible dev will choose an established product for integration, not waste time reinventing the wheel… Especially as the product as such is intended to be stable in the sense of “Rock Solid”…

I don’t see NS8 as a playground - most users here expect the devs to deliver something which will work as a base, like NS7 did, for at least 5-10 years, and that’s what’s called NS8.

Most users could not care less what “someone” wants, at least not in this forum. If it wasn’t in NS7, it can wait until release or after…

My 2 cents
Andy

Hi @oneitonitram

Cloudflare DNS is free of charge.

Create an account.
Create a domain - the same one like the one you use at your regular registrar
Create the same records as the ones you use at your regular registrar
*** At the bottom of the records take the 2 names of the nameservers
Go to your regular registrar and change the nameservers for the ones given by Cloudflare.

Voilà, it works after a few minutes if your regular registrar is fast to propagate the change.

Michel-André

correct i know these, i said some of their DNS functions that i require, are on a price point i cant afford as of yet. so i’d rather go with a provider at a price point i can afford.

they are at the $200 per month price point,

i dont serve that much traffic to warrant me pay $200 monhtly for some 1 or 2 features i require, tha ti can get elsewhere for <$50

1 Like

I’m using a professional DNS-provider - for 7 EUR a year: https://www.core-networks.de

2 Likes

DNS hosting is not easy, especially for critical infrastructure, i learnt that the hard way