NethServer 8 built in DNS


I am rather curious if NethServer 8 included DNS will in futute also support CNAMES for any host, not only the NethServer itself.

Nethserver 7 only allows CNAMES for the NethServer, not any other host.

If CNAMES are not possible, one is forced to create an A record, creating a second PTR for the same host, but with a “wrong” name! The more CNAMES needed, the more it becomes useless, at least for monitoring.

A DNS with 2 or more PTRs for the same host is either badly set up - or not really usable!


Some people are not aware of the fact that in most OS one can enter in several DNS servers, Windows Workstations support 3.
But, as long as the first DNS is working, the other DNS will NEVER be queried, even if they could provide the sought answer.

DNS “consolidation” takes a bit more than that!

My 2 cents


Well by now the only DNS server software included in NS8 is the Samba built-in DNS and that’s not managed automatically: existing modules do not need an internal DNS service to run. ATM DNS is only a service provided by someone else.

Creating a DNS module for NS8 shouldn’t be too difficult though. Of course it would conflict with Samba DC on port 53, so they can’t live on the same node. I think that’s not a big issue because a NS8 system manages also multiple nodes.

What I’d consider an interesting development is integrating the DNS management in the NS8 core, and fully automating it. Not only to integrate and manage an internal DNS module but also external and public DNS providers, through their APIs. This could be a future goal for our project, I mean something to work on after we reach a stable release.

Edit: this is a related card added one year ago to the project board: Trello


At @davidep

To be honest, tthere is DNSMASK on NethServer which could be used for a form of DNS consolidation.
DNSMask and Unbound both can handle this use case with ease…
DNS Server by Domian…

My 2 cents

…or Technitium. Dockerized, decent GUI, decent API (helpful for Let’s Encrypt purposes):

1 Like

But does have a security gotcha!..

My 2 cents