Replace dnsmasq with BIND9

(Mark Edworthy) #1

Just a thought, I realised that Nethserver is using dnsmasq as the DNS services, but could future versions have BIND9 services instead.

I only ask because Bind is more flexible and more suited to larger network infrastructures then dnsmasq, which would allow the server administrators more configuration possibilities.

I realise that this would involve some extra work, but would allow more of a industry standard within Nethserver (also this would allow for a separation between DNS and DHCP services, which in turn would reduce fallover issues – eg. if DHCP services fail then this setup would still allow DNS to function independently).

External DNS Management
Set up Nameservers
Come on, let's build NethServer 7 all together!
What jobs/tasks is NethServer the best at?
DNS Alias functionality
(Artem Fedai) #2

@medworthy, why do we need monsters :slight_smile:

As for DHCP server we can split DNSMASq and ISC-DHCP

(Mark Edworthy) #3

Ok, I submit that DNSMasq is a viable alternative to Bind, but the Nethserver module / interface that controls this service could do with some work / more features (such as being able to define primary and secondary servers, reverse DNS etc. – I am thinking of similar functions that is incorporated within SUSEs YAST module.)

(Gabriel GHEORGHIU) #4

If NethServer will be a business product, with BIND9 as integrated module (of course with GUI), you can have your own Authoritative Server not only DNS forwarder as with DNSMASQ.
For NethServer as a Home User Product, DNSMASQ it’s enough.

A good comparison between BIND9 and DNSMASQ is here:

(Eddie Atherton) #5

Assuming that you trust your upstream server isn’t spying on you or subverting your requests. :scream:


(Gabriel GHEORGHIU) #6

Hi Eddie,

You are right!
Sincerely, I wrote that sentence because many of community members still want NethServer as Home User Product and not NethServer as Business Product.
I want to use NS as Business Product. This option, BIND9, will be a step forward for a Business Product. IMO.

(Giacomo Sanchietti) #7

Take also a look to unbound which can directly query root DNS.

Multiple External DNS servers
(Filippo Carletti) #8

Before adding unbound, I evaluated and used bind (that I know well having managed a local ISP last century) on NethServer.
I’d select unbound to replace/complement dnsmasq.
I think it will not be hard to switch to unbound even today, with a few hours work.

(Alessio Fattorini) #9

Why do you have preferred unbound rather than bind?

(Filippo Carletti) #10

I needed a recursive caching dns not an authoritative one.

(Walter Schoenly) #11

Just adding my two cents here. I would like a full featured DNS solution. I am currently frustrated with the lack of CNAME functionality in the current implementation. I am sure I will run into other limitations as well.

(Paolo) #12

In order to use nethserver as a domain controller integrated with another microsoft domain controller will be unbounnd a reliable solution ? All articles read used bind 9

(Giacomo Sanchietti) #13

We have no idea since it hasn’t been tested. For now, we are using internal Samba 4 DNS.

(Paolo) #14

I heard someone is currently testing it

(Michael Kicks) #15

Reversing the scenario: is supported by Microsoft the use of mixed AD Domain controllers with Windows and Linux?

Attach a NethServer installation via LDAP to AD is useful, replace the current DC with another one made by NethServer has been tested (if i remember correctly) as a viable path for an existing environment.

But use a dual DC configuration like this seems to set a little timebomb hoping that the timer will be broken.