Mar 2, 2012

Configure BIND with database backend and DLZ support


Decided to move my windows based DNS servers to linux. The problem is I need to be able to dynamically update zone files without having to restart bind. It seems the most popular solution is to install bind drivers for a database server ( postgresql, sqlite, mysql ) and then update the zone file. Seems simple enough but I can’t get it to work for the life of me.

I’m currently using Amazon Linux distribution but I’ve tried everything in RHEL 6.2 as well with no more luck.

I’ve tried a few different methods. The first one was to compile bind with the source code changes for mysql support This compiles fine with the changes and I get no errors but after running make install all the binaries get copied to /usr/local/sbin but I can’t seem to start the daemon process I run service named start and it just tells me there’s no service named named ( no pun intended ). Secondly none of the configuration files are generated. So I created a file named.conf and put it in /etc/named.conf then ran /usr/local/sbin/named-checkconf and it told me it couldn’t find the file /etc/named.conf so i have no idea.

Next thing I tried was to install the package bind-sdb and use postgresql. Packages installed
yum -qy bind bind-sdb bind-utils postgresql postgresql-server
Following the steps on I created a new postgre database and table etc. Below is my current named.conf

// named.conf
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//options {
    listen-on port 53 {; };
    listen-on-v6 port 53 { ::1; };
    directory       "/var/named";
    dump-file       "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; };
    recursion yes;    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";
};logging {
    channel default_debug {
            file "data/";
            severity dynamic;
};zone "." IN {
    type hint;
    file "";
};dlz "" {
   database "postgres 1
   {host=localhost port=5432 dbname=bind user=postgre password=****}
   {select zone from dns_records where zone = '%zone%'}
   {select ttl, type, mx_priority, case when lower(type)='txt' then '\"'
         || data || '\"' when lower(type)='soa' then data || ' ' || resp_person || ' '
         || serial || ' ' || refresh || ' ' || retry || ' ' || expire || ' ' || minimum
         else data end from dns_records where zone = '%zone%' and host = '%record%'}";
};include "/etc/named.rfc1912.zones";

Output from my database table

    zone    |    host     |  ttl   | type | mx_priority |          data          |     resp_person      | serial | refresh | expire | minimum
------------+-------------+--------+------+-------------+------------------------+----------------------+--------+---------+--------+---------   |   | 259200 | SOA  |           0 |        |        |      1 |   28800 |  86400 |   28800   |   | 259200 | NS   |           0 |        |                      |      0 |       0 |      0 |       0   | dns01       | 259200 | A    |           0 |              |                      |      0 |       0 |      0 |       0
(3 rows)

Open to any solutions really if someone could point me in the right direction. I’d prefer to use MySQL as the database because I have 0 experience using postgresql or sqlite.

Asked by bwight


Maybe be not really an answer to your question, but anyway. (I was also investigating this issue recently, and here’s my conclusions):

DLZ support in BIND9 looks more like a “patch”. It is not well documented – not a single word about it in BIND ARM. It seems to be not widely used. Query performance is terrible – according to this benchmark, PostgreSQL is going to be 30 times (!) slower than the normal in-memory operation. (the benchmark is old, but there’s no reason to assume that things improved drastically).

I don’t think it’s a “most popular solution”.

Other options:

BIND9 supports dynamic updates. It’s well documented, widely used and is easy to implement. No performance penalty – all the queries still answered from memory. Setup is simplier as no database required. You perform updates programmatically using DNS protocol libraries (which probably exist for most languages, I myself use PHP) or via command line nsupdate tool. This is the solution I’d recommend.

If you really want database – PowerDNS seems to be designed to be used with database backend. It have features that may help not completely sacrifice the performance when using database, like it can cache database queries for some while instead of querying database each time. Some decent DNS hostings use PowerDNS.

More exotic option – BIND10, while still work in progress, yet developers claim that people actually use it in production. Currently BIND10 uses SQLITE backend.

Answered by Sandman4

Related posts:

  1. Should I use /etc/bind/zones/ or /var/cache/bind/?
  2. BIND split-view DNS config problem
  3. configure Bind to have a custom domain on tumblr
  4. Mac Os Server, how to make bind point to the same machine bind is installed on?
  5. BIND not answering query

Leave a comment