CODEWITHSUNDEEP
dnsdistributed
Pavel
Pavel

Reputation: 5662

Distributed DNS system with API

When a customer signs up for my service, I would like to create an A DNS entry for them:

username.mydomain.tld pointing to the IPv4 address of the server that hosts their page

This DNS system would ideally:

Is there something awesome fitting that description?

Thanks :-)

Upvotes: 2

Views: 655

Answers (1)

Celada
Celada

Reputation: 22251

You can just use dynamic DNS updates. Here's a very rudimentary application:

  1. Generate a shared symmetric key which will be used by the DNS server and update client:

    dnssec-keygen -a HMAC-MD5 -b 512 -n HOST key.name.

    The key name is a domain name, but you can use anything you want: it's more or less just a name for the key.

  2. Configure bind to allow this key to make changes to the zone mydomain.tld:

    key "key.name." {
    algorithm hmac-md5;
    secret "copy-the-base64-string-from-the-key-generated-above==" ;
}

zone "mydomain.tld" {
    ...
    allow-update { key key.name. ; };
    ...
}

  3. Make changes using nsupdate:

    nsupdate -k <pathname-to-file-generated-by-dnssec-keygen>

    As input to the nsupdate command:

    server dns.master.server.name
update delete username.mydomain.com
update add username.mydomain.com a 1.2.3.4
update add username.mydomain.com aaaa 2002:1234:5678::1

    Don't forget the blank line after the update command. nsupdate doesn't send anything to the server until it sees a blank line.

As is normal with bind and other DNS servers, there is no high availability of the master server, but you can have as many slaves as you want, and if they get incremental updates (as they should by default) then changes will be propagated quickly. You might also choose to use a stealth master server whose only job is to receive and process these DDNS updates and feed the results to the slaves.

Upvotes: 2

Related Questions