1

When a customer signs up for my service, I would like to create an A DNS entry for them:

username.mydomain.tld pointing to the IPv4 address of the server that hosts their page

This DNS system would ideally:

  • Be fairly light-weight
  • Be distributed. A master/slaves model would be fine, potentially with master failover or going read-only when the master is offline.
  • Support changes being made via a nice API (mainly, create/remove A entries)
  • Applies changes instantly (understanding that DNS takes time to propagate)
  • Run on Linux

Is there something awesome fitting that description?

Thanks :-)

Pavel
  • 5,320
  • 8
  • 35
  • 45
  • Both off-topic and impossible as stated. DNS does not propagate changes instantly. – Don Roby Apr 06 '12 at 00:00
  • Edited. I meant to say *applies* changes instantly as opposed to applying changes once an hour or alike. I'll be surprised if this doesn't exist -- seems like a fairly common thing to do. – Pavel Apr 06 '12 at 00:43

1 Answers1

1

You can just use dynamic DNS updates. Here's a very rudimentary application:

  1. Generate a shared symmetric key which will be used by the DNS server and update client:

    dnssec-keygen -a HMAC-MD5 -b 512 -n HOST key.name.

    The key name is a domain name, but you can use anything you want: it's more or less just a name for the key.

  2. Configure bind to allow this key to make changes to the zone mydomain.tld:

    key "key.name." {
    algorithm hmac-md5;
    secret "copy-the-base64-string-from-the-key-generated-above==" ;
}

zone "mydomain.tld" {
    ...
    allow-update { key key.name. ; };
    ...
}

  3. Make changes using nsupdate:

    nsupdate -k <pathname-to-file-generated-by-dnssec-keygen>

    As input to the nsupdate command:

    server dns.master.server.name
update delete username.mydomain.com
update add username.mydomain.com a 1.2.3.4
update add username.mydomain.com aaaa 2002:1234:5678::1

    Don't forget the blank line after the update command. nsupdate doesn't send anything to the server until it sees a blank line.

As is normal with bind and other DNS servers, there is no high availability of the master server, but you can have as many slaves as you want, and if they get incremental updates (as they should by default) then changes will be propagated quickly. You might also choose to use a stealth master server whose only job is to receive and process these DDNS updates and feed the results to the slaves.

Celada
  • 21,627
  • 4
  • 64
  • 78
  • I'd give +2 if I could. I can only add that if you want to do it programmatically, instead of nsupdate you can also use some DNS library such as NET_DNS2 for PHP. – Sandman4 Apr 06 '12 at 09:56