Networking: Full DNS Server
It would be nice if Astaro could be used as a fully-functional DNS server with backward look up zones and all.
At the moment SOHO networks with no internal DNS server are unable to perform reverse DNS and other features.
Lotus Domino/Notes user has many cases that install an SMTP relay server and an outside public DNS server in the DMZ. There is a demand to want to use those functions in Astaro, and want to remove a DNS/SMTP relay server in the DMZ.
In a few words, there are two reasons:
1) Allowing the branch offices to be authoritative reduces load on the central server
2) Caches expire, an authoritative slave can continues to function indefinitely.
This is a required feature especially for the home use market. Everyone now has an access point and several devices in the home.
No - because in a split DNS configuration, I have zones that are only available to my internal network. So the ISP DNS servers have no knowledge of those domains. And just because the link to my primary internal DNS server might be down, does not mean that those internal domains are not needed. For example, even the branch office itself may need to resolve local resources (say an office printer).
Being able to slave domains also means that I can manage the domains using bind configuration files (or powerDNS etc etc) instead of the astaro GUI at each of dozens of sites.
If the local ISP DNS Forwarders are listed after the "master proxy" at each location then doesn't that give you what you want?
Ideally, I want each branch office to be able to function completely independently even if the core office is hit by a tornado (or a long power outage for that matter). Working as a cache is insufficient in two ways:
1) Caches expire, so if the outage is long the DNS server will eventually stop working. If I increase the cache timeout, then I can't change records quickly
2) Relying on a single proxy master makes it difficult for the branch offices to use their own local ISP DNS servers as forwarders, so that they can resolve domains that I don't serve directly from their own DNS service.
The second point is especially difficult in the case of split domains. Say my "external" ips are "foo.com" and my branch offices are "city1.foo.com" and "city2.foo.com", and that the internal and external domains are served by separate DNS servers. If the connection to the internal DNS servers goes down, then even though the external DNS servers are still working correctly, the branch offices will not be able to resolve even the "external" IPs which may be working fine.
In any event, slaving the domains allows each branch office DNS server to be authoritative for all internal domains and for the branch office domain itself, which is more tolerant of failures.
Interesting, Poul. Can you explain in just a few words why this cannot be accomplished by having the branch Astaro DNS Proxies point to the central DNS server as a unique forwarder? In the event of a network disruption, wouldn't the local DNS cache of each Astaro likely have the needed information?
Cheers - Bob
PS I'm not suggesting that my idea will work, I'm just trying to understand your idea better.
That's really useful for home users with no internal DNS. At the moment, I have not reverse dns ability
Yes, it shouldn't be that difficult to make the proxy into a full-fledged DNS.
Mark, do you have the Astaro listed as a forwarder for your internal DNS? Isn't this functionality already available if your internal DNS server allows it?