My head’s still swimming from my crash course in BIND. I knew enough BIND to be dangerous–I’ve known how to set up a caching nameserver for years, and even stumbling through creating a master server for someone with a fixed IP address who wanted to host a domain wasn’t beyond me. Creating BIND servers for an enterprise isn’t too big of a deal, but creating one right can be.
After reading a lot, I set to the task.
Here’s a hint: If you’re migrating your servers from another OS to some Unixish OS and BIND, you can avoid re-keying all those zone files. (We’ve got more than 60 of the blasted things; our external server alone is 404K worth of configuration files. I didn’t bother to check the internal files.) Set your server to be a slave server to your current server. Be sure to comment out your allow-updates line; BIND 9 will complain if you mention slave servers and updates in the same breath. Now restart BIND (/etc/init.d/bind9 restart in Debian 3.0; the command may be /etc/init.d/named restart or /etc/init.d/bind restart in other distros) and wait. In my case, the files started appearing within seconds, and within a couple of minutes, my server had downloaded all of them. Reset your server to master status, then find a few people to change their TCP/IP configuration to use it. Give it a day or two, and when you’re convinced that all is well, turn off DNS on the old server and put the new server in production.
Yes, my Linux box was perfectly capable of pulling DNS records from an NT-based DNS. This is good. If you’re running DNS on NT currently, I wholeheartedly recommend you migrate away from it. Don’t waste clock cycles and network bandwidth on an expensive NT server. Grab a server-grade machine that’s too old to be a useful NT server and load Linux or some BSD variant on it. I know a company that ran BIND on some old 25 MHz DEC VAX workstations for years. That’s a too low-end to be comfortable, but if you’ve got server-grade 486-66s kicking around in a dusty corner somewhere, they’ll be adequate. A Pentium-133 will treat you a little bit better. A good rule of thumb: If the machine ever ran NT Server with any competence at all (even if it was in 1996), it’s got enough oomph to run BIND.
The nice thing about machines like that is that you usually have more than one of them and it doesn’t cost you anything to keep a hot spare. If one fails, unplug it and boot up the spare. Yes, DNS is mission-critical, but by definition it’s also redundant.
I’m shocked that there isn’t a single-floppy Linux distro that’s basically just Linux and BIND. Here’s a challenge for some sicko: Make a mini-distro incorporating BIND and Linux 1.09 so the minimum requirements will be a 386sx/16 with 2 megs of RAM and an NE2000 NIC.
I believe there are other slick BIND tricks, but I think I’ll wait and see if they work before I go touting a bunch of stuff that might not work.