Opened 3 years ago

Closed 3 years ago

#11368 closed Feature/Enhancement Request (fixed)

Replace tinydns (from dbndns package) with knot dns for authoritative dns

Reported by: Jamie McClelland Owned by: Jamie McClelland
Priority: Urgent Component: Tech
Keywords: knot dns Cc:
Sensitive: no

Description (last modified by Jamie McClelland)

We've been running tinydns from the {djb,dbn}dns package for our authoritative servers for 10 years and it's time we changed since this software is no longer being updated.

This change is quite painful because our control panel is designed to work with the data form used by dbndns which is quite different from the traditional zone file format used by knot dns. However, this will also provide some benefits (more efficient DNS updates - we don't have to rebuild the whole zone file every time one entry changes).

Change History (6)

comment:1 Changed 3 years ago by Jamie McClelland

Owner: set to Jamie McClelland
Status: newassigned

comment:2 Changed 3 years ago by Jamie McClelland

Description: modified (diff)
Summary: Replace dbndns server with knot dns for authoritative dnsReplace tinydns (from dbndns package) with knot dns for authoritative dns

See also #7966 for plans to replace dnscache.

comment:3 Changed 3 years ago by Jamie McClelland

See #3628 for why we need to make this transition.

comment:4 Changed 3 years ago by Jamie McClelland

Another reason to make this transition is being able to create spf.mayfirst.org (#10499).

comment:5 Changed 3 years ago by Jamie McClelland

I've been slowly making progress on this ticket over the last 4 weeks and am getting close to deploying a server with a copy of our DNS settings for testing.

One last step I am taking first, though, is to set 322 records to disabled. These records either have no NS/SOA record set in tinydns (so our name server doesn't respond to queries about them) OR we have a duplicate A record - with the same domain and IP. tinydns responds with the same IP twice, but knot dns only responds once. So, I'm modifying tinydns to match the knot dns behavior before making the transition to uncover any possible errors.

comment:6 Changed 3 years ago by Jamie McClelland

Resolution: fixed
Status: assignedclosed

Done. We are now running knot.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.