Author: Joe 'Zonker' Brockmeier
Why would you want to use MyDNS rather than the Berkeley Internet Name Domain (BIND), which is pretty much the standard name server? First, BIND is dangerously close to a monoculture when it comes to name servers — if BIND has a major security issue, most of the Internet suddenly has a major security issue.
Several years ago, BIND had a string of vulnerabilities that convinced me that it would be a Good Thing™ if more people used alternatives to BIND. This isn’t a knock at BIND — its security has been much improved of late, as far as I’m aware. However, I think it’s desirable to have alternatives for vital services like DNS, SMTP, POP3, and IMAP rather than a single dominant program.
Second, I’ve run into “mystery” problems with rndc “connect failed” messages one too many times working with other people’s servers to want to fuss with BIND on my own server. In general, I’ve found BIND to be a hassle to troubleshoot, with error messages that tend to be less than helpful. In short, it’s a matter of personal taste as much as anything.
I use MyDNS for a handful of zones, but MyDNS author Don Moore says it can scale much higher. Moore says MyDNS is being used as primary DNS for directNIC.com, where it handles more than 7 million zones and about 500 queries per second with a single database-only server and two slaved servers — so it should be capable of handling what you throw at it.
Setting up MyDNS
MyDNS is a snap to set up. The latest MyDNS release may not be available as a package yet for most distros, so it might be best to install it from source. Download a source tarball (or one of the RPMs for Fedora Core), unpack it, and change to the source directory. Run ./configure ; make ; make install and that should be it. (Or you may want to skip make install and use CheckInstall to create a package for your distro.) Note that you’ll need the MySQL or PostgreSQL development libraries available to compile it.
Next, you’ll need to create a database, configuration file, and init script for MyDNS. Consult the MyDNS documentation for instructions on creating databases. Run mydns --dump-config > mydns.conf to generate a fresh configuration, then modify the connection parameters and a few other directives. Change the db-host, db-user, db-password, and database variables to match your setup. For the most part, the configuration is self-explanatory.
You may want to restrict the interfaces that MyDNS listens on. By default, MyDNS responds on any interface, but you can change this by setting the listen parameter to specific addresses instead of listen = *, which matches all interfaces.
MyDNS also allows you to tweak cache options, how long it takes for queries to time out, and so forth. MyDNS does not allow AXFR or DNS update by default, but you can enable these functions if you prefer. See the MyDNS documentation for additional info on the MyDNS configuration directives.
The application’s contrib directory includes sample init scripts for Red Hat and other Linux distros and for Solaris. You can modify these for use on other systems. Debian users can use the init scripts found in the mydns-mysql or mydns-pgsql packages.
Using MyDNS
Once you have MyDNS ready to go, you can start setting up your DNS zones. MyDNS offers several ways to do this.
If you already have an existing DNS setup and want to migrate to MyDNS from BIND, you can import your zones using the mydnsimport utility, assuming you have zone transfer (AXFR) enabled. If you want to import, for instance, sample.net, use the command:
mydnsimport -axfr=bindserver.sample.net sample.net
If you’ve been using TinyDNS, you can import the zones from the TinyDNS format using the -t option. For example:
mydnsimport -t /etc/tinydns/root/data
After you’ve imported zones, check your records for errors with the aptly named mydnscheck utility. Running mydnscheck -v will check all of the zones in your database and print the results. Be sure to use the -v option, as mydnscheck alone will not print any results if it does not find errors.
MyDNS offers a few different ways to add new zones that aren’t in BIND or TinyDNS. The first method is to use the create_domain.pl script, which you can find in the contrib directory. Edit the well-commented script to set your defaults. Specifically, you’ll want to set the default mail and master IP address, the hostname prefix of the mail server, master and slave DNS servers, and the hostmaster entry for new zones. Then, when you’re ready to set up a new zone, run the following as root or with sudo:
create_domain.pl --domain=mydomain.net --ip=123.45.67.89 --test
This command will check the MyDNS database to make sure that the domain doesn’t exist already. Once you’re ready to create the new zone, use the --create option to set it up:
create_domain.pl --domain=mydomain.net --ip=123.45.67.89 --create
Note that this script handles only creating a domain; it doesn’t let you add additional hosts. However, MyDNS also has a useful Web front end with which you can add and tweak domains. In the contrib directory, you’ll find a script called admin.php. Assuming you have a Web server with Apache, PHP, and the appropriate database module for MySQL or PostgreSQL, you can use this to administer MyDNS zones.
Again, you’ll need to tweak the script a bit to set up the username, password, and so on for the MyDNS database. Also, if you’re using PostgreSQL rather than MySQL, change the use_pgsql directive to $use_pgsql = 1;.
The Web-based interface does not offer any kind of authentication, so you’ll want to set up htaccess authentication or something similar before putting the admin.php in a publicly accessible place.
The interface is self-explanatory. Just click on Browse to view existing zones, and New to start a new zone.
You can export data from MyDNS using the mydnsexport utility. This will export your zones, by default, in the BIND zone file format. If you’re moving to tinydns, the -t option will export the zone data in tinydns-data format.
For more information on MyDNS, read through the man pages, the documentation, and the FAQ. It’s not hard to get set up, and once it’s running you’ll rarely need to think about it. I would recommend making a regular backup of the database, but MyDNS should require very little attention otherwise.
