OpenNetAdmin

Track. Automate. Configure.

Home About Features Community Develop
Download this project as a tar.gz file

Managing DNS to a split domain architecture

Colarn

26-10-2010 20:33:42

Hello,

I have been asked to look at the possibility of using ONA to manage two separate named instances. Server names will be listed in both DNS systems, one external and one internal so depending on your location (inside or outside) you will get a different look up IP.

Is this possible from the one ONA management console? From reading so far I noted a suggestion of a 2nd database. If its not possible does anyone have a recommendation? Two separate ONA instances with separate databases or is it possible to do all in the one ONA instance/database?

Thanks in advance for any replies.

Regards,

Colarn

Matt

26-10-2010 22:54:04

This is a very similar situation that I face in my environment as well as I'm sure it is for many.

There are two very experimental features I'm working on that are in various states of completeness.

1. CONTEXTS: This is basically two instances of ONA database tables that are accessible via one code base. It allows you to switch your web interface (or command line interface) to one set of data or the other. For instance you can have an Internal context and an external context. This way your name space can have overlapping names but reflect the inside/outside IP addressing. There are goods and bads with this method but it is currently the most complete solution. Creating a context is not automated and will need to be done manually. DNS builds are exclusive to each context and the data in its table set. For those of you interested in creating a context, just let me know. If I find that many of you are interested I'll work up some procedures on creating contexts. (i.e. I dont have docs for creating it yet, if someone wants to know I'll turn that explanation into said documentation! : )

2. DNS VIEWS: This is also known as split horizon. This is a slightly more complex implementation and is not very complete yet. This allows you to add DNS records to the system but an additional field is required. This defines what view the DNS entry is part of. This option allows a single database/ona install to track multiple overlapping names based on which dns view they belong to. All of the tools and DNS build scripts need to be updated to allow for the added view selection. This work is started but not fully complete or tested for completeness. You should be able to enable this (AT YOUR OWN RISK!!!!) by setting the system configuration value 'dns_views' to 1. Again I'll say, its totally experimental and I've not worked on that section of code in a while so I'm sure you'll find issues with it at some level.

Hope those help. These two have gone on my back burner for awhile.. I'm hoping to dust them off on the next few months.

Colarn

02-11-2010 17:29:17

We are looking to use the build bind script plugins. After some testing and working through different configurations I tried a few things. I tried using name based apache virtual hosts for two seperate ONA directory structures. This worked as far as setting up two different ONA web trees and databases. I did however have the issue that even though I was using two different mysql databases the ona_sys user password was re-set for both databases upon creation of the second database. I could not however get the build bind scripts to work as the external dns we were trying to build was for servers in a different area with different domain/IP records ie DMZ. I then tried IP based virtual apache hosts, worked a little better but still no build bind for the external range.

So to move forward I am going to put the ONA for the DMZ onto one of the machines in that area and leave the internal one where it is and have two completely different ONA installations, one for inernal one for external. Any thoughts on this set up?

Regards,

Colarn.

Matt

09-11-2010 11:19:08

I believe the password was updated because if you use the same ona_sys user on both instances of ONA, the installer is setting up global level user information on the mysql server. You can make them unique on the mysql server by using two different user names. .. so basically when you install the second instance, just user a different username for that instance. maybe ona_sys_ext?

As far as accessing them separately. You must first have the build_bind modules installed on both instances of your ONA install (I sent you the file again so you should be able to install that on your new instance). Then you need to make sure that your dcm.pl script has two configuration files (or you specify a new server url using the -u option) to access the appropriate vhost path.

Separating them entirely as you are suggesting would also work of course.

Hope that helps, sorry for the delay in my response.