Date: Wed, 29 Apr 2009 12:01:28 +0100 From: Vincent Hoffman <vince@unsane.co.uk> To: Michael DeMan <michael@staff.openaccess.org> Cc: freebsd-isp@freebsd.org, Geoffroy RIVAT <ml@geoffroy.eu.org> Subject: Re: providing web based DNS management to customers Message-ID: <49F83388.80305@unsane.co.uk> In-Reply-To: <49F82AC6.2070305@staff.openaccess.org> References: <49E3D793.2090008@staff.openaccess.org> <20090429062827.GB60404@tintin.sicfa.net> <49F82AC6.2070305@staff.openaccess.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 29/4/09 11:24, Michael DeMan wrote: > Hi, seems close but I'm not sure if it hits the target. > > What I need is the ability for customers to be able to login and > update entries within a zone. More specifically, the ability to allow > customers to update their -in-addr.arpa reverses based on us > allocating them things like /29.s > > I may be crusty here too, but to the best of my knowledge, it is > impossible break below /24 at the 'zone' level in reverse DNS. Or at > least the tools we use do not allow that. > Its possible but a bit of a hack, RFC2317 shows how to do it, basicly CNAME the initial reverse record, then in the domain its pointed to by the cname setup a PTR record. It potentially could solve your problem but would take some setup time. (you have to setup the initial cname, then the customer can have control of the (sub)domain its pointed to and can change the ptr at will.) We used it a fair bit at a previous job to delegate CIDR networks < /24 to customer nameservers. Vince > Hence the problem. > > Given a typical /24, which is easy to manage, I need a tool that > allows customers to to have maybe a single IP that they can update to > 'mail.theircompany.com', or in other cases, folks that have a /29 or > bigger that want 'mail.theircompany.com', 'vpn.parentcompany.com', > 'somethingelse.someotherdomain.com', etc. > > I guess what I am for is a kludge, to make DNS map to CIDR, but also a > way that it could be done in a user friendly way. > > > > Geoffroy RIVAT wrote: >> Hi Michael, >> >> Michael DeMan (OA) wrote: >> >>> Hi All, >>> >>> What are folks doing for providing web based DNS management to >>> customers? >>> >>> I've looked at a lot of open source products over time, but never >>> found one that was enough to say "Thats it, lets integrate it!". >>> >>> It always seems that the tricky part is reverse DNS. PowerDNS and >>> other tools (at least a few years ago) offered reasonable support >>> for forward DNS management on a per-user basis, but not reverse, or >>> at least not reverse in the sense that we only want customers to be >>> able to modify the reverse DNS of say a single IP, or a subnet, etc. >>> >> >> for this I'm using powerdns + poweradmin (but you can use another >> system) >> >> for only 1 IP i do 1.0.168.192.in-addr.arpa IN CNAME >> reverse.custdomain.tld >> >> and reverse.custdomain.tld IN PTR coolreverse.domain.tld. >> >> for a subnet : >> >> 1.0.168.192.in-addr.arpa IN CNAME 1.reverse.custdomain.tld >> 2.0.168.192.in-addr.arpa IN CNAME 2.reverse.custdomain.tld >> 3.0.168.192.in-addr.arpa IN CNAME 3.reverse.custdomain.tld >> >> it's explained in an rfc but I can't remember the numbre. >> >> Regards, >> >> Geo >> _______________________________________________ >> freebsd-isp@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >> >> > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49F83388.80305>