X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=input%2Fdsablog%2F2014%2FThe_Debian_DNS_universe.mdwn;h=03c641f121635890469cf5a193efc1445be2560a;hb=9a93f11c4775050d83ffd1180b12bb89d31c0121;hp=a5105d2fe3dcc3d5044f83efa448e5c45aa6da76;hpb=03494baf8275a389b6c30419ef775a32ddf86877;p=mirror%2Fdsa-wiki.git diff --git a/input/dsablog/2014/The_Debian_DNS_universe.mdwn b/input/dsablog/2014/The_Debian_DNS_universe.mdwn index a5105d2..03c641f 100644 --- a/input/dsablog/2014/The_Debian_DNS_universe.mdwn +++ b/input/dsablog/2014/The_Debian_DNS_universe.mdwn @@ -3,18 +3,18 @@ # Abstract I recently moved our primary nameserver from `orff.debian.org`, which is -an aging blade in Greeze, to a VM on one of our ganeti clusters. In the -process I rediscovered a lot about our DNS infrastructure. In this post -I will describe the many sources of information and how it all comes +an aging blade in Greece, to a VM on one of our ganeti clusters. In the +process, I rediscovered a lot about our DNS infrastructure. In this post, +I will describe the many sources of information and how they all come together. # Introduction The [Domain Name System][DNS] is the hierarchical database and query protocol that is in use on the Internet today to map hostnames to IP -addresses, the reverse thereof, lookup relevant servers for certain -services such as mail, and a gazillion other things. Management and -authority in the DNS is split into different zones, subtrees of the +addresses, to map the reverse thereof, to lookup relevant servers for +certain services such as mail, and a gazillion other things. Management +and authority in the DNS is split into different zones, subtrees of the global tree of domain names. Debian currently has a bit over a score of zones. The two most @@ -42,7 +42,7 @@ The data we put into DNS comes from a wide range of different systems: mail in LDAP (`mXRecord` LDAP attribute, DNS `MX` record type). * LDAP also has some specs on computers, which we put into each host's `HINFO` record, mainly because we can and we are old-school. - * Last not least, LDAP also has each host's public ssh key, which we + * Last but not least, LDAP also has each host's public ssh key, which we extract into [SSHFP][rfc4255] records for DNS. * LDAP also has per-user information. Users of debian infrastructure can attach limited DNS elements as `dnsZoneEntry` attributes to their @@ -55,8 +55,8 @@ The data we put into DNS comes from a wide range of different systems: # Debian's auto-dns and geo setup -We try to provide the best service we can. As such, our goal is that -for instance user access to [`www`][www] or [`bugs`][bugs] should always +We try to provide the best service we can. As such, our goal is that, +for instance, user access to [`www`][www] or [`bugs`][bugs] should always work. These services are, thus, provided by more than one machine on the Internet. @@ -94,7 +94,7 @@ The auto-dns system produces two kinds of output: # Tying it all together -![The Debian DNS Rube Goldberg Machine.](../debian-dns.png) +![The Debian DNS Rube Goldberg Machine.](/dsablog/2014/debian-dns.png) Figure 1: The Debian DNS Rube Goldberg Machine. @@ -132,8 +132,6 @@ keys metadata. * [dns-helpers] * [puppet] ---- - [^ldap]: `ldapsearch -h db.debian.org -x -ZZ -b dc=debian,dc=org -LLL 'host=master'` [^ldap2]: `ldapsearch -h db.debian.org -x -ZZ -b dc=debian,dc=org -LLL 'dnsZoneEntry=*' dnsZoneEntry`