Forward only zones

[elixdreamer]

Hello,

I'm trying to document the current named configuration file that i have on my DNS server into this plugin.

I have come across forwarding only zones.
How can I correctly document this into Netbox?

example:

zone "example.com" in {
    type forward;
    forward only;
    forwarders {
      10.0.0.1;
    };
};

[peteeckel]

Hi @elixdreamer, that's an interesting edge case ...

Strictly speaking, forward only zones are not a DNS item at all.

The zones themselves exist of course, and they are located on some DNS server (possibly not on yours, though). The forward entry itself, however, is not a part of the DNS data but of the DNS server configuration, which is not the primary focus of NetBox DNS (or rather not in focus at all, at least currently).

There are a lot more configuration objects that are actually server configs, not DNS data: Think TSIG keys, for example, or ACLs. Although the term 'forward zones' suggests they are some special kind of zone, they are actually a specfic piece of DNS server config. Within the same environment, consisting of name servers, zones, records and even views, forward zone config might well vary between name servers, depending on where in the network they are located - think of a DMZ, for instance.

So you can put them into NetBox DNS, but as a configuration item on a name server object. Currently I would use custom fields for that, but a possible extension of NetBox DNS will likely include the recently added NetBox feature of "Config Context", which would be perfect for that kind of data.

[bitcollector1]

I've added the forwarders as config context as well; I had the same question :)

[peteeckel]

Here's an example with a custom field:

I just created a JSON custom field for the NameServer object class. You can now fill that field with any kind of information that you wish to include in the name server's configuration. You can also use a text field and put in the name server configuration directly, but that would not give you any kind of syntax validation.

Depending on your requirements you could also create the forwarders as Name Server objects and add a "Multiple Objects" custom field - in that case you can create your forwarders and just select them instead of adding JSON. Your mileage may vary.

A long-term plan is to add some plugins for specific name server implementations such as BIND, PowerDNS etc., which can then hold name server specific configuration items such as forwarders, stub servers, DNS blackholes, TSIG etc. With such a plugin it would then make sense to maintain server configuration in NetBox and create full configuration sets for these name servers from the name server specific plugin's data and the data in NetBox DNS. The NameServer object in NetBox DNS would then have a link to the implementation specific name server plugin's object so the server-dependent configuration can be created correctly.

[elixdreamer]

Hello @peteeckel,

Thanks for your feedback! Will have a look on your proposal.

I have came across netbox-ddns that performs such integrations with a DNS server.
Couldn't get it working yet but could be usefull to integrate both systems into one plugin for all DNS usecases.

[peteeckel]

Hi @elixdreamer, the problem with 'one plugin for all DNS usecases' is that there are really, really many of them.

Just consider the number of different DNS server flavours - you have BIND, PowerDNS, Active Directory, unbound and tons of cloud DNS services, just to name a few, which all have different concepts and different release cycles. Then, the way in which DNS infrastructure is implemented varies widely as well - some use a multi-staged approach, some have a hidden master, some use a mixture of DNS server implementations and so on. So a 'plugin for all DNS usecases' would need to be very, very complex and have very short release cycles in order to keep up with all the changes in the software and infrastructure it relates to.

The other thing is that it wouldn't be very Unix-like, keeping the 'Do one thing and do it right'-principle in mind. One plugin might be able to do all the things, but it would certainly not do all of them right. And most of the functionality would be useless for almost all use cases all the time, which isn't very efficient either - frequent updates and you'd have to study the release notes all the time so you can find out whether a specific update is for you.

And last not least NetBox itself is not considered a network management tool but a SOT for network management tools - NetBox itself isn't designed to perform active management tasks, and so I went along with that paradigm (which, by the way, I find extremely sensible). Maintaining a clean set of DNS data is the main objective, not interacting with DNS servers. That would at the very least require a versioning and rollback mechanism, configuration validation etc. - it's not a small task at all.

That's why I prefer the multi-plugin approach outlined above: NetBox DNS for the management of the DNS data, and server specific plugins to interface with particular server flavours, each maintained loosely coupled with the particular server implementation (and, in the ideal case, by someone who is familiar with that implementation).

[bitcollector1]

I don't think I could have found a better place to learn the in's and out's of DNS :)

I just setup a couple new instances of BIND9 and reading through all of the various comments has been a wealth of information.

Thanks again for building this and sharing!