Cool Solution - Migrate Bind9 to UCS DNS

From Univention Wiki

Revision as of 14:02, 8 September 2017 by Hpeter (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Produktlogo UCS Version 4.1

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.

The following how-to shows a possible way to migrate a Bind9 DNS server to a UCS server.
This article is kept as simple as possible and is only thought as an example of how a migration might be done, which means, that this article might not be fit for any particular situation.

It is based on the experience we had at multiple customer installations.

Migration

For this migration, you will need full access to both servers, the source server running the bind9 service and the destined UCS server.

Your first step will be, to manually recreate all zones, including all authority settings, mail server entries and nameserver entries.The UCS Documentation describes, how to do this.

Now, we need to upload the zone files / databases to our UCS server. You can do this with the following command: 

scp /etc/bind/db.* root@10.200.44.30:/root

The next steps are split between forward lookup zones and reverse lookup zones.
You will have to repeat them for each database file / zone you want to import.

The following import will be performed by scripts. This scripts are tailored for a specific file format,
which means, that you might need to adjust the scripts for your database files.
Note: Please review your files and confirm, that they are compatible, before using these scripts.

Forward lookup zone

The script will import A (IPv4), AAAA (IPv6) and CNAME (alias) records. These records have to be written in the following format: 

name  class  rr  ipv4/ipv6/canonical name
joe    IN    A    192.168.254.3

All records in a different format or of a different type won't get imported by the script.

Script: dns_forward_import.sh
Usage: ./dns_forward_import.sh <DB FILE> <SUPERORDINATE DN>
Example: ./dns_forward_import.sh db.example.com "zoneName=example.com,cn=dns,dc=example,dc=com"

Reverse lookup zone

The script will import PTR (alias) records. These records have to be written in the following format: 

name  class  rr  name
15     IN   PTR   www.example.com.
15.2.0.10.IN-ADDR.ARPA. IN  PTR   www.example.com.

All records in a different format won't get imported by the script.

Script: dns_reverse_import.sh
Usage: ./dns_reverse_import.sh <DB FILE> <SUPERORDINATE DN>
Example: ./dns_reverse_import.sh db.example.com "zoneName=example.com,cn=dns,dc=example,dc=com"

Post Migration Tasks

After importing your records, checking the output and, if required, manually importing the failed imports,
you can test the UCS DNS server with the following command: 

dig @<UCS SERVER> <DOMAIN TO TEST>

Further links

Retrieved from "https://wiki.univention.de/index.php?title=Cool_Solution_-_Migrate_Bind9_to_UCS_DNS&oldid=13231"
Personal tools