updating dns in the future: new /git/dns repo and tools | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
After the ever-such-fun of dealing with rotating out our proxies and with puppet and with broken dns zones and dnssec and all the other pain we settled on a solution and I implemented it today. We'll be putting it into place and testing it more wednesday morning (later wednesday morning). Here's the basis of things http://infrastructure.fedoraproject.org/infra/dns/README I've added zone-checking and signed-zone-checking at just about every place I can. I have a pre-commit hook available so you can check your changes before you commit. I have a pre-receive hook in the server repo to stop you from committing broken files if you didn't test your own. All the zones files are checked when ./do-domains is run. In short, I hope you will have to work REALLY hard to break a zone file with this system. Finally, this changes how dns has been handled in the past. It means named's configuration of the daemon (named.conf, etc) are stored in puppet - but named's DATA (zone files) are stored in this /git/dns. We've done this b/c we change the configuration quite less than we do the data and we need a separate mechanism to build/modify/check the data than we could easily get in the existing puppet module. finally, doing this should let us sign the zones for dnssec in a single location rather than how we have been doing them. We'll be testing this all out tomorrow and i'll update with the results, once we're done. -sv _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
[Home] [Fedora Users] [Fedora Legacy List] [Fedora Maintainers] [Fedora Desktop] [Red Hat 9 Bible] [Fedora Bible] [Fedora SELinux] [Big List of Linux Books] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools]
