Am I reading this bug correctly, that MAAS currently asks BIND to reload its entire configure file on every machine provision and removal?
This seems like a problem worth solving rather than trying to work around.
At least PowerDNS provides several mechanisms for dynamically adding and removing records from a zone:
- dnsupdate: https://doc.powerdns.com/authoritative/dnsupdate.html - REST api: https://doc.powerdns.com/authoritative/http-api/index.html - direct SQL to a backing database: https://doc.powerdns.com/authoritative/migration.html
Since dnsupdate is an RFC-standardized protocol there's a pretty good shot BIND supports it as well. Was this tried and found lacking? The API and SQL approaches are likely to not have equivalents in BIND.
I'm not sure what your DNSSEC goals are, but PowerDNS's documentation describes choices, including pkcs#11 in case that's important: https://doc.powerdns.com/authoritative/dnssec/index.html
Thanks
Am I reading this bug correctly, that MAAS currently asks BIND to reload its entire configure file on every machine provision and removal?
This seems like a problem worth solving rather than trying to work around.
At least PowerDNS provides several mechanisms for dynamically adding and removing records from a zone:
- dnsupdate: https:/ /doc.powerdns. com/authoritati ve/dnsupdate. html /doc.powerdns. com/authoritati ve/http- api/index. html /doc.powerdns. com/authoritati ve/migration. html
- REST api: https:/
- direct SQL to a backing database: https:/
Since dnsupdate is an RFC-standardized protocol there's a pretty good shot BIND supports it as well. Was this tried and found lacking? The API and SQL approaches are likely to not have equivalents in BIND.
I'm not sure what your DNSSEC goals are, but PowerDNS's documentation describes choices, including pkcs#11 in case that's important: https:/ /doc.powerdns. com/authoritati ve/dnssec/ index.html
Thanks