Connect Spring 1998  Technical Services

A New Domain Name System Management Design

Chetan Dube

One of the most basic network management functions performed at ACF is the maintenance of our domain name system database, a continually changing record of the Internet name and address of each computer (or "host") attached to NYU-NET. Each new machine must be assigned an appropriate name within the nyu.edu domain as well as a unique, previously unused numerical address from the set of numbers assigned to the university.

For example, the university's central World Wide Web server is named www.nyu.edu and has the numerical address 128.122.253.80. Both of these designations are unique within the Internet, and form the basis for communications with this machine.

The domain name system (DNS) is a distributed database of host information: the NYU portion of the DNS is maintained here at the university, other sites on the Internet do the same, and the whole DNS is interlinked so that a computer at NYU can find the address of another computer (e.g. www.apple.com or ftp.cornell.edu) and communicate with it.

The DNS database is used for the registration, deletion, updating and querying of networked computer systems and infrastructure devices. Until now, institutions managed their DNS services centrally, with all requests being manually serviced by their central hostmasters. There was no interface to facilitate the update of this database.

ACF has developed a new method to automate the administration of domain name system and bootp management for heterogeneous networked computer systems and infrastructure devices. The new design uses a client-server architecture to automate the database-management activity. Using the software we developed, based on this design principle, we are able to manage the name service of the complex and growing assemblage of over 15,000 University hosts from any host on the Internet with web-browsing capabilities. By distributing the DNS management functionality among trusted users along secure authorization paths, the new software significantly reduces the new host registration or modification time to virtually instantaneous, while saving ACF many hours of time-consuming manual input into the DNS and bootp databases.

The system design is accomplished in Perl, using a web-based front-end and a common gateway interface (CGI) for communication between the distributed client browsers and the centralized name servers. The key features of the new system are:

Distributed Design

The software distributes DNS and bootp management functions among designated site managers. It allows multiple simultaneous password-protected access to several administrators, while ensuring integrity with sub-domain locking.

Service Improvements and Staff Savings

The automation of the activity dramatically improves the response time and preserves the integrity of the database, eliminating any manual errors. There are savings for the university in the productive labor costs of an expert in the areas of host name creation or alteration and network trouble-shooting and problem-solving. This is significant as experts can be redeployed from routine maintenance to more demanding and complex tasks.

Web Interface

The web interface provides universal access capabilities.

Security

The software enforces strict security based on subdomain partitioning and restricted authorization domains for designated users. The authentication groups and associated privileges differ for different classes of users.

Fault Tolerance and Non-Determinism

The engine is designed to ensure robustness and has the ability to retreat to a previous state on detection of an error condition. If multiple choices exist in network classifications, it detects the non-determinism and elicits a decision from the user to resolve it.

Ease of Management and Scalability

The design is scalable and allows easy and flexible management, with convenient searching and extensive transaction logs.

The new DNS software provides an effective and easy-to-use solution for DNS and bootp administration on a complex network like NYU-NET.[ C ]

Chetan Dube is a Unix systems manager in the Technical Services Group at ACF. He programmed the new domain name system management design.
chetan.dube@nyu.edu

Posted January 20, 1998