dms-doc 1.0.8.1-1ubuntu1 / usr / share / doc / dms-doc / html / Overview.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Overview &#8212; DNS Management System 1.0 documentation</title>
    <link rel="stylesheet" href="_static/classic.css" type="text/css" />
    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    './',
        VERSION:     '1.0',
        COLLAPSE_INDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  true,
        SOURCELINK_SUFFIX: '.txt'
      };
    </script>
    <script type="text/javascript" src="_static/jquery.js"></script>
    <script type="text/javascript" src="_static/underscore.js"></script>
    <script type="text/javascript" src="_static/doctools.js"></script>
    <link rel="search" title="Search" href="search.html" />
    <link rel="next" title="Frequent Procedures" href="Frequent_Procedures.html" />
    <link rel="prev" title="Welcome to DNS Management System’s documentation!" href="index.html" /> 
  </head>
  <body>
    <div class="related" role="navigation" aria-label="related navigation">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="Frequent_Procedures.html" title="Frequent Procedures"
             accesskey="N">next</a></li>
        <li class="right" >
          <a href="index.html" title="Welcome to DNS Management System’s documentation!"
             accesskey="P">previous</a> |</li>
        <li class="nav-item nav-item-0"><a href="index.html">DNS Management System 1.0 documentation</a> &#187;</li> 
      </ul>
    </div>  

    <div class="document">
      <div class="documentwrapper">
        <div class="bodywrapper">
          <div class="body" role="main">
            
  <div class="section" id="overview">
<h1>Overview<a class="headerlink" href="#overview" title="Permalink to this headline">¶</a></h1>
<div class="section" id="software-architecture">
<h2>Software Architecture<a class="headerlink" href="#software-architecture" title="Permalink to this headline">¶</a></h2>
<div class="figure" id="id1">
<span id="fig-dms-system-architecture"></span><img alt="_images/Dms_system_architecture.png" src="_images/Dms_system_architecture.png" />
<p class="caption"><span class="caption-text"><em>DMS System Architecture</em></span></p>
</div>
<p>In <em>Fig:</em><a class="reference internal" href="#fig-dms-system-architecture"><span class="std std-ref">DMS System Architecture</span></a>, only one of the DR replica pairs
is shown below for clarity.  As shown in <em>Fig:</em><a class="reference internal" href="#fig-network-layout"><span class="std std-ref">Conceptual Network Layout</span></a> the
standby replica runs as a server of the replica SG group. PostgresQL
Replication is also live to the DR replica, carried over the IPSEC connection
between the DR master and replica servers.  The master/replica servers use
iptables/ip6tables to filter access to services carried over IPSEC.</p>
<div class="figure" id="id2">
<span id="fig-network-layout"></span><img alt="_images/Network_Layout.png" src="_images/Network_Layout.png" />
<p class="caption"><span class="caption-text"><em>Conceptual Network Layout</em></span></p>
</div>
<p>The DMS is designed to support anycast and unicast servers, as per <a class="reference internal" href="Best_Practice_Guidelines.html#best-practice-guidelines"><span class="std std-ref">Best Practice Guidelines</span></a>.</p>
</div>
<div class="section" id="dms-features">
<h2>DMS Features<a class="headerlink" href="#dms-features" title="Permalink to this headline">¶</a></h2>
<ul class="simple">
<li>IPv6 fully supported in back end and front end</li>
<li>IPv6 DNS RRs (AAAA)</li>
<li>Dynamic DNS configuration of Master server reduces need for reconfig and reload operations.</li>
<li>DNS RRs supported include SOA NS A AAAA MX PTR TXT SPF RP SSHFP SRV NSAP NAPTR LOC KX
IPSECKEY HINFO CERT DS. DNSSEC handled by bind9 master.</li>
<li>Auto DNSSEC via Bind9 dynamic DNS. Bind9 master server auto maintains zone
DNSSEC operations records and signing. NSEC3 and NSEC supported. DNSSEC key
management on Master server file system pending write of key management
module. Key material directory is replicated via DR protocol (rsync) though.
DMS is fully enabled to use DNSSEC for securing our core domains.</li>
<li>Apex resource record (SOA and NS) management across all zones - can be turned off per zone.</li>
<li>Auto reverse PTR generation</li>
<li>Customer control of their own automated reverse DNS. Individual PTR records,
and complete reverse zones.  Useful for business IPv6 and IPv4 blocks.
Enables on site use of IP PABX, intranet and email for SMBs on XDSL/Fibre.</li>
<li>zone_tool command line administrative tool on master servers</li>
<li>IPSEC secured communications between each of DR master replicas and slaves</li>
<li>Modular design. For example, Racoon IPSEC can be replaced if needed.</li>
<li>Multiple Slave DNS server software implementations. NL Netlabs nsd3 can be
used as a slave server once backend code is completed, and a simple
configuration monitoring/HUP daemon implemented to run on each slave.</li>
<li>Slave server/Server Groups (SG) support. Live migration of zones.</li>
<li>Private SGs for internal Voyager/NET24 zones.</li>
<li>Retention of deleted zones in database for aged auto-deletion later.</li>
<li>Multiple Zone Instances per Zone. Roll forward and roll back changes. Again
old ZIs aged for auto deletion above a threshold number.</li>
<li>Templates used for generating name server configuration includes - master, replicas and slaves.</li>
<li>Rsync to distribute name server configuration to servers.</li>
<li>Central distribution of name server configuration segments.</li>
<li>Hot standby master replica for DR purposes with manually controlled fail
over. Includes automatic replica/slave server reconfiguration.</li>
<li>WSGI JSON RPC over HTTPS API for mulitple front ends</li>
<li>Security tags to control what front ends can see</li>
<li>Zone reference metadata to tag the zone with the owner/customer entity ID.
Set by DMI when a zone is created. Tag out of table in DB via foreign key for
easy reference renaming.</li>
<li>zone_tool has built in pager support and editor support via standard shell environment variables.</li>
<li>zone_tool has a configurable restricted shell mode for Help Desk use</li>
<li>RR Groups and RR comments supported in DB for use in text editor and in Web Admin DMI</li>
<li>zone_tool has colourised diff support to display changes between different ZIs for a zone</li>
<li>Vim can be used as zone tool editor, giving DNS colourised Zone file syntax
high lighting. (zone_tool supports editor selection by standard *NIX
environment variables.)</li>
</ul>
</div>
<div class="section" id="programming-language">
<h2>Programming Language<a class="headerlink" href="#programming-language" title="Permalink to this headline">¶</a></h2>
<p>The DMS backend software is written in Python 3.x, which is a good choice given
the code base size of 22,000 lines. Python is well suited to larger projects,
and fully object oriented, and very clear and systematically defined.  Python
3.x was chosen over 2.x for future proofing.</p>
<p>The Python JSON RPC interface is implemented with Apache2 mod_wsgi, with a back
end DNS Manager Daemon.  zone_tool is a command line shell environment that
implements all the functionality of the JSON RPC calls, as well as DMS systems
configuration and management functionality. This common code functionality
allows the JSON RPC calls to be called from a terminal, where a debugger can be
used, for ease of development.</p>
<p>A state machine and event queue design is used, with state and event
information recorded in PostgresQL. State machines exist for each:</p>
<ul class="simple">
<li>DNS zone to track life-cycle state of zone</li>
<li>Master server configuration</li>
<li>DNS replica/slave server configuration and reload cycles.</li>
</ul>
</div>
<div class="section" id="dns-server-software">
<h2>DNS Server Software<a class="headerlink" href="#dns-server-software" title="Permalink to this headline">¶</a></h2>
<p>Decided to go forward using ISC Bind 9 as DNSSEC is on the way, and Bind 9 will
be the software used to roll this out. Other implementations of DNS software
exist, Netlabs NL NSD3 is one, but it looks more suited to a TLD registry and
large site/domain use than for DNS Provider use for small zones.</p>
<p>The DNS server state machine classes are designed so that NL Netlabs nsd 3.x
can be added latter on as a slave server. This is done achieved by the use of
state machine design, object oriented code and modularity.</p>
<p>A Hidden Master DNS architecture is implemented, with a DR replica master server.</p>
</div>
<div class="section" id="backend-database">
<h2>Backend Database<a class="headerlink" href="#backend-database" title="Permalink to this headline">¶</a></h2>
<p>PosgresQL 9.1+. PostgresQL has a significant history of high end functionality
including transactions and stored procedures. Replication is also baked in as
well.</p>
</div>
<div class="section" id="dmi-server-clients">
<h2>DMI Server/Clients<a class="headerlink" href="#dmi-server-clients" title="Permalink to this headline">¶</a></h2>
<p>DNS Website Software (DNS Management Interface - DMI) will communicate with DMS
via the WSGI server. The DMS server can handle multiple Web UIs via different
Web services URIs. An administrative help desk DNS Management Interface can be
implemented as well. To begin with, the DMS will be administered via
<em>zone_tool</em> by ssh into the Master DMS system.</p>
</div>
<div class="section" id="network-protocols-and-security">
<h2>Network Protocols and Security<a class="headerlink" href="#network-protocols-and-security" title="Permalink to this headline">¶</a></h2>
<p>DNS and logging traffic between the slave servers outside Net24 is be secured
using IPSEC. Iptables filtering and IPSEC SAs are used to control the traffic
that the slave servers accept from the network and Internet. IPSEC SAs exist
for zone update and port 53 administrative traffic, and secure that traffic.
Ie, DNS Traffic from the Master DNS server will be secured using IPSEC. This
keeps all the cryptographic verbiage out of the DNS server configurations, and
makes them a lot simpler to generate from templates. IP numbers and acls may
need to be inserted in the named.conf files to identify the designation of
administrative control and updates from the Master DNS server, but this is a
lot easier that having to track of lot of configuration details about TSIG/SIG0
keys for each individual master-slave relationship, and where they are used….</p>
</div>
<div class="section" id="web-ui-framework">
<h2>Web UI Framework<a class="headerlink" href="#web-ui-framework" title="Permalink to this headline">¶</a></h2>
<p>The Web GUI for the DMI will be rendered using ExtJS. Check logic, and business
logic will be separated out and not mixed in (as much as possible) with the UI.
This is basically a Mode View Controller programming model.</p>
</div>
</div>


          </div>
        </div>
      </div>
      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
        <div class="sphinxsidebarwrapper">
  <h3><a href="index.html">Table Of Contents</a></h3>
  <ul>
<li><a class="reference internal" href="#">Overview</a><ul>
<li><a class="reference internal" href="#software-architecture">Software Architecture</a></li>
<li><a class="reference internal" href="#dms-features">DMS Features</a></li>
<li><a class="reference internal" href="#programming-language">Programming Language</a></li>
<li><a class="reference internal" href="#dns-server-software">DNS Server Software</a></li>
<li><a class="reference internal" href="#backend-database">Backend Database</a></li>
<li><a class="reference internal" href="#dmi-server-clients">DMI Server/Clients</a></li>
<li><a class="reference internal" href="#network-protocols-and-security">Network Protocols and Security</a></li>
<li><a class="reference internal" href="#web-ui-framework">Web UI Framework</a></li>
</ul>
</li>
</ul>

  <h4>Previous topic</h4>
  <p class="topless"><a href="index.html"
                        title="previous chapter">Welcome to DNS Management System’s documentation!</a></p>
  <h4>Next topic</h4>
  <p class="topless"><a href="Frequent_Procedures.html"
                        title="next chapter">Frequent Procedures</a></p>
  <div role="note" aria-label="source link">
    <h3>This Page</h3>
    <ul class="this-page-menu">
      <li><a href="_sources/Overview.rst.txt"
            rel="nofollow">Show Source</a></li>
    </ul>
   </div>
<div id="searchbox" style="display: none" role="search">
  <h3>Quick search</h3>
    <form class="search" action="search.html" method="get">
      <div><input type="text" name="q" /></div>
      <div><input type="submit" value="Go" /></div>
      <input type="hidden" name="check_keywords" value="yes" />
      <input type="hidden" name="area" value="default" />
    </form>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
      <div class="clearer"></div>
    </div>
    <div class="related" role="navigation" aria-label="related navigation">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="Frequent_Procedures.html" title="Frequent Procedures"
             >next</a></li>
        <li class="right" >
          <a href="index.html" title="Welcome to DNS Management System’s documentation!"
             >previous</a> |</li>
        <li class="nav-item nav-item-0"><a href="index.html">DNS Management System 1.0 documentation</a> &#187;</li> 
      </ul>
    </div>
    <div class="footer" role="contentinfo">
        &#169; Copyright 2018, Matt Grant, Ondřej Surý.
      Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.6.7.
    </div>
  </body>
</html>