[SOLVED] DNS resolver configuration in the enterprise
Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
This question was triggered by an irritating client who worked on a project to set up some new DNS servers without considering the status quo of their infrastructure - clients machines (i.e. Linux, Solaris, and other UNIX servers) have to be manually reconfigured to point to DNS servers. And now he expects us to manually update all those machines' DNS resolver entries (/etc/resolv.conf) to point to the new DNS servers!
Anyway, the question is, what "configuration management" tool/suite are you using in your infrastructure? I think I'll target this question to admins who handle 2,000+ server instances at the least. Is DHCP feasible? I always have the impression that DHCP is used for desktops only. Puppet? I often see it in job postings as a required skill. Unfortunately I did not see such category in LQ's 2015 Members Choice Awards.
I recently faced a similar project when our VP decided DNS (which had only ever caused a problem when he forced a major change in DNS server) be first migrated, then outsourced. We made it work. I use mpssh and the command-line utilities, but I have less than 50 main machines to manage and this works for me. We have well over 200 nodes, but many of them are virtual machines and can be managed from the host, making this a reasonable solution.
I would advise looking into puppet. I would be using it here if we had to manage all 200+ nodes directly. I would also consider that servers using NetworkManager may require more than simply changing the etc/resolv.conf file. In most machines now that file is 'dynamically' built on boot from lines in other files (/etc/sysconfig/network-scripts/ifcfg-* for example) on network startup.
There is huge advantage to standardizing your installation and configuration standard to the extent possible, and eliminating complicating factors. There is some value in RHEL4, 5, and 6 to removing NM and managing the networking using older standards, but that may not be a supportable plan going into RHEL7 and later: I am still playing with that in RHEL7.
I would not use DHCP for servers. Certainly one could make that work, but it would not be an improvement and would become one more single point of failure that could take down your entire server farm. DHCP is elegant for clients (Better if you have an HA solution for the DHCP server), but not for servers.
Finally, your thread title is a little less than descriptive. You are not asking about help with the DNS change directly, rather with multi-server management. You may get fewer useful replies due to not mentioning the real point of your posting in the title. A thought for next time, perhaps?
For the current client's change (assuming you need it done pdq), then yes, use some sort of ssh multiplexing (we use dsh, but there are many others ).
For future projects, try Puppet (we use it), but there are others eg Chef, Ansible etc.
I read your responses too late and sadly I can no longer edit the thread title.
I will digest your explanations and will do some more readings. In any case, I won't be able to change the status quo because that might not be feasible to the client but maybe I can give inputs to future deployments!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.