Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Newbie
    Join Date
    May 2019
    Posts
    5

    Lightbulb Does untangle still not support BIND as a plugin?

    I run a small environment with 2 big iron servers and no back up generator as of yet and my beef cake UPS still has a short run time due to the power draw. HOWEVER my network rack and modem and switch have their own UPS and can run for an extended period of time and this helps with managements, graceful shut down diagnostics etc etc.

    I can not support DHCP and DNS on AD as that will las for all of 5 minutes on battery, no DNS and no DHCP is not good and working network does not make. HOWEVER BIND DNS can be used in liu of AD AND still have AD work.

    insert URL link here, if i had 5 or more posts to show academic example
    Using Linux BIND DNS Servers for Active Directory Domains

    The ideal setup would be one box running untangle which would do local DNS or Bind and DHCP, VPN, SQM (Cake/FQ Codel) etc etc. this way my network is operational and ready for the server to power back once power is restored. (my untangle box is fairly low wattage probably 55watts MAYBE 65watts @ 110% load dialed up to 11 so battery back up is easy.

    From what i'm reading i have to disable DNS entrily on untangle and setup Bind or Bind9 on an ADDITIONAL low power device and pass of DNS to Bind from untagle?

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,726

    Default

    Just a caveat, command line modification are not support and will break upgrades.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,277

    Default

    Also, Untangle uses DNSMasq, which does DHCP too... so you're going to have to kill DHCP AND DNS, then put in both services separately, and configure them without the UI.

    Honestly, if you need all this, you need a small hypervisor that can run Untangle and VM for your DC. It's far simpler to do it that way, and you aren't hacking anything. I get wanting to have a network core that can stay online, but your power draw from your main system is a separate issue, and one that has me raising an eyebrow honestly... APC makes the Symmetra line for that, and they're quite good. No, not cheap but enough power to hold even large concentrations of servers if you want to scale up like that.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Newbie
    Join Date
    May 2019
    Posts
    5

    Default

    Quote Originally Posted by sky-knight View Post
    Also, Untangle uses DNSMasq, which does DHCP too... so you're going to have to kill DHCP AND DNS, then put in both services separately, and configure them without the UI.

    Honestly, if you need all this, you need a small hypervisor that can run Untangle and VM for your DC. It's far simpler to do it that way, and you aren't hacking anything. I get wanting to have a network core that can stay online, but your power draw from your main system is a separate issue, and one that has me raising an eyebrow honestly... APC makes the Symmetra line for that, and they're quite good. No, not cheap but enough power to hold even large concentrations of servers if you want to scale up like that.
    well seeing as it all comes out of my own pocket it's just not in the budget and i don't own the colocation so i'm not sure i can just install a new break and generator even if i could afford it. power goes out this end of town quite often and i've have to restore my vsphere VM from back several times this years prior to tornado season. it almost seems easier to just disable DNSmasq and run bind9 and isc-dhcp server on an r-pi like this. insert URL here

  5. #5
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,669

    Default

    Quote Originally Posted by cdoublejj View Post
    I can not support DHCP and DNS on AD as that will las for all of 5 minutes on battery, no DNS and no DHCP is not good and working network does not make. HOWEVER BIND DNS can be used in liu of AD AND still have AD work.
    I challenge this premise.

    If you have AD, it really wants to handle your DNS/DHCP, at least for network segments where domain-joined systems live. Running DNS/DHCP on a different system is not supported and will eventually cause problems for you.

    If that causes a problem with your batteries, then fix the battery situation.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 14.1.1 to protect 500Mbits for ~400 residential college students and associated staff and faculty

  6. #6
    Master Untangler
    Join Date
    May 2008
    Posts
    920

    Default

    As of server 2012 (r2?) I think they can be on other devices. One advantage of being off the windows server is that they start or reboot much quicker. You have to be careful how you set it up tho.

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,277

    Default

    Reboot quicker? You do realize my 2012/2016/2019 VMs all reboot in SECONDS right?

    The hosts can take ages to restart, but the guests are near instant.

    But the OP has a power problem, batteries capable of supporting the platform he's running is the only solution. DNS isn't the vulnerable part of AD, that blasted database is! The contents of %systemroot%\NTDS is what you have to protect, just like Untangle's database. Moving DNS provides no value.

    Now, if you need your AD network to have internet access while AD is toast, that's easy... Aim Untangle at the Internet for DNS, use the DNS Server feature to redirect AD domain stuff to the AD supporting internal DNS, and make sure your DHCP server has Untangle in the list of DNS servers.

    AD offline? Internet still works... this is how every single AD supporting Untangle I have deployed is configured, it works wonderfully.

    And if you're colocated, and losing power... it's time for a new datacenter... pronto.

    For everything else, there's Azure AD Services...
    Last edited by sky-knight; 05-31-2019 at 10:44 AM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Newbie
    Join Date
    May 2019
    Posts
    5

    Default

    Quote Originally Posted by jcoehoorn View Post
    I challenge this premise.

    If you have AD, it really wants to handle your DNS/DHCP, at least for network segments where domain-joined systems live. Running DNS/DHCP on a different system is not supported and will eventually cause problems for you.

    If that causes a problem with your batteries, then fix the battery situation.
    actually if i had 5 posts or more i could insert a URL here with instructions on how it can be done with several comments by some admins who use it just fine in small environments. My AD will be very simple, i'm not sure many if any machines will me joined to it, just enough to appease vmware vsphere suite and horizon view, that's it. so that makes setting up the zones in Bind easier as i'm guessing and talking out my hind end here, i assume the simpler the AD the less zones.

    I don't have the cash, my servers can pull 1000 watts, even if i get 4x 100AH batteries the power outages can last for hours. A generator would be the easier fix sort of. Not including the fact it's a shared ISP/modem with business/co location owner. It would be a nicer though if their network wasn't Dependant on AD, god forbid the ISP allow there to be more than service or modem per address, residential or commercial.

    Quote Originally Posted by sky-knight View Post
    Reboot quicker? You do realize my 2012/2016/2019 VMs all reboot in SECONDS right?

    The hosts can take ages to restart, but the guests are near instant.

    But the OP has a power problem, batteries capable of supporting the platform he's running is the only solution. DNS isn't the vulnerable part of AD, that blasted database is! The contents of %systemroot%\NTDS is what you have to protect, just like Untangle's database. Moving DNS provides no value.

    Now, if you need your AD network to have internet access while AD is toast, that's easy... Aim Untangle at the Internet for DNS, use the DNS Server feature to redirect AD domain stuff to the AD supporting internal DNS, and make sure your DHCP server has Untangle in the list of DNS servers.

    AD offline? Internet still works... this is how every single AD supporting Untangle I have deployed is configured, it works wonderfully.

    And if you're colocated, and losing power... it's time for a new datacenter... pronto.

    For everything else, there's Azure AD Services...
    I'm with the other guy my guests don't take ages but, it's not seconds either. I'm still on spinning rust with my budget and all. Remember this coming out of my pocket and is buddy deal with friends and family / personal en-devour for years i was able to run anything i wanted without paying a single dime! Now, the most i pay for is a small portion of the power, maybe a few to several hundred a year based on power usage, a real collocation is at least that much a month! If vmware didn't .... i really wish i could use cuss words here ... require an entire AD setup to run the most basic cluster with vmotion and horizon view i wouldn't be here. well i would but, i wouldn't need AD or advanced local DNS, untangle has some nice features.

    ...soooo ... i guess unless i'm mistaken from some light skimming it is possible to turn off DHCP and DNS in untangle? (that or if one day untangle adopted BIND9)

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,277

    Default

    I understand your frustration, but you need to understand that moving your DNS load to Untangle isn't going to help you. It literally offers zero benefit. Yes, I know that Bind can support an AD zone... but it's still pointless. The DNS being on Untangle doesn't solve the stability problem that leads you to do VM restores after a power fault. The DNS being integrated with AD, and having the database that supports AD get corrupted is what does that.

    Only a power solution that keeps your AD online can solve that. And honestly, it sounds to me like you need to save some pennies, and buy a nice new Dell server, slap a couple SSDs in it, put Server 2019 on it, install HyperV and migrate your junk. If you paid for VMotion, you can pay for this stuff. Your cluster is simply poorly designed. That's your issue, and no amount of hackery is going to fix it.

    What you need are batteries that can hold your systems up long enough for VMWare to suspend them, and shut itself down. And honestly, the easiest way to do that is to get a single server that does all the work, and simply plug the USB from the UPS into the server in question. I used to have what you have, now I have a single 4 SSD Poweredge doing all of that. Yeah, it cost me about $4000, but it's saved me that in time in the first year alone. I don't know what you're working with, but it's entirely possible some new drives are all that stand between you and 90% of what I've got.

    Ditch VMotion, merge into a single platform.
    Last edited by sky-knight; 05-31-2019 at 12:57 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Newbie
    Join Date
    May 2019
    Posts
    5

    Default

    Quote Originally Posted by sky-knight View Post
    I understand your frustration, but you need to understand that moving your DNS load to Untangle isn't going to help you. It literally offers zero benefit. Yes, I know that Bind can support an AD zone... but it's still pointless. The DNS being on Untangle doesn't solve the stability problem that leads you to do VM restores after a power fault. The DNS being integrated with AD, and having the database that supports AD get corrupted is what does that.

    Only a power solution that keeps your AD online can solve that. And honestly, it sounds to me like you need to save some pennies, and buy a nice new Dell server, slap a couple SSDs in it, put Server 2019 on it, install HyperV and migrate your junk. If you paid for VMotion, you can pay for this stuff. Your cluster is simply poorly designed. That's your issue, and no amount of hackery is going to fix it.

    What you need are batteries that can hold your systems up long enough for VMWare to suspend them, and shut itself down. And honestly, the easiest way to do that is to get a single server that does all the work, and simply plug the USB from the UPS into the server in question. I used to have what you have, now I have a single 4 SSD Poweredge doing all of that. Yeah, it cost me about $4000, but it's saved me that in time in the first year alone. I don't know what you're working with, but it's entirely possible some new drives are all that stand between you and 90% of what I've got.

    Ditch VMotion, merge into a single platform.
    Hyper V does not support vGPU with Nvidia GRID cards as far as i know. Does MS even have an alternative to horizon view? 3 years access to all VMware software for up 3x dual socket servers was like $400 USD via VMUG since it's non business use. and i just got it.

    The VM restores are because there is 0 local DNS! Do if there is a power outage something goes funky with the IP address but, restoring seems to help.

    I thought about a single server but, you don't have a second host to migrate to for maintenance and upgrades. Even then the run time i so short. Let's say i do that though that means AD and DHCP and DNS go down in 5 minutes the network is going to crap the bed the entire time AD/DC is off.

    anyways, i'll do some reading about disabling or handing off DHCP and DNS from untangle

    I have URLs that would massively help communication here but, URLs are not allowed.
    Last edited by cdoublejj; 05-31-2019 at 01:31 PM. Reason: test

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2