Best GUI tool for managing BIND 9.x

Ryan McCain Ryan.McCain at dss.state.la.us
Wed Sep 12 19:58:55 UTC 2007 

We don't need dynamic zones.  I have no idea how the .jnl file got out of sync w/ the zone file then considering 'allow-update' isn't anywhere in our named.conf files.  I'll have to dig around more on that.

Knowing this can I manually update the zone files while named is running? I was under the impression I had to freeze it beforehand. Apparently that is completely wrong.

>>> Chris Buxton <cbuxton at menandmice.com> 09/12/07 2:45 PM >>>
If you're using 'rndc freeze zone.name' before editing the zone file,  
and 'rndc thaw zone.name' afterward, that means you're using a  
dynamic zone. In which case, you have the following options for  
making changes to the zone:

1. Freeze and thaw the zone as you have been doing.
2. Make the zone static (remove the allow-update statement from  
inside the zone statement).
3. Use nsupdate to make any changes. You might develop a script-based  
system of tools to make this a little easier.
4. Use a GUI that handles this gracefully. (Again, my company makes a  
product of this type. We do have a small business edition.)

The problem with the 'freeze and thaw' method (method 1 above) is,  
you're effectively making the zone static temporarily while you write  
out the zone. So if you have a reason for the zone to be dynamic,  
during the editing window your server is rejecting updates. If this  
is not a problem, then you probably don't need a dynamic zone, and  
could then go with method 2 above. Method 1 should normally not be  
considered standard operating procedure.

Chris Buxton
Men & Mice

On Sep 12, 2007, at 10:12 AM, Ryan McCain wrote:

> Stephen,
>
> I am now thinking of just manually updating the zone files due to  
> us having such a small environment.  Do I sill need to freeze the  
> zone before updating a zone file or can that be done on the fly?
>
>
> --------------------------------------
>
> Ryan McCain
> Northrop Grumman Corporation
> Linux System Administrator 3
> email: Ryan.McCain at dss.state.la.us
> Phone: 225.505.3832
> Fax: 225.219.0540
>
> Registered Linux User #364609
>
>
>>>> "Stephen John Smoogen" <smooge at gmail.com> 09/11/07 9:43 PM >>>
> On 9/11/07, Bill Larson <wllarso at swcp.com> wrote:
>> On Sep 11, 2007, at 5:16 PM, Chris Buxton wrote:
>>
>>> Men & Mice offers a product that handles DNS and DHCP management.
>>> Support for ISC DHCP will be available in a few months. If you're
>>> interested, please feel free to contact me off-list, or visit our
>>> website.
>>>
>>> <http://menandmice.com/>
>>>
>>> Chris Buxton
>>> Men & Mice
>>
>> And, it is the BEST GUI tool for managing BIND.  The web based tools
>> are nice, but not as good as Mice & Men.
>>
>
> I have to agree for large sites it is wonderful. For 1 zone of 50 ips
> with 2 admins... it might be overkill. To be honest for a zone that
> small it is better to train the people to do the edits by hand. I have
> found that it trains them then to know what the GUI did wrong when you
> put a GUI in later.
>
> I personally do not like webmin. I have cleaned up too many security
> incidents because of it.. it is usually because people forget to
> update it or turn on something that isnt standard... which can happen
> with any software... but it has left a bad taste in my mouth :).
>
> -- 
> Stephen J Smoogen. -- CSIRT/Linux System Administrator
> How far that little candle throws his beams! So shines a good deed
> in a naughty world. = Shakespeare. "The Merchant of Venice"
>
>
>
>

More information about the bind-users mailing list