Best GUI tool for managing BIND 9.x

Chris Buxton cbuxton at
Wed Sep 12 20:36:37 UTC 2007

It is quite normal to update zone files while the service is running.  
After editing the file, simply execute this command:

rndc reload

named will load in the updated zone and, with newer versions, will  
create or update the journal file to reflect the changes you've made.  
(This is done to support incremental zone transfers to slaves.)

Note that if you get an error stating the zone is dynamic, but you do  
not have any allow-update statements, look for an update-policy  
statement instead.

Chris Buxton
Men & Mice

On Sep 12, 2007, at 12:58 PM, Ryan McCain wrote:

> We don't need dynamic zones.  I have no idea how the .jnl file got  
> out of sync w/ the zone file then considering 'allow-update' isn't  
> anywhere in our named.conf files.  I'll have to dig around more on  
> that.
> Knowing this can I manually update the zone files while named is  
> running? I was under the impression I had to freeze it beforehand.  
> Apparently that is completely wrong.
>>>> Chris Buxton <cbuxton at> 09/12/07 2:45 PM >>>
> If you're using 'rndc freeze' before editing the zone file,
> and 'rndc thaw' afterward, that means you're using a
> dynamic zone. In which case, you have the following options for
> making changes to the zone:
> 1. Freeze and thaw the zone as you have been doing.
> 2. Make the zone static (remove the allow-update statement from
> inside the zone statement).
> 3. Use nsupdate to make any changes. You might develop a script-based
> system of tools to make this a little easier.
> 4. Use a GUI that handles this gracefully. (Again, my company makes a
> product of this type. We do have a small business edition.)
> The problem with the 'freeze and thaw' method (method 1 above) is,
> you're effectively making the zone static temporarily while you write
> out the zone. So if you have a reason for the zone to be dynamic,
> during the editing window your server is rejecting updates. If this
> is not a problem, then you probably don't need a dynamic zone, and
> could then go with method 2 above. Method 1 should normally not be
> considered standard operating procedure.
> Chris Buxton
> Men & Mice
> On Sep 12, 2007, at 10:12 AM, Ryan McCain wrote:
>> Stephen,
>> I am now thinking of just manually updating the zone files due to
>> us having such a small environment.  Do I sill need to freeze the
>> zone before updating a zone file or can that be done on the fly?
>> --------------------------------------
>> Ryan McCain
>> Northrop Grumman Corporation
>> Linux System Administrator 3
>> email: Ryan.McCain at
>> Phone: 225.505.3832
>> Fax: 225.219.0540
>> Registered Linux User #364609
>>>>> "Stephen John Smoogen" <smooge at> 09/11/07 9:43 PM >>>
>> On 9/11/07, Bill Larson <wllarso at> wrote:
>>> On Sep 11, 2007, at 5:16 PM, Chris Buxton wrote:
>>>> Men & Mice offers a product that handles DNS and DHCP management.
>>>> Support for ISC DHCP will be available in a few months. If you're
>>>> interested, please feel free to contact me off-list, or visit our
>>>> website.
>>>> <>
>>>> Chris Buxton
>>>> Men & Mice
>>> And, it is the BEST GUI tool for managing BIND.  The web based tools
>>> are nice, but not as good as Mice & Men.
>> I have to agree for large sites it is wonderful. For 1 zone of 50 ips
>> with 2 admins... it might be overkill. To be honest for a zone that
>> small it is better to train the people to do the edits by hand. I  
>> have
>> found that it trains them then to know what the GUI did wrong when  
>> you
>> put a GUI in later.
>> I personally do not like webmin. I have cleaned up too many security
>> incidents because of it.. it is usually because people forget to
>> update it or turn on something that isnt standard... which can happen
>> with any software... but it has left a bad taste in my mouth :).
>> -- 
>> Stephen J Smoogen. -- CSIRT/Linux System Administrator
>> How far that little candle throws his beams! So shines a good deed
>> in a naughty world. = Shakespeare. "The Merchant of Venice"

More information about the bind-users mailing list