Best GUI tool for managing BIND 9.x

Ryan McCain Ryan.McCain at dss.state.la.us
Thu Sep 13 16:59:19 UTC 2007


I must have had the "allow-update" statement in there before.  Now I'm not having the problem.

Thx

>>> On Wed, Sep 12, 2007 at  3:36 PM, in message
<BE7C4D4F-F207-48D6-A624-C1700B6D18B7 at menandmice.com>, Chris Buxton
<cbuxton at menandmice.com> wrote: 
> It is quite normal to update zone files while the service is running.  
> After editing the file, simply execute this command:
> 
> rndc reload zone.name
> 
> named will load in the updated zone and, with newer versions, will  
> create or update the journal file to reflect the changes you've made.  
> (This is done to support incremental zone transfers to slaves.)
> 
> Note that if you get an error stating the zone is dynamic, but you do  
> not have any allow-update statements, look for an update-policy  
> statement instead.
> 
> Chris Buxton
> Men & Mice
> 
> On Sep 12, 2007, at 12:58 PM, Ryan McCain wrote:
> 
>> We don't need dynamic zones.  I have no idea how the .jnl file got  
>> out of sync w/ the zone file then considering 'allow-update' isn't  
>> anywhere in our named.conf files.  I'll have to dig around more on  
>> that.
>>
>> Knowing this can I manually update the zone files while named is  
>> running? I was under the impression I had to freeze it beforehand.  
>> Apparently that is completely wrong.
>>
>>>>> Chris Buxton <cbuxton at menandmice.com> 09/12/07 2:45 PM >>>
>> If you're using 'rndc freeze zone.name' before editing the zone file,
>> and 'rndc thaw zone.name' afterward, that means you're using a
>> dynamic zone. In which case, you have the following options for
>> making changes to the zone:
>>
>> 1. Freeze and thaw the zone as you have been doing.
>> 2. Make the zone static (remove the allow-update statement from
>> inside the zone statement).
>> 3. Use nsupdate to make any changes. You might develop a script-based
>> system of tools to make this a little easier.
>> 4. Use a GUI that handles this gracefully. (Again, my company makes a
>> product of this type. We do have a small business edition.)
>>
>> The problem with the 'freeze and thaw' method (method 1 above) is,
>> you're effectively making the zone static temporarily while you write
>> out the zone. So if you have a reason for the zone to be dynamic,
>> during the editing window your server is rejecting updates. If this
>> is not a problem, then you probably don't need a dynamic zone, and
>> could then go with method 2 above. Method 1 should normally not be
>> considered standard operating procedure.
>>
>> Chris Buxton
>> Men & Mice
>>
>> On Sep 12, 2007, at 10:12 AM, Ryan McCain wrote:
>>
>>> Stephen,
>>>
>>> I am now thinking of just manually updating the zone files due to
>>> us having such a small environment.  Do I sill need to freeze the
>>> zone before updating a zone file or can that be done on the fly?
>>>
>>>
>>> --------------------------------------
>>>
>>> Ryan McCain
>>> Northrop Grumman Corporation
>>> Linux System Administrator 3
>>> email: Ryan.McCain at dss.state.la.us
>>> Phone: 225.505.3832
>>> Fax: 225.219.0540
>>>
>>> Registered Linux User #364609
>>>
>>>
>>>>>> "Stephen John Smoogen" <smooge at gmail.com> 09/11/07 9:43 PM >>>
>>> On 9/11/07, Bill Larson <wllarso at swcp.com> wrote:
>>>> On Sep 11, 2007, at 5:16 PM, Chris Buxton wrote:
>>>>
>>>>> Men & Mice offers a product that handles DNS and DHCP management.
>>>>> Support for ISC DHCP will be available in a few months. If you're
>>>>> interested, please feel free to contact me off-list, or visit our
>>>>> website.
>>>>>
>>>>> <http://menandmice.com/>
>>>>>
>>>>> Chris Buxton
>>>>> Men & Mice
>>>>
>>>> And, it is the BEST GUI tool for managing BIND.  The web based tools
>>>> are nice, but not as good as Mice & Men.
>>>>
>>>
>>> I have to agree for large sites it is wonderful. For 1 zone of 50 ips
>>> with 2 admins... it might be overkill. To be honest for a zone that
>>> small it is better to train the people to do the edits by hand. I  
>>> have
>>> found that it trains them then to know what the GUI did wrong when  
>>> you
>>> put a GUI in later.
>>>
>>> I personally do not like webmin. I have cleaned up too many security
>>> incidents because of it.. it is usually because people forget to
>>> update it or turn on something that isnt standard... which can happen
>>> with any software... but it has left a bad taste in my mouth :).
>>>
>>> -- 
>>> Stephen J Smoogen. -- CSIRT/Linux System Administrator
>>> How far that little candle throws his beams! So shines a good deed
>>> in a naughty world. = Shakespeare. "The Merchant of Venice"
>>>
>>>
>>>
>>>
>>
>>
>>
>>



More information about the bind-users mailing list