Best GUI tool for managing BIND 9.x
Ryan.McCain at dss.state.la.us
Thu Sep 13 16:59:19 UTC 2007
I must have had the "allow-update" statement in there before. Now I'm not having the problem.
>>> On Wed, Sep 12, 2007 at 3:36 PM, in message
<BE7C4D4F-F207-48D6-A624-C1700B6D18B7 at menandmice.com>, Chris Buxton
<cbuxton at menandmice.com> wrote:
> It is quite normal to update zone files while the service is running.
> After editing the file, simply execute this command:
> rndc reload zone.name
> named will load in the updated zone and, with newer versions, will
> create or update the journal file to reflect the changes you've made.
> (This is done to support incremental zone transfers to slaves.)
> Note that if you get an error stating the zone is dynamic, but you do
> not have any allow-update statements, look for an update-policy
> statement instead.
> Chris Buxton
> Men & Mice
> On Sep 12, 2007, at 12:58 PM, Ryan McCain wrote:
>> We don't need dynamic zones. I have no idea how the .jnl file got
>> out of sync w/ the zone file then considering 'allow-update' isn't
>> anywhere in our named.conf files. I'll have to dig around more on
>> Knowing this can I manually update the zone files while named is
>> running? I was under the impression I had to freeze it beforehand.
>> Apparently that is completely wrong.
>>>>> Chris Buxton <cbuxton at menandmice.com> 09/12/07 2:45 PM >>>
>> If you're using 'rndc freeze zone.name' before editing the zone file,
>> and 'rndc thaw zone.name' afterward, that means you're using a
>> dynamic zone. In which case, you have the following options for
>> making changes to the zone:
>> 1. Freeze and thaw the zone as you have been doing.
>> 2. Make the zone static (remove the allow-update statement from
>> inside the zone statement).
>> 3. Use nsupdate to make any changes. You might develop a script-based
>> system of tools to make this a little easier.
>> 4. Use a GUI that handles this gracefully. (Again, my company makes a
>> product of this type. We do have a small business edition.)
>> The problem with the 'freeze and thaw' method (method 1 above) is,
>> you're effectively making the zone static temporarily while you write
>> out the zone. So if you have a reason for the zone to be dynamic,
>> during the editing window your server is rejecting updates. If this
>> is not a problem, then you probably don't need a dynamic zone, and
>> could then go with method 2 above. Method 1 should normally not be
>> considered standard operating procedure.
>> Chris Buxton
>> Men & Mice
>> On Sep 12, 2007, at 10:12 AM, Ryan McCain wrote:
>>> I am now thinking of just manually updating the zone files due to
>>> us having such a small environment. Do I sill need to freeze the
>>> zone before updating a zone file or can that be done on the fly?
>>> Ryan McCain
>>> Northrop Grumman Corporation
>>> Linux System Administrator 3
>>> email: Ryan.McCain at dss.state.la.us
>>> Phone: 225.505.3832
>>> Fax: 225.219.0540
>>> Registered Linux User #364609
>>>>>> "Stephen John Smoogen" <smooge at gmail.com> 09/11/07 9:43 PM >>>
>>> On 9/11/07, Bill Larson <wllarso at swcp.com> wrote:
>>>> On Sep 11, 2007, at 5:16 PM, Chris Buxton wrote:
>>>>> Men & Mice offers a product that handles DNS and DHCP management.
>>>>> Support for ISC DHCP will be available in a few months. If you're
>>>>> interested, please feel free to contact me off-list, or visit our
>>>>> Chris Buxton
>>>>> Men & Mice
>>>> And, it is the BEST GUI tool for managing BIND. The web based tools
>>>> are nice, but not as good as Mice & Men.
>>> I have to agree for large sites it is wonderful. For 1 zone of 50 ips
>>> with 2 admins... it might be overkill. To be honest for a zone that
>>> small it is better to train the people to do the edits by hand. I
>>> found that it trains them then to know what the GUI did wrong when
>>> put a GUI in later.
>>> I personally do not like webmin. I have cleaned up too many security
>>> incidents because of it.. it is usually because people forget to
>>> update it or turn on something that isnt standard... which can happen
>>> with any software... but it has left a bad taste in my mouth :).
>>> Stephen J Smoogen. -- CSIRT/Linux System Administrator
>>> How far that little candle throws his beams! So shines a good deed
>>> in a naughty world. = Shakespeare. "The Merchant of Venice"
More information about the bind-users