gitnamed, a project to manage name server by git
ppyy at pubyun.com
Wed Jan 9 18:22:14 UTC 2013
updated, i add a hook to validate and auto incement serial of SOA
Feature of GitNamed
a frame to manage your DNS server
put all your DNS data into git, and you have a revision for your DNS
data, you can backup and restore them easily
it's easy to manage your DNS resource record, just edit and commit
DNS manager need no OS account on DNS server, only git account
using hooks to validate syntax of zone file when commting
using hooks to auto increcement serial of SOA when commting
2013/1/9 Vernon Schryver <vjs at rhyolite.com>:
>> When I built my DNS zone creator, I got tired of users complaining that
>> their zones has "errors" and so I re-coded my serials to start with YYYY
>> followed by six digits based on the current date/time.
>> Oddly, that seems to fool most (although not all) of the DNS validation
>> tools out there, despite the fact that I generate things like 2012804572
>> which doesn't exactly have a "valid" MM or dd.
> For many years I've found serial number checks good indications of
> whether a DNS validation tool's report will be a bad joke. If it
> checks the serial number format, then that's often the least harmful
> among the FUD that it's selling.
> I just tried some DNS "validation" tools, and revalidated that rule
> and another. The other rule is that if they sell DNS and other
> monitoring services, then they will flash red and yellow about your
> serial numbers, your MX servers, and a host of other non-issues that
> you almost certainly should not "fix."
> Even if RFC 1912 were not Informational, it would still only recommend
> and not mandate YYYYMMDDnn. Even if RFC 1912 were on the standards
> track and said "MUST", it would be violated in zones that change more
> than 100 times per day. How long has BIND9 had "serial-update-method"?
>> I've given up contacting so-called validation tools and asking them to
>> remove warnings about valid serials, they seem happier reporting
>> non-errors, and at best they'll return a "Not standard, but I guess it's
>> okay". It's a shame too, as these tools can provide a sanity check.
> What good are sanity checks from the certifiable or worse? Do you
> take medical advice (or any advice) from those who claim that DPT
> vaccines cause autism?
> It's sad but predictable that DNS validation/monitoring services are
> like some auto repair shops. Last week my wife took her car to the
> dealer for a minor recall. She came back with a long list of expensive
> things that she should have had fixed before leaving the dealer--provided
> you're car clue allergic, credulous, and don't have anyone to shout
> "NO!" when asked. On the other hand, the dealer's careful inspection
> failed to note the idiot light warning about a low tire.
> (cue discussion with wife 2 mornings later when I noticed the flat
> tire about the "flame (sic)" idiot light that she'd been watching since
> before the trip to the dealer and that obviously didn't matter because
> high temperatures can only be a good thing given the weather.)
> Vernon Schryver vjs at rhyolite.com
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
彭勇 (Peng Yong)
邮箱：ppyy at pubyun.com
More information about the bind-users