Bind-Efficientip

Reindl Harald h.reindl at thelounge.net
Wed Oct 23 23:37:46 UTC 2019 


Am 24.10.19 um 00:53 schrieb Mik J:
> You won't do it within a night that's for sure

add the delegation part for who can show and edit which zones?

easily given that the whole backend was written basicly in a single
night after the day we decided to move all dns zones from customers to
our own infrastructure

> But yes the vendors assemble components with a web interface and database.
> But now it seems to me that all products add more intelligence.

that's what you do after the basic stuff is rock solid to get rid of
boring manual tasks  on check lists what to look for after register /
transfer a zone

> For my own needs bind alone is all fine because I'm root.
> But for 500+ users that need to view, modify some zones, import, export
> I'm not sure that would be possible.

the most interesting stuff here was "virtual cnames" or whatever it
could be called that i can just add a hostname from within our own
domain and it becomes replaced by the host-ip at the time the zone file
is generated from the database record

as well as put default MX records including the "honeypot backup-mx",
presets for SPF, add helo-SPF for every host and null-MX combined with
"v=spf1 -all" for zones without a MX record

it's nice to pack as much as possible stuff in your own zone and press a
button which generates 800 zones from scratch with current data and
raise the serials

> Le jeudi 24 octobre 2019 à 00:44:36 UTC+2, Reindl Harald
> <h.reindl at thelounge.net> a écrit :
> 
> Am 24.10.19 um 00:35 schrieb Mik J via bind-users:
>> Efficient IP uses bind (+ nsd/unbound) as the DNS server.
>>
>> One major difference between Efficient IP and bind is when you want to
>> delegate the zone configuration to users and groups. I think it's called
>> role based management.
>> So let's say you want team1 to have read/write access to the zone
>> team1.cyberia.net.sa, team2 to team2.cyberia.net.sa... on one server.
>> You can have team2 to be able to view all the content of the zone 
>> team1.cyberia.net.sa and so on.
>> I don't think it's possible to do this on bind only / unix
>> There are granular rights.
>>
>> The second thing it that DHCP, DNS, IPAM work together. You can automate
>> the IP reservation and the DNS record creation for example.
>>
>> The ability to import/export data from csv or API SOAP/Rest
>>
>> Infoblox and Bluecat are other similar products along with a few others.
>
> at the end of the day it's just some interface utilizing the underlying
> tools - i don't see why i couldn't expand my webinterface generating
> zonefiles since 11 years now with some permission delegation within a
> night if needed

More information about the bind-users mailing list