Re: Best GUI tool for managing BIND 9.x

3 msg	Re: rndc stats query
3 msg	DNS rebinding partial workaround
5 msg	Can't resolve www.servergraph.org
7 msg	Can't resolve occ.com.mx
9 msg	Error querying a.gtld.biz.
2 msg	block some domain
8 msg	Debian vs SuSE
12 msg	Confused about what $ORIGIN does in relation to @

Best GUI tool for managing BIND 9.x
\ Ryan McCain (11 Sep 2007)
. \ Andrew Armstrong (11 Sep 2007)
. . \ Ryan McCain (11 Sep 2007)
. \ David Nolan (11 Sep 2007)
. . \ Ryan McCain (11 Sep 2007)
. . \ Ryan McCain (11 Sep 2007)
. . . \ David Nolan (11 Sep 2007)
. . . . \ Ryan McCain (11 Sep 2007)
. \ Chris Buxton (11 Sep 2007)
. . \ Bill Larson (12 Sep 2007)
. . . \ Stephen John Smoogen (12 Sep 2007)
. \ Ryan McCain (12 Sep 2007)
. . \ Stephen John Smoogen (12 Sep 2007)
. . \ Chris Buxton (12 Sep 2007)
. \ Ryan McCain (12 Sep 2007)
. \ Ryan McCain (12 Sep 2007)
. . \ Chris Buxton (12 Sep 2007)
. . . \ Ryan McCain (13 Sep 2007)

2 msg	Version compatibility
4 msg	no more recursive clients: quota reached
1 msg	Rene Vasquez/U-Houston/ExxonMobil is out of the...
15 msg	memory leak or other problem
31 msg	Configuring BIND With Multiple Domains
5 msg	Ok for Views to use same Zone information?
4 msg	Mysterious CNAME record Pointing to Network Sol...
7 msg	Building bind-9.4.1-P1 on sco
7 msg	Yahoo Mail servers can't find my domain hostname
1 msg	solution to answer to replace 'Non-existent dom...
1 msg	Allowing zone xfer to slave server --TYPO

Subject:	Re: Best GUI tool for managing BIND 9.x
Group:	Bind-users
From:	Ryan McCain
Date:	13 Sep 2007

I must have had the "allow-update" statement in there before. Now I'm not having the problem.

Thx

>>> On Wed, Sep 12, 2007 at 3:36 PM, in message
<BE7C4D4F-F207-48D6-A624-C1700B6D18B7>, Chris Buxton
<cbuxton> wrote:
> It is quite normal to update zone files while the service is running.
> After editing the file, simply execute this command:
>
> rndc reload zone.name
>
> named will load in the updated zone and, with newer versions, will
> create or update the journal file to reflect the changes you've made.
> (This is done to support incremental zone transfers to slaves.)
>
> Note that if you get an error stating the zone is dynamic, but you do
> not have any allow-update statements, look for an update-policy
> statement instead.
>
> Chris Buxton
> Men & Mice
>
> On Sep 12, 2007, at 12:58 PM, Ryan McCain wrote:
>
>> We don't need dynamic zones. I have no idea how the .jnl file got
>> out of sync w/ the zone file then considering 'allow-update' isn't
>> anywhere in our named.conf files. I'll have to dig around more on
>> that.
>>
>> Knowing this can I manually update the zone files while named is
>> running? I was under the impression I had to freeze it beforehand.
>> Apparently that is completely wrong.
>>
>>>>> Chris Buxton <cbuxton> 09/12/07 2:45 PM >>>
>> If you're using 'rndc freeze zone.name' before editing the zone file,
>> and 'rndc thaw zone.name' afterward, that means you're using a
>> dynamic zone. In which case, you have the following options for
>> making changes to the zone:
>>
>> 1. Freeze and thaw the zone as you have been doing.
>> 2. Make the zone static (remove the allow-update statement from
>> inside the zone statement).
>> 3. Use nsupdate to make any changes. You might develop a script-based
>> system of tools to make this a little easier.
>> 4. Use a GUI that handles this gracefully. (Again, my company makes a
>> product of this type. We do have a small business edition.)
>>
>> The problem with the 'freeze and thaw' method (method 1 above) is,
>> you're effectively making the zone static temporarily while you write
>> out the zone. So if you have a reason for the zone to be dynamic,
>> during the editing window your server is rejecting updates. If this
>> is not a problem, then you probably don't need a dynamic zone, and
>> could then go with method 2 above. Method 1 should normally not be
>> considered standard operating procedure.
>>
>> Chris Buxton
>> Men & Mice
>>
>> On Sep 12, 2007, at 10:12 AM, Ryan McCain wrote:
>>
>>> Stephen,
>>>
>>> I am now thinking of just manually updating the zone files due to
>>> us having such a small environment. Do I sill need to freeze the
>>> zone before updating a zone file or can that be done on the fly?
>>>
>>>
>>> --------------------------------------
>>>
>>> Ryan McCain
>>> Northrop Grumman Corporation
>>> Linux System Administrator 3
>>> email: Ryan.McCain
>>> Phone: 225.505.3832
>>> Fax: 225.219.0540
>>>
>>> Registered Linux User #364609
>>>
>>>
>>>>>> "Stephen John Smoogen" <smooge> 09/11/07 9:43 PM >>>
>>> On 9/11/07, Bill Larson <wllarso> wrote:
>>>> On Sep 11, 2007, at 5:16 PM, Chris Buxton wrote:
>>>>
>>>>> Men & Mice offers a product that handles DNS and DHCP management.
>>>>> Support for ISC DHCP will be available in a few months. If you're
>>>>> interested, please feel free to contact me off-list, or visit our
>>>>> website.
>>>>>
>>>>> <http://menandmice.com/>
>>>>>
>>>>> Chris Buxton
>>>>> Men & Mice
>>>>
>>>> And, it is the BEST GUI tool for managing BIND. The web based tools
>>>> are nice, but not as good as Mice & Men.
>>>>
>>>
>>> I have to agree for large sites it is wonderful. For 1 zone of 50 ips
>>> with 2 admins... it might be overkill. To be honest for a zone that
>>> small it is better to train the people to do the edits by hand. I
>>> have
>>> found that it trains them then to know what the GUI did wrong when
>>> you
>>> put a GUI in later.
>>>
>>> I personally do not like webmin. I have cleaned up too many security
>>> incidents because of it.. it is usually because people forget to
>>> update it or turn on something that isnt standard... which can happen
>>> with any software... but it has left a bad taste in my mouth :).
>>>
>>> --
>>> Stephen J Smoogen. -- CSIRT/Linux System Administrator
>>> How far that little candle throws his beams! So shines a good deed
>>> in a naughty world. = Shakespeare. "The Merchant of Venice"
>>>
>>>
>>>
>>>
>>
>>
>>
>>