Hi Swinog I guess all of us is in touch to administrate DNS Servers. And I guess Bind will be a popular one. In our situation, different admins, with different skill make changes on zone files. And some guys (. I cannot understand why.), don't like vi as administration tool. We're looking for a web based Admin Tool, to manage our zone files on two Bind DNS (Master, slave) Servers. If any possible, this tool should support zone based admin rights for external customers.
What kind of tool do you use? Webmin? Plesk? vi?
I found a lot of outdated and unmaintained tools, quite frustrating.
Thank you very much! Cheers Adrian
On 06.02.2016 17:34, Kägi Adrian wrote:
We're looking for a web based Admin Tool, to manage our zone files on two Bind DNS (Master, slave) Servers. If any possible, this tool should support zone based admin rights for external customers.
I do this the following way - haven't found anything better yet:
- Webmin - Add the Slaves into the Webmin Master within "Other Servers" - This way, we have single sign on
Step 2: Go to bind settings Webmin>Servers>Bind>Cluster slave Servers Add the other Slaves (3 in my case) Create secundary on slave: yes create all existing master zones on slave: yes name for NS record: show the ns2.yourname.ch
make sure to not have a trailing . or it might double .. on the end in the zone
now put virtualmin over it (don't get fooled into having to use the commercial cloudmin)
now you have delegated access. you still see all zones as sudo user ;) Perfect imho.
I created a package (Service definition) that only allowed dns changes) I then use whmcs to manage my client- my clients can order their own free DNS management via a "free package" on WHMCS which then provisions on these dns.
Do not let a provisioning system auto-accept orders. Otherwise, someone will create gmail.com on your dns and hijack all the emails of the people which use your dns to resolve (that's one reason one should keep resolvers and authoritative DNS Split)
I hope that was some input, it took me quite some time to figure out the best solution.
ps: Tested even to have clients order reverse v6 zones. it worked! The client might be even on this ML ;)
Silvan
Am 06.02.2016 um 17:34 schrieb Kägi Adrian adrian.kaegi@dvbern.ch:
Hi Swinog I guess all of us is in touch to administrate DNS Servers. And I guess Bind will be a popular one. In our situation, different admins, with different skill make changes on zone files. And some guys (. I cannot understand why.), don't like vi as administration tool. We're looking for a web based Admin Tool, to manage our zone files on two Bind DNS (Master, slave) Servers. If any possible, this tool should support zone based admin rights for external customers.
What kind of tool do you use? Webmin? Plesk? vi?
I found a lot of outdated and unmaintained tools, quite frustrating.
Hi,
we use NicTool (http://www.nictool.com http://www.nictool.com/, https://github.com/msimerson/NicTool/releases https://github.com/msimerson/NicTool/releases ) Though, it’s web interface is currently not public-facing.
The only thing it doesn’t do right now is DNSSEC. Also, its privilege-system granularity stops at the zone level. So, you can assign the rights for a complete forward- or reverse-zone, but not for a single IP of a reverse-zone.
The web interface itself is usable, but lacks i18n.
People can still shoot themselves in the foot - but the tool does a lot of checks in advance.
The cool thing is, it supports all kinds of DNS-servers, not just bind.
Rainer
Hi,
You can have a look on ISPConfig. It's working well with Bind, web interface, for admin, users and resellers. Many option, and full open source.
Rémy
Le 6 févr. 2016 à 17:46, Kägi Adrian adrian.kaegi@dvbern.ch a écrit :
Hi Swinog I guess all of us is in touch to administrate DNS Servers. And I guess Bind will be a popular one. In our situation, different admins, with different skill make changes on zone files. And some guys (. I cannot understand why.), don't like vi as administration tool. We're looking for a web based Admin Tool, to manage our zone files on two Bind DNS (Master, slave) Servers. If any possible, this tool should support zone based admin rights for external customers.
What kind of tool do you use? Webmin? Plesk? vi?
I found a lot of outdated and unmaintained tools, quite frustrating.
Thank you very much! Cheers Adrian
_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Kägi Adrian wrote:
Hi Swinog I guess all of us is in touch to administrate DNS Servers. And I guess Bind will be a popular one. In our situation, different admins, with different skill make changes on zone files. And some guys (. I cannot understand why.),
Anyone who has not managed to work with vi, should not be let near a nameserver.
Second that, and... Have a look at incognito.com Name Commander. It's a commercial tool that governs BIND servers.
Another option would be to outsource the whole DNS service to a team which knows what they're doing :) On 6 Feb 2016 20:19, "Per Jessen" per.jessen@enidan.ch wrote:
Kägi Adrian wrote:
Hi Swinog I guess all of us is in touch to administrate DNS Servers. And I guess Bind will be a popular one. In our situation, different admins, with different skill make changes on zone files. And some guys (. I cannot understand why.),
Anyone who has not managed to work with vi, should not be let near a nameserver.
-- Per Jessen, Zürich (4.8°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland.
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Am 06.02.2016 um 20:42 schrieb Stanislav Sinyagin ssinyagin@k-open.com:
Second that, and... Have a look at incognito.com http://incognito.com/ Name Commander. It's a commercial tool that governs BIND servers.
Another option would be to outsource the whole DNS service to a team which knows what they're doing :)
That’s sometimes a difficult decision. Though few will count DNS as being a core-business, a lot of stuff depends on it.
And unless it’s a core-business, you will certainly not be able to run it as well as somebody like dyn.com or easydns.com http://easydns.com/.
It really depends on how much of an „ISP“ you consider yourself and how many zones you maintain (and how many queries you get to those zones).
Hi,
What kind of tool do you use? Webmin? Plesk? vi?
VIM and Git / Gitlab.
We're using Knot, that's a great authoritative DNS server. And we created some CI/CD magic around zonefile management: A Gitlab CI jobs takes care of incrementing serial numbers, checking syntax and deploying zonefiles to the hidden master. Queries are only done to the slaves. This works great for us...
An improvement could be a tool (webinterface, cli) to manage the zonefiles, but that hasn't happened yet.
Cheers, Tobias
I've also tried to build some GUI tools for BIND. It's not that easy. I was only able to build some Perl Scripts so that people with low Linux skills can manage the zones..
In the end we changed to PowerDNS and built or own GUI with PHP/MySQL. Our Users are happy with it and they don't need any skills except of what they put in their zones :-)
But we've only about 800 Zones, don't know how good PowerDNS scales in a huge Environment
Hi,
What kind of tool do you use? Webmin? Plesk? vi?
Five years ago, after evaluating Open Source and commercial solutions against similar requirements (plus simple/automated DNSSEC management), I ended up recommending (virtual) appliances from http://Infoblox.com . Essentially, they integrate BIND on top of Linux, with Web UI and a open comprehensive Perl API.
However, I migrated my own OpenBSD-based DNS servers from BIND to nsd and unbound. OpenBSD had dropped BIND from its base due to its frequent security issues, and probably also due to the difficulties its devs & maintainers at ISC went through...
Regards, Rolf
Hi,
Am Sonntag, den 07.02.2016, 13:35 +0100 schrieb Tobias Brunner:
What kind of tool do you use? Webmin? Plesk? vi?
VIM and Git / Gitlab.
We're using Knot, that's a great authoritative DNS server. And we created some CI/CD magic around zonefile management: A Gitlab CI jobs takes care of incrementing serial numbers, checking syntax and deploying zonefiles to the hidden master. Queries are only done to the slaves. This works great for us...
I was about to write the same thing.
We do not maintain a lot of zones. We use vi or another text editor. The files are checked into Gitlab and Jenkins does various tests (including checking if the serial has been changed ;) The puppet takes over and deploys the file to a hidden master wich uses AXFR to update the real DNS servers.
Andre
Hy All Wow, thank you very much! It looks, all had / have same needs and Problems! Now I have a lot of products to evaluate! :-)
Thank you very much! Cheers Adrian
-----Ursprüngliche Nachricht----- Von: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] Im Auftrag von Andre Timmermann Gesendet: Sonntag, 7. Februar 2016 14:17 An: Tobias Brunner tobias@tobru.ch Cc: swinog@lists.swinog.ch Betreff: Re: [swinog] DNS Admin tool
Hi,
Am Sonntag, den 07.02.2016, 13:35 +0100 schrieb Tobias Brunner:
What kind of tool do you use? Webmin? Plesk? vi?
VIM and Git / Gitlab.
We're using Knot, that's a great authoritative DNS server. And we created some CI/CD magic around zonefile management: A Gitlab CI jobs takes care of incrementing serial numbers, checking syntax and deploying zonefiles to the hidden master. Queries are only done to the slaves. This works great for us...
I was about to write the same thing.
We do not maintain a lot of zones. We use vi or another text editor. The files are checked into Gitlab and Jenkins does various tests (including checking if the serial has been changed ;) The puppet takes over and deploys the file to a hidden master wich uses AXFR to update the real DNS servers.
Andre
_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Hello,
you can use vi and git :)
https://github.com/dyne/gitzone
this is a very good tool to manage bind configuration and zones.
Cheers
Saverio
On 06/02/16 17:34, Kägi Adrian wrote:
Hi Swinog I guess all of us is in touch to administrate DNS Servers. And I guess Bind will be a popular one. In our situation, different admins, with different skill make changes on zone files. And some guys (. I cannot understand why.), don't like vi as administration tool. We're looking for a web based Admin Tool, to manage our zone files on two Bind DNS (Master, slave) Servers. If any possible, this tool should support zone based admin rights for external customers.
What kind of tool do you use? Webmin? Plesk? vi?
I found a lot of outdated and unmaintained tools, quite frustrating.
Thank you very much! Cheers Adrian
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
-
Andre Timmermann -
DUCHET Rémy -
Kägi Adrian -
Michael Righter -
Per Jessen -
Rainer Duffner -
Rolf Sommerhalder -
Saverio Proto -
Silvan Gebhardt -
Stanislav Sinyagin -
Tobias Brunner