Karl Auer wrote:
On Tue, 2010-11-16 at 11:16 -0800, Chris Buxton wrote:
With a management solution, of course. :-)
[...]
The advantages include:
- Two admins with different ideas of how files should be named and
laid out don't butt heads. The management solution makes the decision.
- There is an audit trail showing who did what, so that when something
goes wrong, the correct lesson can be learned.
Integration with DHCP and IP address management is often another benefit.
Other advantages:
- point and click, whatever the command-line weenies tell you, is more
comfortable and, for the most common operations, usually faster :-)
- a good IPAM has a permissions structure, so you can allow
lower-skilled people to make certain changes, or distribute the
management task.
- you avoid whole classes of typo and typo-like errors, such as
forgetting full-stops, misspelling "in-addr.arpa", putting in-addr.arpa
instead of ip6.arpa or vice versa, making a timeout "60000" instead of
"6000", missing nibbles out of an IPv6 $ORIGIN or PTR, writing the PTR
octets forwards instead of backwards in a PTR...
- you avoid most consistency errors, within a zone, between zones,
between views, between servers. You get the identical updates made
identically on all relevant servers, in all relevant views,
automatically.
- there are generally bulk insert/delete/update methods
- the tool looks after correctly stopping, starting, reloading etc, so
you don't accidentally blow away your dynamic updates or end up with a
stopped nameserver or failed zone load because the config was wrong and
you didn't notice.
- most IPAM tools do dynamic updates themselves, so you don't have to do
reloads all the time.
Regards, K.
------------------------------------------------------------------------
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Nicely put Karl,
There are several FOSS IPAM like systems*. IPAM is an Infloblox
proprietary system that Cricket Liu is involved with.
CPanel (and look-a-likes), webmin, among many other web GUI based apps
have some basic DNS configuration capabilities.
Just like the single-sign-on concept, IPAM like tools with a single DNS
database that manages/configures many BIND DNS servers has proven to a
useful model.
Cheers!
Gary
*Even I put together one 10 years ago that is still being used and
updated. http://openisp.net/openisp/unxsVZ/wiki
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
