Linux Archive

Linux Archive (
-   Debian ISP (
-   -   bind9 graphical admin interface (

Nate Duehr 04-02-2008 09:28 PM

bind9 graphical admin interface
On Apr 2, 2008, at 12:53 AM, Boris Pavlov wrote:


Craig's information is correct, but the "ugly tricks" comment isn't
fair. Those "ugly tricks" aren't that bad, and they've been WELL
documented since 1998 in RFC 2317!

Those, well documented ,in rfc, tricks are, indeed, UGLY tricks.
Having something well documented does not make it beautiful.

Yeah, but the tricks are only necessary because IP's don't map well to
a hierarchical namespace that has the least significant field on the
right, and the most significant field on the left, while people fluent
in "IP" read least specific to most specific left to right..
Honestly, pointing CNAMES from one zone to another is done all the
time for Forward DNS, example a company with a main domain and sub-
domains administered by more local admins...
CNAME to delegate to the internal website people
CNAME for to send that to the nameserver
run by the US IT folks
CNAME for to send that to the nameserver
run by the folks in Oz

This is all completely normal for DNS. The RFC is just applying that
knowledge to the reverse mapping of IP addresses. It's not difficult,
not that uncommon in forward zones, and not really all that "ugly".

I think the problem is, people don't really get "delegation" of sub-
zones, even in the forward direction. Then they're asked to read IP
addresses "backward" on the screen and they just end up hopelessly
confused, because whoever taught them, didn't explain the concept of
delegated zones clearly.

All zones are delegated from ".", which is seeded into all resolvers
by hard-coded files, after all. Then you just work your way down from
the top of the tree. Same with reverse DNS, but it's all listed
backwards, which drives people batty who can't force themselves to
"think like DNS, not the router" and "work from right to left".

Honestly, there are too much classful/octal ugly shit still floating

Fire up IPv6 and make it worse. Then you can start struggling with
broken clients that refuse to look up your AAAA records in your DNS
server once they've cached an A record, and similar. Giant hex
numbers are definitely a step forward in usability... (cough)!


DNS just isn't hard. For a completely distributed mini database
(imagine what anyone could do with TXT files but don't...) --
including administration of the servers -- that operates worldwide,
it's pretty impressive. Some of the router tricks and things done to
Anycast the root servers (some of them anyway) is also some neat work.

The only system more impressive that's as distributed as DNS (or
should I say similar design, but a much more controlled user-base and
certification requirements for clients and servers, and closed access)
is SS7 in telecom, mostly because it has strict rules about lookup
times that DNS does not. (Cough, Comcast DNS admins... slow...

Nate Duehr

To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact

randall 04-03-2008 03:44 PM

bind9 graphical admin interface
A. Dreyer (debian-isp) wrote:

randall wrote:

Adam McGreggor wrote:

On Tue, Apr 01, 2008 at 07:01:29PM +0200, randall wrote:

dear all,

i have some troubles with my ISP, its a small time ISP who manages
the glassfiber connection for our office building and provides
several services for the tennants. its a Ms shop with a point and
click admin and i must say i' m not really impressed by his
knowledge, not really a problem since i only need the internet
connection and there is little that can go wrong there between me and
the cisco router set up there by a professional provider....accept
for 1 thing.....PTR records...

his software has a nice button that says do you want to create a PTR
record but its simply not working.

What do dig/nslookup report?

unless i dig @his.dns.server -x directly


This sounds like there is no upstream referer to his DNS Server. Who
owns the IP range? Who is your ISPs upstream ISP?

Please contact the person listed as Admin-C when you run
whois -h -d $IP


turns out to be a tiny little misconfig upstream after all,

thanks for the hint.

in the meanwhile i'll take the time to dive a little more in to bind and

smbind as a simple zone management tool looks pretty nice.

To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact

All times are GMT. The time now is 03:04 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.