ISC releases BIND 9.16.0 as a stable release - Here's an inside look at what's new, changed and dropped from the latest stable version of BIND.
Bind 9.16.0 was recently released by the ISC and announced Feb. 19, 2020. The BIND 9.15 experimental branch of code has been deemed complete, stable and production worthy, making BIND 9.16 a stable branch of BIND. The ISC has adopted (as of BIND 9.13 and 9.14) an odd-unstable vs even-stable release numbering convention. This BIND 9.16.0 release is characterized using the following three (3) criteria:
- major code refactoring
- new featu...
Configure serial console port access for your Infoblox Virtual Appliances on VMware.
Quite often when you deploy virtualized Infoblox appliances in an enterprise VMware environment, you hand over the OVF/OVA file(s) to a VM Engineering group to complete the install. Additionally, you find yourself giving them installation instructions because you are not granted VMware console access to your own devices. In this case, it is risky to the DDI engineering and operations team if you don't have out-of-band (OOB) serial terminal console access to all your deployed VMs. This article presents an...
Learn to programatically compare lists of networks from spreadsheets, text files, and other databases with the Infoblox Grid.
I sort of struggled what to call this blog entry, but at the time, this is what I was trying to do. I was tasked with taking a list of network IP Addresses from router/switch config files and compare them to a different list of networks currently defined in an Infoblox Grid. All I needed was something that worked and that was timely since I didn't have lavish amounts of time.
The logical flow of my script would go something like this:
- fetch all Infoblox networ...
Learn how to compare DNS zones as a post DNS migration task.
Having performed hundreds of DNS migrations of all sorts of size and shape, I can't overemphasize the importance of performing post-migration zone-by-zone resource record validation and verification. Customers used to be amazed at the results of such a detailed check. Now, they simply demand it and expect it. I used to perform these zone-by-zone checks using personally developed scripts written in Perl, Ruby, Python, and even Java. These scripts have served me well over time. Nowadays, the zones are bigger, and there are more zon...
Programatically store IPv4 and/or IPv6 IP addresses in MongoDB.
Recently, I wanted to write some IP Address Management tools using server side Javascript (nodejs) and be able to store IP Address data into a MongoDB backend database. Simple! I'll just perform IP-to-Decimal conversions like I always do. Problem solved. End of article? Wait! Not so fast...
That won't work since:
- Javascript's native Number data type only supports 64-bit integers
- MongoDB doesn't have a data types that would support BigInts - so, I couldn't use one of the many Number-to-BigInt libraries
The solution...
A demonstration of how to successfully configure GSS-TSIG or secure dynamic updates on ISC Bind.
After several hours of trying to get this to work, perhaps this article would have been better named "GSS-TSIG on ISC Bind -- The Missing Manual". I know in working with others, we experienced many trials and tribulations in getting it all to work. GSS-TSIG DNS Updates or secure dynamic updates is an extension to TSIG based updates which implements secure key exchange. GSS API calls for the use of Kerberos for authentication, integrity and confidentiality by establishing a limited lifetim...
Configure the high-performing recursive Unbound DNS server with DNSSEC validation on Linux.
Given all the hoopla surrounding the topic of DNSSEC, it's definitely time to get prepared for it. After all, the last of the root name servers ( J-ROOT ) will all be serving a Deliberately Unvalidatable Root Zone or (DURZ) by May 5th. On July 1st however, there will be distribution of a validatable, production, signed root zone. Signing of the root zone is key for creating the "chain of trust" or a secure delegation hierarchy. DNSSEC securely signed zones vouch for their children's keys, but...
Unbound is an open standards high-performing validating, recursive, caching DNS resolver.
Unbound is a validating, recursive, and caching DNS resolver. Unbound is developed and currently maintained by NLnet Labs, a non-profit, public benefit foundation. It is based on the ideas and algorithms taken from a Java prototype developed by Verisign Labs, Nominet, Kirei, and ep.net. Unbound was released to the public in May 2008 under the BSD Licensing model which allows its use in other products without any major restrictions. In this article, we’ll discuss ten (10) reasons to use Unbound...