IP Address Management Tool (IPAM) for DNS and DHCP

David Nolan vitroth+ at cmu.edu
Tue Mar 4 19:58:59 UTC 2008 


--On Tuesday, March 04, 2008 19:09:02 +0000 Paul Vixie <Paul_Vixie at isc.org> 
wrote:

>
> what i'm looking for in this thread, though, is management features like
> clustering, XML-based config, better support for GUI, or other reasons why
> people aren't running raw BIND9 and instead pulling in something like
> InfoBlox, M&M, etc.  how can BIND10 better support this functionality,
> and/or better support these vendors, than BIND9 does?


Paul,

That depends on what you mean by "running raw BIND9".  Our IPAM system 
(Carnegie Mellon's NetReg, previously mentioned) serves as a management 
system for maintaining both the configuration and data of our BIND servers. 
I can't imagine trying to maintain multiple server groups, with hundreds of 
zones and thousands of records by hand.  But NetReg does much more then 
just manage BIND.  (For some details I won't go into here, see 
http://netreg-wiki.andrew.cmu.edu/twiki/bin/view/Netreg/BeyondNetReg)

There are many features that belong in an IPAM system that are outside of 
scope for BIND.  Features like:
- What IP space do I own, how is it subnetted, how utilized are those 
subnets?  (See http://www.net.cmu.edu/netreg/newpics/netreg-subnet-map.png 
and http://www.net.cmu.edu/netreg/newpics/netreg-subnet-utilization.png )
- Who is responsible for machine X, or what machines does user Y control.
- Integration with non-BIND systems (dhcpd, RADIUS, incident tracking, 
vulnerability scanning, PKI systems (for WPA2 / VPN), etc.)

Some things which could fall within scope for BIND include:
- Flexible fine-grained permissions for things like "Who can register 
machines in domain X", "Who can request specific IP addresses for machines 
in subnet X", "Who can create records of certain types in domain X", "Who 
can create records with specific names in domain X"

Some features that would be beneficial in BIND10 for use by an IPAM system:
- dynamic configuration modification.  add new zones programatically.
- redundant master servers for dynamic updates


-David Nolan
 Network Software Designer
 Computing Services
 Carnegie Mellon University

More information about the bind-users mailing list