IP Address Management Tool (IPAM) for DNS and DHCP

Greg Chavez greg.chavez at gmail.com
Fri Mar 7 16:28:31 UTC 2008 

On 04 Mar 2008 18:46:08 +0000, Paul Vixie <Paul_Vixie at isc.org> wrote:
> "Larry Fahnoe" <fahnoe at fahnoetech.com> writes:
>
>  > I've been happy with DNSone from Infoblox http://www.infoblox.com/.  It
>  > is robust and easy to use.  Since it is an appliance based solution it
>  > may be a bit of a departure from what you are currently using, but it
>  > will interoperate with stock bind servers.  I replaced my bind and ISC
>  > dhcp servers with the Infoblox solution and haven't looked back.
>  > --Larry
>
>  can those who use ip address management tools rather than raw BIND9 servers
>  state some of their requirements here, so that we can make plans for BIND10?

Whatever you do, don't aspire to be like Infoblox and rule the Network
Information roost with the GUI to end all GUIs.  Managers crave
integration and one-stop-shopping and big fat GUIs with blinking
lights and service contracts and, of course, pie charts.  But even
with appliances that run BIND under the hood, like Infoblox, this tidy
arrangement comes with a terrible cost to the admins who are tasked
with running the show.

In a nutshell, you are limited by whatever capabilities the appliance
company has seen fit to provide.  Allow-query-cache?  No, not for you.
 Named-xfer?  Great Scott, what do you want that for!  $GENERATE?  Get
lost.  What zones have the IP address in their rdata?  Who knows!  I
could go on, but suffice it to say, we finally convinced our managers
to return to the straight-BIND fold after two years of pulling our
hair with Infoblox.  Praise be.

I should say that, to their credit, Infoblox does a lot of neat things
and I can imagine being in certain situations where I might recommend
it for my employer or client; it just doesn't do straight DNS very
well.  But what I would like to see most from BIND is a sustained
commitment to RFC compliance and configuration simplicity.  One thing
that would help in the latter regard is a tighter marriage with
BIND-DLZ, which we are currently trying to get working with a MySQL
backend.  Our named.conf looks horrific and there seems to be an
absence of best practices and advice in the overlap area between BIND
and BIND-DLZ.

-- 
--Greg Chavez
--

More information about the bind-users mailing list