DNS

I was recently faced with having to change the domain name on a Mac OS X Server. If I had to do this on a Windows machine, it would be a relatively simple process using a GUI interface. However, on a Mac server, there isn't (as of version 10.6.8) a way to change the fully qualified domain name (FQDN) via a GUI. Thankfully, there is a way to change the domain settings using the CLI and it's a piece of cake.

The changeip command was created to allow administrators to change the ip address and FQDN in static config files on a Mac OS X Server. For example, if you setup the DNS and iCal services, instead of manually updating the config files associated with these services, simply running the changeip command updates the files for you. 

The syntax for the command is as follows:

The Internet Systems Consortium has announced a vulnerability present in several versions of BIND 9.x. The description of the vulnerability from their site is as follows:

A defect in the affected BIND 9 versions allows an attacker to remotely
cause the "named" process to exit using a specially crafted packet. This
defect affects both recursive and authoritative servers. The code
location of the defect makes it impossible to protect BIND using ACLs
configured within named.conf or by disabling any features at
compile-time or run-time.

Versions affected are 9.6.3, 9.6-ESV-R4, 9.6-ESV-R4-P1, 9.6-ESV-R5b1, 9.7.0, 9.7.0-P1, 9.7.0-P2, 9.7.1, 9.7.1-P1, 9.7.1-P2, 9.7.2, 9.7.2-P1, 9.7.2-P2, 9.7.2-P3, 9.7.3, 9.7.3-P1, 9.7.3-P2, 9.7.4b1, 9.8.0, 9.8.0-P1, 9.8.0-P2, 9.8.0-P3, 9.8.1b1

While searching for a related topic, I came across this interesting white paper entitled: F5 and Infoblox DNS Integrated Architecture: Offering a Complete Scalable, Secure DNS Solution.  Essentially, if you have F5 BIG IP GTM's on your edge and you are using Infoblox for external DNS, you can integrate the two products to create a Highly Available DNS and DNS Sec architecture. 

This white paper is hardly what I would call exhaustive. It's more of a suggestion on how this type of thing can be done. It's only 18 pages long including the title page, so definitely an easy read. I highly suggest a quick flip through if this is your cup of tea. 

Click here for the PDF.

Want to learn more about DNS? Then pick up this free book from Infoblox while their supplies last. 

DNS on Windows Server 2003 was authored by Matt Larson, Cricket Liu, and Robbie Allen and covers just about everything you need to know to manage DNS on a Windows 2003 server. Granted, most organizations have already retired their 2003 servers for 2008 or another platform, but the content is still fairly relevant and there are chapters that are focused on the technology rather than the operating system specific implementation tasks.

So, what do you have to do to get the book?

IPAM is typically an acronym you don't hear until you start working on large networks. Most small to medium size networks have either a couple large networks (i.e., "the 10.0.0.0/8 network is over there, and the 192.168.0.0/16 network is over there...") or a few /24 subnets like 172.16.1.0/24 for Data, 172.16.2.0/24 for IP Phones, etc. 

However, when you start having to design solutions to integrate with hundreds of remote sites connected via a massive mpls network, multiple redundant data centers, and several campuses with dozens of buildings all interconnected, it becomes challenging to know where 10.37.225.64/28 is located without a spiffy higherarchical IP address design, great documentation, or just plain crawling the network with traceroutes and "show ip route" commands. So because of all that, engineers that work with large networks rely on IPAM to help organize and allocate IP addresses.