Hi guys,

I'm in search of a simple solution for my DNS problem.
my problem is that I have an older rhel bind dns server, that is only editable and usable true command line.
I have some users that must add new dns entries sometimes but are not able to use command line, are non IT people.
so I'm searching for a solution to give them easy gui acces to the zone files in bind so that they can edit them
true a simple gui interface.
I installed new linux, installed bind and webin, i was hoping to be able to do it true webmin, but in webmin
you cannot edit zone files. only the master one's, not the normal slave zone files. I have seen other dns
systems like powerdns but they are not simple dns systems, they use databases etc... that will bring more problems in a simple environment.

Please advise if you know any good simple open source solution this problem. or a better way of doing this.
by the way the server is used only on internal network, i have like 5 subnets.

thanks in advance.

If someone is capable of editing DNS, they are capable of using command line!


PowerDNS can have your choice of backends, including SQLite - which is a non-server single-file database, and thus will not add any of the complexity that a server-based MariaDB/Postgres/etc database might add.

1 members found this post helpful.

Not really, in my case there are users who must add a list of ip's in a zone, they come to me and I do it for them, but it could be much better and faster if any user could login to a gui, go to the zone they need, click edit, paste the list inside and save. this way they are not in commandline, dont have to use vi / nano etc...

This is one of the most horribly bad things I have ever heard. Do you *REALLY* want a user who can't manage to use the CLI or an editor, to be able to edit your DNS server??? If they don't have the skills/knowledge to be able to do such things competently, then they don't need to be doing them in the first place.

And why does your DNS server need to be edited so frequently, that this is an issue?

Its an internal local network environment. The users test some things and every now and then they add or remove a set of ip links

Webmin might help you out for this. Gives the uses a web interface to the DNS server and should be the RHEL repo.

Again, makes zero sense and is a horrible idea. There is *NO NEED* for this, because:

• If your users aren't skilled enough to make a simple change with a simple editor, they shouldn't be doing it
• If they're just testing, there is NO NEED to do a DNS change, since the people testing can simply put an address in their local system's host file

Windows, Mac, and Linux all have host files, and you don't change your whole environment for just a few folks testing. Just no need.

Very strange to see the aproach )
I ask for something.
Instead i get reply that tells me that something is wrong.
You could say i used x or y for some5hing similar. Or you could say x is best solution i know.
Or : i never used gui on bind etc...
Why do you guys think that everything has to be your way?
So if it does not fit your understsnding then its wrong?

The dns info is given to the users in a form of a list. That is a long list. With a gui i could create a simple steps manual that is visually easy. Otherwise i need to teach tem how to use rhel and vi.
So for me in this case is best to create a dns that has gui.

2 members found this post helpful.

Yes, very strange. You came to a community that has lots of very experienced users/admins, and all of us are telling you this isn't a good idea, and giving you alternatives. Yet you don't want to listen...why do you think that (unless it fits your understanding), it's wrong???

Want the best solution? Don't let anyone but trusted users edit DNS, period, ever. Don't edit DNS for test purposes, when there's no need to do so. If you do have to edit DNS, then the people doing it should know what they're doing.
If you are the admin, then BE THE ADMIN. You were given alternatives (powerdns, webmin, local hosts), but seem to ignore them.

And again, what you're saying makes no sense in any way...why are you giving DNS info to any users, in any lists??? What's the point??? Again, if they need to test, they simply add what they need on their local workstation...simple. Use any editor they want, and that's it....they can set google.com to be a printer down the hall, without the need to edit company-wide DNS. And if you are GIVING the users DNS information...why do they then have to edit anything, since you've just given it to them???

Beautifull. You figured it all out right ))
Allright you stay in your box, it seems you like to think inside the box. Bravo.
There will be others who understand my point
About those others like powerdns, im considering them.
I would rather have some gui above bind.
But if wont find anything good then maybe try powerdns with webadmin.
Webmin i already tryed. It is not able to edit slave zone files.

Unfortunately i cannot tell about my environment sothat people like you understand that its really needed this way.
Thanks foe your time.

1 members found this post helpful.

Probably not, since your point would be creating chaos on a system, updating DNS for no reason, and letting unskilled people change something that effects an entire enterprise, for NO REASON. I doubt that anyone is going to see the point in what you're doing, since...
...you won't explain what you're trying to do for what reason. Do you expect us to guess???

You seem to want users to enter DNS information; if they know it, why are you GIVING it to them?? Either they have it and need to provide it to you, or you have it and need to get it to them. Can't be both, can it?? And again, what exactly is the problem in having a tester use their local hosts file to do temporary resolution, as 99.xxxx% of developers do now, with no problems at all??

Editing bind zones for a whole company to test something is ludicrous. If you can't be bothered explaining things, don't wonder why folks are telling you it's a bad idea to do what you're after; either

• Provide the whole picture so we can try to help you
• Take the advice of folks who (apparently) have a lot more experience than you

..and if you don't like either of those, then....

• Figure it out yourself

Again you are stuck inside your box ideas.
I said already its a local internal network, it has its own
Target and its used by a group thst changes often but the main thing they do is testing special devices. Those devices kan respond as 100 devices from its one ip.
This means that a little change makes a big list.
The tesing is done by non it people that change often.
This is not a open network nor enterprise. Its closed and its separated.
For now they eighter ask me to fill stuff in or sometimes use own host files. Or other adhoc solution.
But with a gui they could follow simple steps and add the lists to text based zone files.

Now its maybe my error not to say that im a sysadmin and work in it for more then 15 years.
The thing is i never used gui with bind. And that was my main question. To try to find some gui that many people use and is compatible with bind text files and is stable.

Please dont make it complexer than it is. If you dont use a gui, bravo. If you dont know any gui for bind, also bravo. Dont feel under pressure.
Relax.
You are like my father, when he doesnot have a solution or a answer he starts negativity and points fingers. World is divers, if you never needed my setup, does not mean nobody does.

Again, you are not fully explaining why you're doing what you're wanting to do.
Again, either YOU are the admin or you're not...pick one. If you are, do the job of the admin, and *AGAIN*, letting (by your own admission) "non it people" modify DNS is a horrible idea. Want to be cleaning up after them, time after time? Then feel free...do whatever you want. You were given a 'box idea' solution with powerdns. Either use it or don't.
It isn't 'complexer' than it is...it's simple. And I have been in IT/admin for over 35 years, which is why I know what you're doing is a bad idea. You were GIVEN solutions; you ignored them. Either take the advice or don't, not sure what else you need. You won't tell us about your 'special' environment, and what you're posting just doesn't make sense, period.

The entire environment you're describing with the 'special devices' and sending address is another 'box idea' that is called dynamic DNS, that can work with DHCP. Someone with 15 years experience should know it. Or do you want to blather on about 'starts negativity and points fingers' more?

You don't want to edit slave zone files...you just edit the master which pushes (it actually is a pull) from the slave. Editing the zone itself violates how DNS works. I took a look, webmin can change the config of a slave but not the zone files.

So please revisit webmin to see if it does what you want. I think it also has a ldap backend, which can allow you to do large changes and easily exported/imported and backed up.

BTW, I worked in a large admin group. I did what you propose (add a web interface for simple changes) and I did the major changes. I allowed adding A records, CNAMES, deletion of them but nothing else. I also moved bind to a ldap backend, which meant I did changes
in ldap which is simple once scripted. So the changes were simply ldap commands and then the DNS was rebuilt out of ldap, etc.

The web interface did lots of checking so a syntax mistake was not possible.

Lastly, since your changes are "testing" ones, you could define a dynamic test domain, like test.domain.com and just use nsdupdate to make changes in that domain, easily scripted. That way, anyone can update it and you won't affect the "official" dns. You could define a cgi around it to make changes and reload it. (You could also do this is your "official" dns but that is a bit more risky).

I have like 10 special zones, those are slave zones. master zones I never touch.
the slave zones are per subnet / subdomain.
in webmin i can open them but not edit.
and sure there is another way to do it like just a file editing, but that brings the user somewhere else. I want to make it easy as possible.
today I installed powerdns, and just as I felt it's the most idiotic software package I have ever seen, you need to perform 4000 steps to get one little dns working.
anyway, I'm going to give it a chance Monday, will try to migrate my existing data and see if it does what I want.
otherwise maybe just get back to the normal bind and use one of those old gui's that are floating free on the internet, unfortunately not updated since 2010.
I was expecting to find some basic gui for bind from commercial parties, like many other software packages / modules that are sold for 50$ or so, but there is non, or at least I was not able to find it. many other commercial dns systems, but all over complicated.


thanks allot for your time and advise.