subject:"Bind\-Efficientip"

Re: Bind-Efficientip

2019-10-23 Thread Reindl Harald



Am 24.10.19 um 00:53 schrieb Mik J:
> You won't do it within a night that's for sure

add the delegation part for who can show and edit which zones?

easily given that the whole backend was written basicly in a single
night after the day we decided to move all dns zones from customers to
our own infrastructure

> But yes the vendors assemble components with a web interface and database.
> But now it seems to me that all products add more intelligence.

that's what you do after the basic stuff is rock solid to get rid of
boring manual tasks  on check lists what to look for after register /
transfer a zone

> For my own needs bind alone is all fine because I'm root.
> But for 500+ users that need to view, modify some zones, import, export
> I'm not sure that would be possible.

the most interesting stuff here was "virtual cnames" or whatever it
could be called that i can just add a hostname from within our own
domain and it becomes replaced by the host-ip at the time the zone file
is generated from the database record

as well as put default MX records including the "honeypot backup-mx",
presets for SPF, add helo-SPF for every host and null-MX combined with
"v=spf1 -all" for zones without a MX record

it's nice to pack as much as possible stuff in your own zone and press a
button which generates 800 zones from scratch with current data and
raise the serials

> Le jeudi 24 octobre 2019 à 00:44:36 UTC+2, Reindl Harald
>  a écrit :
> 
> Am 24.10.19 um 00:35 schrieb Mik J via bind-users:
>> Efficient IP uses bind (+ nsd/unbound) as the DNS server.
>>
>> One major difference between Efficient IP and bind is when you want to
>> delegate the zone configuration to users and groups. I think it's called
>> role based management.
>> So let's say you want team1 to have read/write access to the zone
>> team1.cyberia.net.sa, team2 to team2.cyberia.net.sa... on one server.
>> You can have team2 to be able to view all the content of the zone 
>> team1.cyberia.net.sa and so on.
>> I don't think it's possible to do this on bind only / unix
>> There are granular rights.
>>
>> The second thing it that DHCP, DNS, IPAM work together. You can automate
>> the IP reservation and the DNS record creation for example.
>>
>> The ability to import/export data from csv or API SOAP/Rest
>>
>> Infoblox and Bluecat are other similar products along with a few others.
>
> at the end of the day it's just some interface utilizing the underlying
> tools - i don't see why i couldn't expand my webinterface generating
> zonefiles since 11 years now with some permission delegation within a
> night if needed
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind-Efficientip

2019-10-23 Thread Mik J via bind-users

 You won't do it within a night that's for sure.But yes the vendors assemble 
components with a web interface and database.But now it seems to me that all 
products add more intelligence.
For my own needs bind alone is all fine because I'm root.But for 500+ users 
that need to view, modify some zones, import, export I'm not sure that would be 
possible.

Le jeudi 24 octobre 2019 à 00:44:36 UTC+2, Reindl Harald 
 a écrit :  
 
 

Am 24.10.19 um 00:35 schrieb Mik J via bind-users:
> Efficient IP uses bind (+ nsd/unbound) as the DNS server.
> 
> One major difference between Efficient IP and bind is when you want to
> delegate the zone configuration to users and groups. I think it's called
> role based management.
> So let's say you want team1 to have read/write access to the zone
> team1.cyberia.net.sa, team2 to team2.cyberia.net.sa... on one server.
> You can have team2 to be able to view all the content of the zone 
> team1.cyberia.net.sa and so on.
> I don't think it's possible to do this on bind only / unix
> There are granular rights.
> 
> The second thing it that DHCP, DNS, IPAM work together. You can automate
> the IP reservation and the DNS record creation for example.
> 
> The ability to import/export data from csv or API SOAP/Rest
> 
> Infoblox and Bluecat are other similar products along with a few others.

at the end of the day it's just some interface utilizing the underlying
tools - i don't see why i couldn't expand my webinterface generating
zonefiles since 11 years now with some permission delegation within a
night if needed
  ___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind-Efficientip

2019-10-23 Thread Reindl Harald



Am 24.10.19 um 00:35 schrieb Mik J via bind-users:
> Efficient IP uses bind (+ nsd/unbound) as the DNS server.
> 
> One major difference between Efficient IP and bind is when you want to
> delegate the zone configuration to users and groups. I think it's called
> role based management.
> So let's say you want team1 to have read/write access to the zone
> team1.cyberia.net.sa, team2 to team2.cyberia.net.sa... on one server.
> You can have team2 to be able to view all the content of the zone 
> team1.cyberia.net.sa and so on.
> I don't think it's possible to do this on bind only / unix
> There are granular rights.
> 
> The second thing it that DHCP, DNS, IPAM work together. You can automate
> the IP reservation and the DNS record creation for example.
> 
> The ability to import/export data from csv or API SOAP/Rest
> 
> Infoblox and Bluecat are other similar products along with a few others.

at the end of the day it's just some interface utilizing the underlying
tools - i don't see why i couldn't expand my webinterface generating
zonefiles since 11 years now with some permission delegation within a
night if needed
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind-Efficientip

2019-10-21 Thread -

We tested Bluecat, Infoblox, Solarwinds and EfficientIP solutions. In
the end we went with EfficentIP for our IPAM solution. We don't run
their DNS servers but do use their DHCP package on our own servers.

When we reviewed the major players EfficientIP had the most
versatility in how one could run and setup their products. We still
run our own DNS servers using BIND. Our DNS servers get their zone
files from our EfficientIP server. EfficientIP offer hardware, VMs and
packages for DNS and DHCP. We chose to only use their IPAM VM server
and DHCP package. This is partially to keep from being reliant on a
single vendor. EfficientIP offers a lot of customization, be it you
modifying things or paying them to create them for you. We have done
both.

They are using ISC BIND and DHCP under the hood. In the case of DHCP
they are running their own branch of DHCP to leverage some features
they wanted that ISC didn't provide. The biggest being they can HUP
DHCP instead of restarting it when a config change it made. DNS is
still standard BIND as far as I am aware.

We are very happy with EfficientIP and wouldn't hesitate recommending them.

--
NM
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind-Efficientip

2019-10-21 Thread Ondřej Surý

(This post is not related to EfficientIP specifically...)

The ratio of security vulnerabilities found by “code inspection” is really low 
nowadays. I would even say it’s nonexistent. This doesn’t apply only to BIND 9, 
but also other open source projects.

Most of the issues are found by using the product in non expected ways. The 
open source gives you the ability to quickly fix the issue.

We, at ISC, greatly value transparency and we carefully evaluate every issue 
for potential security impact of every crash and other issues. Whether this 
makes BIND 9 more appealing or appalling to you, is a thing you need to decide 
yourself.

I’ve been part of the open source community for more than 20 years now and I 
don’t ever remember where security by obscurity has ever improved overall state 
of things, and both open source and proprietary software have seen its share of 
bugs. In the end, all we as software users can ask is to be treated fairly and 
honestly.

Ondřej 
--
Ondřej Surý — ISC

> On 21 Oct 2019, at 18:01, Kevin Darcy  wrote:
> 
> But, it's harder for the bad guys to find. They have to use fuzzing, reverse 
> engineering, etc.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind-Efficientip

2019-10-21 Thread Kevin Darcy

[ Classification Level: PUBLIC ]

It's not clear to me from the marketing fluff whether EfficientIP is based
on BIND or not.

If it is, then consider that you have an open-source codebase, and the
eternal debate is whether open source is inherently more secure or not. On
the one side, is the "many eyes makes all bugs shallow", i.e. more
visibility of the code means more likelihood of finding bugs. But, the bad
guys can see the code too. So then, you have to evaluate "after a bug is
found, how quickly can it be patched in all implementations which use that
codebase?".

If, on the other hand, the codebase is proprietary, there are more likely
to be bugs, undiscovered for longer. But, it's harder for the bad guys to
find. They have to use fuzzing, reverse engineering, etc. And then, do you
trust the company to actually *acknowledge* or *admit* that the bug exists,
if a "white hat" researcher finds it first. There have been many documented
cases, where vendors of proprietary software go into denial mode, even as
vulnerabilities are being actively exploited.

Beyond the DNS codebase itself, if there are other components to the
product suite -- and EfficientIP seems to have a wide portfolio; they're
not just a DNS/DHCP solution -- all of those components are potentially
vulnerable too. Web components can be subject to cross-site scripting,
database components to SQL injection and the like. But, many of the
EfficientIP components seem to *enhance* security too, whether it be more
visibility (feeding into a SIEM, presumably), DoS protection, etc. So you
have to weigh both the risks and the benefits.

Overall, from their marketing, their portfolio looks very similar to
Infoblox (which we use). Even down to the fact that they're positioning
themselves as a security hub. You might want to survey a number of
products, since there seems to be some convergence on this space. The
intersection between DNS/DHCP management solutions, and infosec, is not
just a niche any more.

 - Kevin

On Sun, Oct 20, 2019 at 9:19 AM MEjaz  wrote:

>
>
> Hello all,
>
>
>
>
>
> We are an leading ISP CYBERIA (www.cyberia.net.sa),  we are using bind
> since several years, and 1000  of zones are hosted in it. quite ok.
>
>
>
> As you know these days  there has been several security threats, So
> deciding to go with  *Efficient iP DDI and DNS Security Solution*
> https://www.efficientip.com/
>
>
>
> Therefore just wanted to know if anyone have any experience with
>  EfficientDNS, and at the same time wanted to know the major difference
> between the both..
>
>
>
> Please advise, Thanks in advance
>
>
>
> Thanks,
>
> Ejaz
>
> Asst. Operation Director of Systems.
>
> Cyberia SAUDI ARABIA
>
> P.O.Box: 301079, Riyadh 11372
>
> Phone:  (+966) 11 464 7114 Ext. 140
>
> Mobile:  (+966) 562311787
>
> Fax:  (+966) 11 465 4735
>
> Website: http://www.cyberia.net.sa
>
>
>
>
>
>
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind-Efficientip

2019-10-21 Thread Warren Kumari

On Sun, Oct 20, 2019 at 10:26 PM John W. Blue  wrote:
>
> There is a ton of fluff on the EfficientIP website about carrier grade this 
> and carrier grade that.  So it feels like to me that you are getting trapped 
> in the marketing goo when you really should be asking if an IPAM solution is 
> what your organization needs.
>
>
>
> That said, IPAM software (Infoblox and Bluecat for example) is typically 
> geared towards enterprise customers who are looking for granularity and the 
> ability to populate metadata.  That may or may not be the right fit for you.
>

Indeed.
I've been using NetBox (https://netbox.readthedocs.io/en/stable/) for
a few years, and have been very happy with it -- it's a combination:
* IP address management (IPAM) - IP networks and addresses, VRFs, and VLANs
* Equipment racks - Organized by group and site
* Devices - Types of devices and where they are installed
* Connections - Network, console, and power connections among devices
* Virtualization - Virtual machines and clusters
* Data circuits - Long-haul communications circuits and providers
* Secrets - Encrypted storage of sensitive credentials

I use it as the primary source of truth for my personal networks /
wife's client's networks / other networks I help run.
As well as answering "Where the hell is 192.0.2.23?!" it also answers
"What port is the machine foo.bar.exmaple.com connected to, what color
is the cable, what is it labeled as, what rack is it in, and what is
the access code to open the cabinet?!".

It doesn't natively generate DNS zonefiles, but there are plugins
which can do so...

W

>
>
> I would recommend that you request demo appliance and allow yourself enough 
> time to fully evaluate the vendor before making a selection, if any.  You 
> might find that the status quo is serving you quite well.
>
>
>
> John
>
>
>
> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of MEjaz
> Sent: Sunday, October 20, 2019 1:10 AM
> To: bind-users@lists.isc.org
> Subject: Bind-Efficientip
>
>
>
> Hello all,
>
>
>
>
>
> We are an leading ISP CYBERIA (www.cyberia.net.sa),  we are using bind since 
> several years, and 1000  of zones are hosted in it. quite ok.
>
>
>
> As you know these days  there has been several security threats, So deciding 
> to go with  Efficient iP DDI and DNS Security Solution 
> https://www.efficientip.com/
>
>
>
> Therefore just wanted to know if anyone have any experience with  
> EfficientDNS, and at the same time wanted to know the major difference 
> between the both..
>
>
>
> Please advise, Thanks in advance
>
>
>
> Thanks,
>
> Ejaz
>
> Asst. Operation Director of Systems.
>
> Cyberia SAUDI ARABIA
>
> P.O.Box: 301079, Riyadh 11372
>
> Phone:  (+966) 11 464 7114 Ext. 140
>
> Mobile:  (+966) 562311787
>
> Fax:  (+966) 11 465 4735
>
> Website: http://www.cyberia.net.sa
>
>
>
>
>
>
>
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Bind-Efficientip

2019-10-20 Thread John W. Blue

There is a ton of fluff on the EfficientIP website about carrier grade this and 
carrier grade that.  So it feels like to me that you are getting trapped in the 
marketing goo when you really should be asking if an IPAM solution is what your 
organization needs.



That said, IPAM software (Infoblox and Bluecat for example) is typically geared 
towards enterprise customers who are looking for granularity and the ability to 
populate metadata.  That may or may not be the right fit for you.



I would recommend that you request demo appliance and allow yourself enough 
time to fully evaluate the vendor before making a selection, if any.  You might 
find that the status quo is serving you quite well.



John

From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of MEjaz
Sent: Sunday, October 20, 2019 1:10 AM
To: bind-users@lists.isc.org
Subject: Bind-Efficientip

Hello all,


We are an leading ISP CYBERIA (www.cyberia.net.sa<http://www.cyberia.net.sa>),  
we are using bind since several years, and 1000  of zones are hosted in it. 
quite ok.

As you know these days  there has been several security threats, So deciding to 
go with  Efficient iP DDI and DNS Security Solution https://www.efficientip.com/

Therefore just wanted to know if anyone have any experience with  EfficientDNS, 
and at the same time wanted to know the major difference between the both..

Please advise, Thanks in advance

Thanks,
Ejaz
Asst. Operation Director of Systems.
Cyberia SAUDI ARABIA
P.O.Box: 301079, Riyadh 11372
Phone:  (+966) 11 464 7114 Ext. 140
Mobile:  (+966) 562311787
Fax:  (+966) 11 465 4735
Website: http://www.cyberia.net.sa




___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: [EXT] Re: Bind-Efficientip

2019-10-20 Thread Anderson, Charles R

On Sun, Oct 20, 2019 at 12:25:11PM -0400, Alan Clegg wrote:
> On 10/20/2019 2:09 AM, MEjaz wrote:
> 
> > As you know these days  there has been several security threats, So 
> > deciding to go with *Efficient iP DDI and DNS Security Solution* 
> > https://www.efficientip.com/
> 
> You may want to ask what EfficientIP runs under the covers...
> 

It runs BIND by default, but there are also options to run other ones.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind-Efficientip

2019-10-20 Thread Alan Clegg


On 10/20/2019 2:09 AM, MEjaz wrote:

As you know these days  there has been several security threats, So 
deciding to go with *Efficient iP DDI and DNS Security Solution* 
https://www.efficientip.com/


You may want to ask what EfficientIP runs under the covers...

AlanC
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Bind-Efficientip

2019-10-20 Thread MEjaz

 

Hello all, 

 

 

We are an leading ISP CYBERIA (www.cyberia.net.sa
 ),  we are using bind since several years, and
1000  of zones are hosted in it. quite ok.  

 

As you know these days  there has been several security threats, So deciding
to go with  Efficient iP DDI and DNS Security Solution
https://www.efficientip.com/

 

Therefore just wanted to know if anyone have any experience with
EfficientDNS, and at the same time wanted to know the major difference
between the both.. 

 

Please advise, Thanks in advance 

 

Thanks,

Ejaz

Asst. Operation Director of Systems.

Cyberia SAUDI ARABIA

P.O.Box: 301079, Riyadh 11372

Phone:  (+966) 11 464 7114 Ext. 140

Mobile:  (+966) 562311787

Fax:  (+966) 11 465 4735

Website: http://www.cyberia.net.sa

 

 

 

 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Bind-Efficientip

2019-10-20 Thread MEjaz

Hello all, 

 

 

We are an leading ISP CYBERIA (www.cyberia.net.sa
 ),  we are using bind since several years, and
1000  of zones are hosted in it. quite ok.  

 

As you know these days  there has been several security threats, So deciding
to go with  Efficient iP DDI and DNS Security Solution
https://www.efficientip.com/

 

Therefore just wanted to know if anyone have any experience with
EfficientDNS, and at the same time wanted to know the major difference
between the both.. 

 

Please advise, Thanks in advance 

 

Thanks,

Ejaz

Asst. Operation Director of Systems.

Cyberia SAUDI ARABIA

P.O.Box: 301079, Riyadh 11372

Phone:  (+966) 11 464 7114 Ext. 140

Mobile:  (+966) 562311787

Fax:  (+966) 11 465 4735

Website: http://www.cyberia.net.sa

 

 

 

 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind-Efficientip

Re: Bind-Efficientip

Re: Bind-Efficientip

Re: Bind-Efficientip

Re: Bind-Efficientip

Re: Bind-Efficientip

Re: Bind-Efficientip

RE: Bind-Efficientip

Re: [EXT] Re: Bind-Efficientip

Re: Bind-Efficientip

RE: Bind-Efficientip

Bind-Efficientip

12 matches

Site Navigation

Mail list logo

Footer information