The Men & Mice Blog

RIPE 72 – A Blog Report on DNS & IPv6

Posted by Carsten Strotmann on 6/22/16 5:30 AM

RIPE 72 took place in Copenhagen from 23-27 May 2016. This blog report shares some of my thoughts on interesting talks and presentations on DNS and IPv6.  

As always, this report cannot be exhaustive and I recommend that those interested browse the meeting archive of RIPE 72 for other interesting topics.

DNS

Victoria Risk from ISC reported on the changes in the upcoming BIND 9.11 release (BIND 9.11 Release Update) that is planned for August 2016. The new catalog zone feature allows automatic provisioning of slave zones from a central catalog zone. New zones are configured as a master zone on one server and a special entry is written into the catalog zone, a meta-data zone that is configured on the master and all secondary servers. The catalog zone will be replicated by zone-transfer and the secondary server will automatically configure a slave-zone for the newly added domain.

Men & Mice Trainer Jan-Piet Mens has already had a chance to test this new feature and wrote a blog article about it: Catalog zones in BIND 9.11. ISC has issued an Internet Draft in the IETF about catalog zones with the hope that other DNS software vendors will implement a compatible version.

BIND 9.11 will include a new, refined backend for storing DNS zone data in databases, called the dyndb api. This new API is much faster than the older DLZ API and also works with DNSSEC.

Speaking of DNSSEC, BIND 9.11 will come with a new component called dnssec-keymgr that will be able to automate DNSSEC key-rollover based on a policy, much like the external OpenDNSSEC tool. More improvements to BIND 9.11 can be found in the presentation and also in the upcoming Men & Mice Webinar What's new in BIND 9.11.

Jeff Osborn from ISC started a discussion on a license change of the BIND 9 DNS Server in his talk Changing the Open Source License on BIND. Today, the BIND 9 DNS server is licensed under the ISC license, which is a permissive BSD-style license. Jeff proposes a switch to the Mozilla Public License (MPL), which is a so-called copy-left license. Both licenses are open-source licenses, but the main difference is that the MPL requires all source code changes to the product to be made public. This license change will have no negative effect on anyone using the BIND 9 DNS server, but might affect companies that build products that incorporate the BIND 9 server code. As an overlay management solution, the Men & Mice Suite product works with an un-altered BIND 9, so customers using the Men & Mice Suite would also not be affected by such a license change. Jeff welcomes any feedback on the license change. His contact information can be found in the talk's slides, available in the link above.

Patrik Faltstrom, Chair of the Security and Stability Advisory Committee on the DNS root-server system, presented an alert on WPAD Name Collision Vulnerability. WPAD, the "Web Proxy Auto-Discovery", is a way to configure the Web-Proxy to be used by a Web-Browser using DNS. In this function, the special domain name "wpad" is resolved in the local domain name of the network the client is in. Collisions with internal, non-registered domain names and new top level domains in the Internet DNS system now create the vulnerability that external parties can control the internal proxy configuration inside a company's network. Internet Explorer on Windows systems have this function enabled by default, but it can also be enabled in Firefox, Safari or Chrome-Browsers on MacOS X, BSD and Linux. Running an unregistered TLD in an internal DNS deployment is not recommended, but DNS administrators will find it difficult to remove the sins of the past. Administrators should block DNS queries for internal-only domains at their DNS-resolvers, monitor DNS queries leaving the network for internal names and consider manually switching off the WPAD function in the browsers.

Duane Wessels from Verisign gave a talk on the size increase of the Root-Zone Zone-Signing-Key (ZSK). Since the beginning of the DNSSEC-signed root-zone, the ZSK was a 1024bit RSA key, as recommended by RFC 6781 - DNSSEC Operational Practices, Version 2. However, while not an immediate security threat, 1024bit RSA keys are now also seen as having a too small security margin when used for DNSSEC signatures (1024bit RSA keys have been too weak for encryption for many years). The new ZSK will be a 2048bit key and it will be introduced into the DNS root-zone on 20th September 2016. All testing done so far indicates that there should be no problems. Even though the DNS responses from the root zone during a ZSK rollover do increase from 883 to 1138 octets/bytes, the response is still below the 1232byte EDNS0 limit often used in the IPv6-DNS-Resolver or the 1500byte Ethernet MTU.

The Unbound DNS-Resolver now implements DNS Query Name Minimisation to Improve Privacy, RFC7816. Ralf Dolmans of NLnetLabs explains in his talk QNAME Minimization in Unbound how this new feature is implemented. In traditional DNS, a DNS resolver always asks the full question to all servers in the delegation chain. This is because the DNS resolver does not know about the delegation topology of the DNS system in use. In the Internet, there is a defined delegation structure for DNS, starting with the root-zone, the generic, new and country-code top-level-domains and second-level domains owned by companies and individuals below it. In the Internet, a DNS-resolver can shorten the query when asking at the root-zone or TLD level, enhancing the privacy of the users of the DNS resolver. QNAME minimization in the DNS resolver used by a client machine can be tested with a DNS lookup tool such as dig

 

% dig txt qnamemintest.internet.nl +short


IPv6

John Jason Brzozowski from US cable giant Comcast presented IPv6 @Comcast – Then, Now and Tomorrow about the challenges and successes in their deployment of IPv6 "large scale". Overall, IPv6 at Comcast is a success and they are now putting in motion the plan to phase out IPv4.

In the IPv6-Working-Group session, John reported on Community WiFi and IPv6 and how Comcast is using IPv6 to create public WIFI hotspots on CPE devices. Comcast is giving out a full "/64" network to every WIFI-device connected, in order to create easy network isolation and to reduce the multicast traffic over WLAN. This scheme could have even more benefits, such as assigning an IPv6 address for every service running on a host.

The Google public DNS resolver now supports DNS64-translation (currently in Beta) on the public DNS-resolver address "2001:4860:4860::6464" (IPv6-Only Has Never Been So Easy). DNS64 is a translation technology that works together with NAT64 to allow a client on an IPv6-only network to connect to IPv4-only services on the Internet. As DNS64 "re-writes" DNS content, it clashes with DNSSEC, as Jen Linkova from Google explains in IPv6-only and DNS(SEC|64).The workaround proposed in the talk got some criticism from the audience.

Enno Rey from the security company ERNW had a close look at the security issues of Multicast Listener Discovery MLD, a topic that has not seen much attention so far. He and his colleagues have found several issues that can be used for denial of service attacks or traffic redirection attacks by an intruder inside the local network. He recommends an (still to be developed) "MLD guard" function in switches (similar to DHCPv4- or RA-Guard) or to deploy port based ACL filtering of MLD traffic. Nobody should panic because of these findings, but every IPv6 network admin should know about MLD and the implications of having MLD active in their networks.

Vaibhav Bajpai had an interesting talk on Measuring Webpage Similarity from Dual-Stacked Hosts, looking at the differences in website content between a page fetched via IPv6 vs. IPv4. Differences coming from certain objects on the page (CSS, JavaScript, Advertisements …) are only available for one protocol, while the general website is dual-stacked and therefore available on both IPv4 and IPv6.

Two talks covered the topic of IPv6-only networks, but from very different angles. In How to Make Trouble for Yourself - You Build an IPv6-Only Network in 2016, Roger Jørgensen from Bredbandsfylket Troms in Norway reported on their project to build a new fiber optic network in the far north of Norway. The management part of this network is designed and operated as an IPv6-only network. Luuk Hendriks gave a report of his attempt at Going IPv6-only at Home while keeping the most important user of his home network, his girlfriend, happy.

Enno Rey talks about Real Life Use Cases and Challenges When Implementing Link-local Addressing Only Networks as of RFC 7404 from his experiences implementing a Link-Local-only addressing scheme in a larger enterprise network. The Link-Local-only addressing was chosen to simplify address management, as almost 50% of networks in this customer's environment are point-to-point links. There are still issues with vendor support in network devices when implementing Link-Local-only addressing. In the discussion following the talk, the audience gave a mixed message, with some people claiming success at running a Link-Local-only network.

Other topics

Mircea Ulinic presented a way to automate the provisioning and management of network devices (router, switches etc) using the configuration orchestration tool "SaltStack". SaltStack is usually used to automate the provisioning of server machines running a Salt-Agent (Minion). As it is difficult to install a customer agent on network gear, this talk presented a way to use proxy machines that act as the minions for network hardware. SaltStack automation can save a great deal of time when used in large deployments. Details can be found in Mircea's talk: Network Automation with Salt and NAPALM.

Shane Kerr, who we recently had as an interview guest in our latest Webinar on Yeti-DNS, gave a humorous talk about the "Internet of Things (IoT)" in IoT: What is the Problem or “How To Explain To Your Boss That IoT Won't Make the Company Rich….”.

Those of you hungry for more on RIPE 72, all the above talks and more can be found in the meeting archive of RIPE 72.

Topics: IPv6, DNSSEC, DNS

Men & Mice Suite Version 7.2 Released

Posted by Men & Mice on 5/19/16 10:38 AM

Flying High with Kea DHCP and Windows RRL

Men & Mice celebrates the arrival of the long, arctic summer nights with the release of Version 7.2 of the Men & Mice Suite.

This blog post offers a quick round-up of what’s new in Version 7.2.

Versatile simplicity, as always, forms our bottom line. Version 7.2 is no exception. This time around, support for the new ISC Kea DHCP server and a dedicated UI for Windows 2016 Response Rate Limiting (RRL) should warm the hearts of network administrators far and wide. At least, that’s what it’s been doing for us here in the North!

Let’s run through what major highlights Version 7.2 contains.

Taking flight with the new ISC Kea DHCP server

Men & Mice introduces support for the brand new ISC Kea DHCP server, the natural successor to the ISC DHCP server.

Like its namesake, the uniquely strong and intelligent New Zealand kea parrot, the brand new ISC Kea DHCP server is a powerful beast that reaches more than 1000 leases/second, allowing for clean and fast implementation of both DHCPv4 and DHCPv6.

Kea DHCP also boasts PXE Boot Support, DHCPv6 prefix delegation, dynamic reconfiguration and dynamic DNS updates.

As with other servers supported by the Men & Mice Suite, the Kea DHCP server functionality is fully controlled through the Men & Mice Management Console. This includes the effortless migration of IP subnets (scopes), including options, from ISC DHCP to Kea DHCP.

In the spirit of open source, Kea DHCP is released under the widely used Mozilla Public License 2.0, paving the way for collaborative improvements to the source code for many years to come. 

A taste of the Kea DHCP and how it integrates with the Men & Mice Suite, can be enjoyed in this recent webinar presented by Mr Carsten Strotmann.

For those interested in plunging into the Kea DHCP full force, Men & Mice, in cooperation with ISC, is offering intensive two-day hands-on training courses in Europe and the USA in the fall of 2016. The courses are aimed at small groups, so don’t forget to sign up in time! 


Scaling up with Windows Server 2016 support

The Men & Mice Suite’s architecture as an overlay solution exhibits a singular synergy with Windows Servers, making it the logical solution for any Microsoft-based network. Consequently, the Men & Mice Team is developing and releasing support for specific new Windows 2016 features as and when they are made available by Microsoft.

From Version 7.2, the Men & Mice Suite supports all of the primary Windows DNS and DHCP Server 2016 features.

Support for other new Microsoft Server 2016 features, such as DNS Zone Scopes and DNS policies, is scheduled for the Men & Mice Suite Version 7.3 release later this year.


Reinforcing DNS Security with Windows 2016 RRL

Security only works if you work it, and the more tools you have to work your security, the better. Adding to your menu of security options, the Men & Mice Suite Version 7.2 introduces a dedicated UI for the Windows 2016 Response Rate Limiting (RRL) feature.

Response Rate Limiting can make all the difference in the event of a Denial of Service (DoS) attack on DNS servers. During a DoS attack, the IP number of a victim computer is used to send high volumes of forged DNS queries to multiple DNS servers. DNS servers tricked into sending replies to these queries can push the number of DNS requests and replies over a manageable threshold and disable targeted networks. Restricting DNS servers’ response rate with Response Rate Limiting helps to control a suspicious volume of malicious enquiries and minimize the impact on the affected servers.

Microsoft sheds more light on Response Rate Limiting and how it works on their TechNet blog.

RRL.png


Men & Mice Suite Console Enhanced

Spring cleaning at the Men & Mice headquarters has resulted in a Management Console with a cleaner, and ultimately more manageable, look. From Version 7.2, windows in the Management Console are dockable, making it both simpler to manage and easier to navigate for the user.

MC.png

 

The Men & Mice Suite Release Notes provide more detail on other minor improvements and fixes that form part of the Version 7.2 Release.

That wraps it up for a quick round-up of what Men & Mice Suite Version 7.2 has to offer. In the next months, Men & Mice will publish further blogs and webinars on installing and managing Kea DHCP, Windows 2016, Docker containers and Yeti. Watch this space! Or better yet, just watch Men & Mice.

Free Trial of Suite

 

Topics: Men & Mice Suite, DDI, IPAM

Dipping into Azure DNS with Men & Mice DDI solutions

Posted by Men & Mice on 3/8/16 10:13 AM

Cloud.jpg

It’s snowing. Still. One could be excused for dreaming of azure blue skies scattered across azure blue oceans. Instead, the Men & Mice team is making do with a whole other Azure - Microsoft’s nifty cloud platform.

Though Microsoft’s Azure doesn’t come with cocktails on the beach, it definitely brings another dimension to the world of IT. And who are we to say no to that?

Not everyone is ready to ‘go’ cloud. Some organizations that host specifically sensitive data, such as in healthcare, for instance, are somewhat more reluctant to take the leap. Many others dive in wholeheartedly, making large parts of their operations, or even their entire enterprise, -aaS compatible by adopting platform as a service (PaaS), software as a service (SaaS) or transforming their servers, storage and networking into infrastructure as a service (IaaS). 

The saying goes that there’s more than one way to skin a cat, and there’s certainly more than one way to go cloud. The most basic division is private and public, basically meaning you want to keep yourself to yourself in a private cloud (on-premise, hosted or both) or you don’t mind sharing infrastructure in a public cloud. And for those who don’t want to limit themselves to one or the other and prefer to use a mix of on-premise, virtual private and public options, there’s the hybrid cloud, straddling the best of both worlds. 

Under all the private, public, virtual and on-premise versions of all the -aaS, there is a vast variety of applications, services, software and hardware offered by a large number of vendors. If you were to put your computing snorkel on and break the surface of this world of the cloud, there’s sure to be an array of IT wonders to be tried, tested and discovered – if you are that way inclined.

Even so, not everyone is blown away by the cloud – its beginnings can best be described as rather tentative – and not everyone is ready to jump on board. Yet there’s no denying that both business operations and IT business solutions are drifting towards the cloud at great speed. IDC, the market research company, projects growth in public and private cloud storage to go from 29% of the total market in 2014 to 60% by 2019. Carla Arend, IDC’s Program Director for European Storage and Cloud Research, was recently quoted as saying that “85% of new enterprise applications are developed for the cloud, while legacy applications are gradually migrating to cloud-hosted virtual machines and/or containers.”

We at Men & Mice are not here to tell our customers whether they should go cloud, or, if they do, which degree or combination of cloud-hosting they should choose. We do, however, feel our customers should have the freedom to explore cloud computing safe in the knowledge that the Men & Mice Suite will serve as their dedicated DDI sidekick during their cloud adventures.

To simplify our customers’ freedom of choice, the latest version of the Men & Mice Suite, Version 7.1 (released in January 2016), includes full support for Microsoft Azure DNS. This next step in cloud dexterity comes on top of support for AWS Amazon Route 53, which was already added to the Suite in 2014. Follow this link for instructions on how to configure an Azure DNS connector through the Men & Mice Suite. More information on Azure DNS can be obtained here.

So there you have it. Snow or no snow, cloud or no cloud, blue skies or no skies, at least we can safely say that the Men & Mice Suite is seeing in the virtual realties of 2016 completely Azure-sure.

Cheers to that!

  Request more info on  Men & Mice and Azure

 

Topics: DDI, CLOUD

Men & Mice DDI Beehive at Cisco Live!

Posted by Men & Mice on 2/24/16 12:20 PM

The Men & Mice booth at Cisco Live! in Berlin last week caused quite a stir. Striking visual graphics, great company, fabulous give-aways (trip to Iceland, anyone?) and a steady stream of visitors eager to make use of our live demo environment, turned the booth into a proverbial beehive of activity for the three days of the show. 

CLBerlin2016.jpg

 The lucky winners of the three trips to Iceland are;

Mohamed Abdallah from Connect – PS,  Alexandra Perovic from SAGA D.O.O and Mike van der Vijver from Mind Meetings.

CLBerlin2016winner.jpg

 Mr. Petur Petursson from Men & Mice handing over the ticket for a trip to Iceland to Mr. Abdallah

Congratulations on your win! Unusual, unexpected, unsurpassed: Iceland defeats expectations every time. Be sure to stop by during your visit!

Carsten Strotman’s talk on the new KEA DHCP server at the WoS Theater stage was a great success. For those who want to have a taste of the KEA DHCP server, Carsten will host an online webinar " KEA DHCP - the new open source DHCP server from ISC" on March 22nd, you can sign up here.

A great THANK YOU to everyone who stopped by to make the Men & Mice booth truly alive at Cisco Live! We thoroughly enjoyed all the great company.

If you didn’t get a chance to stop and chat in Berlin, we’ll be at the CloudExpo in New York  from June 7th to 9th.  If you’d like to meet us before then, just send us a line at info@menandmice.com and we’ll be sure to come your way in a virtual jiffy!

The Men & Mice Team

Drawing inspiration from our geographic location midway between the USA and Europe, the Men & Mice Team possesses a unique perspective on the challenges of DNS, DHCP and IP address management faced by medium to large global enterprises today. Our dedication to pioneering simple solutions to complex problems is best observed in our flagship DDI product, the Men & Mice Suite.

Topics: Men & Mice, DHCP

Men & Mice Suite Version 7.1 Released

Posted by Men & Mice on 1/14/16 10:30 AM

Men & Mice, one of the world’s leading providers of DNS, DHCP and IP address management (DDI) software solutions, announces the release of Version 7.1 of the Men & Mice Suite.

The Men & Mice Suite is a software-based IP Address Management (IPAM) solution, used by many large and growing global enterprises, to establish secure and efficient control of their networks.

As an overlay solution with a particularly robust SOAP API, the Suite is deployed on top of existing DNS and DHCP servers, thereby granting seamless control over hybrid environments that include Linux, Unix, Microsoft and Cisco IOS servers - all without the need to replace your current IP infrastructure, and providing tight MS/AD integration where required.

Supporting a wide range of DNS and DHCP servers (BIND, Microsoft DNS/DHCP, Unbound, Cisco DHCP and ISC DHCP) and increasingly reaching further into the cloud with support for Amazon Route 53 and, from Version 7.1, also Microsoft Azure DNS, the Men & Mice Suite offers superb solutions for network administrators involved in the daily battles of administration, planning, auditing and reporting in large networks.

Major Version 7.1. Highlights

Release Strategy and Naming Scheme

Version 7.1 introduces the Men & Mice long term support (LTS) release strategy, concurrent with the new Men & Mice Suite version naming scheme. Both the LTS release strategy and the new Suite version naming scheme aim at better aligning Men & Mice products with the diverse protocols and demands existing in our customers’ individual operating environments. For more information on the Men & Mice release strategy and naming scheme, please read the white paper here.

Azure DNS

Together, Amazon and Microsoft are the undisputed leaders in cloud services with their respective cloud computing platforms, Amazon Web Services (AWS) and Azure. In 2014, Men & Mice took the initiative with transforming DDI for the cloud by adding support for AWS Amazon Route 53. Now, from Version 7.1, Men & Mice is taking DDI cloud dexterity one step further by also adding support for Microsoft Azure DNS. Known for its versatility in heterogeneous operating environments, support for Azure DNS further strengthens the Men & Mice Suite’s ability to scale successfully with businesses as they grow outwards, and upwards, into the cloud.

Other highlights of Version 7.1 are:

  • Microsoft SQL Server 2014 is now supported as a database backend for Men & Mice Central.
  • Improved usability with the First Use Wizard. Users will now be able to paste in all license keys at once instead of having to paste them in one at a time.
  • The Linux installers for the Men & Mice Remote Controllers have been improved and features added, such as a silent mode which enables the user to automate the installation of the Men & Mice Remote controllers.
  • A new Scope Creation Wizard makes creating DHCP scopes even easier.
  • No need for untimely upgrading prompts. From Version 7.1, the Update Manager has been adapted to accommodate long term support (LTS) releases. Users can now select if they only want to be notified of LTS releases in the Update Manager.
  • DHCP lease history gathering has been improved, lightening the load on SQL servers.
  • Men & Mice Suite administrators can now disable one or multiple servers from within the Men & Mice Suite.

Detailed release notes on Version 7.1 can be obtained here.

 

Men & Mice Suite version 7.1 Free Trial  


 


About Men & Mice

Founded in 1990, Men & Mice is headquartered in Iceland.  Drawing inspiration from our strategic geographic location midway between the USA and Europe, we possess a unique perspective on the challenges of DNS, DHCP and IP address management faced by medium to large, and growing, global enterprises today.

The combination of our extensive experience and expertise and our excellent software products, provides our customers with versatile, yet highly reliable, DDI solutions.

In a competitive DDI market, we pride ourselves on our ability to adapt our solutions to suit our customers’ needs. We don’t expect our customers to adapt their needs to suit our solutions.

Men & Mice has operations in the US, Europe and Asia, as well as resellers in many countries.

Contact us at Sales or Call us at +1 408.516.9582 to speak to a sales representative.

Topics: Men & Mice Suite, IPAM, CLOUD

DDI dreaming with Candle Stealer

Posted by Men & Mice on 12/24/15 1:00 AM

kertasnikir.jpg

Last to arrive, Candle Stealer (Kertasníkir) follows children in order to steal their candles, which, in former times, were made of tallow and therefore edible.

It’s beyond me why Mother had so many children.  Some say there are 80 of us living in the mountains. I don’t know. I’ve long lost count. Besides, she only seems to trust the 13 of us to go down to the humans AND find our way back, so who cares about the others.

Why only 13, I’m sometimes asked. I really can’t say, although I suspect it has something to do with Mother’s obsession with DNS and the DNS root name servers number 13. Perhaps she was hoping they’d rename the servers after her boys. Calling them A, B, C, D, E up to M is really, well, uninspirational, she’s said. Then again, we existed long before DNS. Mother conveniently seems to forget this the moment she switches on her computer.

I’m really, really tired now. Need a break. I told Mother I’ve had enough of snow. Next year, I plan to find my way into some hot countries and dive into an Azure blue ocean. I demand her full support for my adventure. She didn’t answer. She had that far-off look on her face. I like to call it her IPAM expression, the one that makes her look as if she’s stored her consciousness in a Cloud and she’s busy figuring out how to connect all the dots. I think she’s dreaming of a new set of Windows. She may be a bit harsh on naughty children, but she’s very clever at deciphering clues and optimizing network utilization.

Too tired to chase children tonight. Hungry. Need candles but children nowadays only seem to have electrical bed lights and lava lamps. Last year, I ended up eating a scented candle in the washroom. Unpleasant after effects that had.

Maybe it’s time for me to think out of the box and adapt to the times. Up, up and away I go! Merry Christmas All!

Goodbye 2015!

Hello 2016!

Boy, are we going to have a good time together!

 

Topics: Men & Mice Suite, DDI

Men & Mice 2015 Holiday Greeting

Posted by Men & Mice on 12/23/15 5:27 AM

MM_xmas_card_2015.jpg

As the Holiday Season is upon us, we find ourselves reflecting on the past year and on those who have helped us shape our business. We value our relationship with you and look forward to working with you in the years to come.

We wish you a Happy Holiday Season and a New Year filled with Peace and Prosperity.

The Men & Mice staff

Topics: Men & Mice

Updating reverse DNS records with Meat Hook

Posted by Men & Mice on 12/23/15 1:00 AM

kjotkrokur.jpg

Second-last to arrive, Meat Hook (Ketkrókur) stealthily steals meat with a hook.

Sometimes I just don’t know whether I’m going forwards or backwards. This time of year it’s especially bad. So much meat everywhere!

Once I get down to the humans with my sack of presents, the smells just make me go round and round and round and round. Roast turkey here, smoked leg of lamb there, glazed ham, prime rib, stuffed chicken, juicy quail, tender beef, pork crackling! Where to start! I really have to be careful. It’s so mouthwatering, I might just end up slipping on my own saliva.

When I don’t know where to turn, I like to spend a moment syncing before I make any decisions. You know, updating my reverse records and all. I find it’s best to use the Update Reverse Records Wizard in the Men & Mice Suite for this purpose. It allows me to create reverse DNS zones for selected ranges that exist on subnet boundaries and contain 254 or more IP Addresses (/24 or larger).

I only need to access IP Address Ranges on the object list, select the ranges, right-click, select Update Reverse Records from the shortcut menu and take it from there. Dead easy!

Now only if it were that easy to sync some roasted meat straight onto my hook …

 

Click here to get daily  DDI tips and tricks delivered straight to your inbox

Topics: Men & Mice Suite, DDI

Monitoring DNSSEC with Doorway Sniffer

Posted by Men & Mice on 12/22/15 1:00 AM

gattathefur.jpg

Third to last, Doorway Sniffer (Gáttaþefur) uses his abnormally large nose and acute sense of smell to locate Christmas “leaf” bread.

It’s a gift they say. You can do so much with it! Sure, it kind of stands out and it is a somewhat conspicuously grand sniffer nose for a simple Yule Lad, but it’s a talent like no other. Not even trained sniffer dogs can match my ability to detect delicious leaf bread, no matter where it’s hidden. I’m also super good at finding keys and lost toys, but only if you managed to touch it with sticky fingers before losing it. I generally find more keys than toys.

Large sniffers are often also sensitive sniffers. Just like a signed DNSSEC zone is much more vulnerable to software or operational errors, my sniffer is also more vulnerable to bread errors. Sometimes, I think I’m detecting “leaf” bread, but the only thing on offer is gluten free spelt bread. That’s such a disappointing misconfiguration.

In a signed DNSSEC zone, such small misconfigurations can render the whole zone invalid. Therefore it’s always a good idea to monitor a newly signed DNSSEC zone to detect potential DNSSEC validation issues before the zone goes public. Or at least that’s what Leppaludi says, and he sure knows a lot about validation issues, being married to Mother and all. He’s given me a great list of tools to help me monitor DNSSEC signed zones. Who knows, it might even help me with my nose!   I just won’t be the same without it.

Click here to get daily  DDI tips and tricks delivered straight to your inbox

 

Topics: Men & Mice Suite, DDI

Peeping through IPAM multiple address spaces with Window Peeper

Posted by Men & Mice on 12/21/15 1:00 AM

gluggagaegir.jpg

The tenth Yule Lad, Window Peeper (Gluggagægir), likes to sneak a peek through windows in the hope of finding something nice to steal.

I love it! All these windows and all these lights to help me see in the dark.

Humans sure are silly. Each year they add a few more windows AND a new set of lights. How can I do anything else but have a look? So much to see, so much to find, so much, so much ... stuff. I like stuff.

One of my brothers, the one who always sits holed up in the attic where Mother can’t reach him with her stick, says it’s not stuff. It’s called data. And that I should stop peeping into windows like some kind of old-fashioned pervert. He says I should rather use something called the multiple address space feature in the Men & Mice Suite to see what’s going on in other people’s places. According to him, each address space instance contains its own set of DNS servers, DNS zones, DHCP servers, DHCP scopes, IP Address ranges (including the IPv4 and IPv6 root ranges), IP Address entries and object folders.

That’s all well and nice for him. But I told him my space is already cramped enough without him and my other brothers also messing in my so-called “data”. He just laughed at me and said: “Changes to data in one address space do not affect data in any other address space.”

I told him I don’t give a flying turkey about his damn “data”, but if one of them brothers so much as sniffs my smoked leg of lamb again this Christmas, I’ll data him into his own black hole

 

Click here to get daily  DDI tips and tricks delivered straight to your inbox

Topics: Men & Mice Suite, DDI

Why follow Men & Mice?

Subscribe

The Men & Mice blog has educational, informational as well as product related material, both videos and articles for everyone and anyone interested in IP Address management, DNS, DHPC, IPv6, DNSSEC and more.

Subscribe to Email Updates