The Men & Mice Blog

Importing Sense and Sensibility into DNS, DHCP and IP Address Management

Posted by Men & Mice 11/3/15 11:53 AM

According to some computer historians, the first personal computer was the IBM 610 Auto-Point Computer, introduced in 1957. It was the size of a fridge and cost $55,000. Apparently, it was easy to use but a tad slow, using about 20 seconds to calculate a sine. Not surprisingly, only 180 IBM 610s were produced.[1]

Some 58 years after the IBM 610, PCs are not only “somewhat” smaller, faster and cheaper, but they are everywhere:  the sheer increase in the number of devices is staggering. Just in 2015 it is predicted that a total number of 2,591,753 billion new units of PCs, tablets and mobile phones will be shipped[2]. On top of that, market analysts Gartner believe that 4.9 billion “things” will be connected to the internet by 2015, increasing to 25 billion in 2020. Or 50 billion according to Cisco. Or 75 billion as is anticipated by Morgan Stanley.[3]

Despite organizations being faced with an imminent deluge of devices that need to be connected to network infrastructures, too few are investing in DDI solutions that effectively bridge the gaps between DHCP, DNS and IP address management tools. On the contrary, many administrators and managers in mid- to large-sized companies today are still left struggling to make native tools or home-grown solutions do the trick. With the advent of bring your own device (BYOD) and the Internet of things (IoT), not to mention the incremental migration to IPv6 and cloud-computing, the situation is only set to become worse.

DDI Sense

Effective and reliable DDI management forms the cornerstone of any modern organization’s IT infrastructure. It directly affects an organization’s overall performance and productivity. Improving DDI efficiency strengthens network infrastructure, simplifies administration and leads to considerable increases in business value on the whole. It is estimated that organizations investing in a commercial DDI solution can reduce operating expenses related to DNS/DHCP and IP address management by 50% or more, which can lead to significant full-time equivalent (FTE) savings in larger organizations.[4]

Meeting IPAM Challenges Sensibly

The challenges faced by today’s network administrators and managers, an analysis of related problems and issues and a discussion on how to simplify IP Address Management and become more productive as a Windows administrator, form the topics of this White Paper by IT infrastructure and security specialist, Byron Hynes. Additionally, Mr Hynes discusses what benefits DDI solutions such as the Men & Mice Suite can bring to an organization’s infrastructure.


[1] Information retrieved on 28 October 2015.

[2] Estimates by market analyst Gartner, retrieved on 28 October 2015. 

[3] Estimates as reported in Business Insider. Retrieved on 28 October 2015. 

[4] Gartner Market Guide for DNS, DHCP and IP Address Management, published February 2015.

Tags: Men & Mice Suite, DDI, IPAM

Through the IPAM looking-glass with Men & Mice

Posted by Men & Mice 10/26/15 3:29 PM

Migrating your IP address management to the same pane of glass as your DNS/DHCP management

The path to consolidated DDI

Since the advent of commercial DDI services, many enterprises have taken the leap of investing in their IT infrastructure by way of acquiring centralized DNS, DHCP and IP address management (IPAM) software, services and appliances. Though DDI vendors generally provide a consolidated product with DNS, DHCP and IPAM in one package, most also offer individualized software, services and appliances, differentiating between DNS, DHCP and IPAM. This means that one large enterprise could house DNS management from one vendor, DHCP from another and IPAM from yet another.

Often times this development is a combination of most modern medium to large enterprises’ constantly changing needs and environment: some grow larger, some grow smaller, others merge and need to accommodate previously separate networks in one united approach.  Additionally, as DDI forms the cornerstone of most networks and many vendors’ products have become an integral part (for better or worse) of an enterprise’s infrastructure, replacing one form of DNS/DHCP or IP address management with another runs the risk of severely interrupting business, with the accompanying loss of revenue – something which most organizations can ill afford.

Recognizing that network systems rarely consist of one type of hardware or software product or service, the Men & Mice Suite is an integrated overlay solution installed on top of existing infrastructure, thereby maximizing efficacy without any expensive hardware replacements or DNS/DHCP service downtime. One of the greatest benefits of the Men & Mice Suite solution is its ease of use (especially in heterogeneous environments) and simplicity of deployment, which makes it a particularly attractive option when a company is looking for ways of consolidating IT infrastructure after a merger or other forms of transition.

Migrating IPAM from another vendor to Men & Mice

Recently, a large Fortune 500 retailer decided to migrate its IP address management to the same pane of glass as its DNS management, which has been managed by Men & Mice for some years. Given the size of their operations, such a migration can be a risky and time-consuming affair, more so when it requires extensive hardware replacements, which, fortunately, is not the case with the Men & Mice Suite overlay solution. In fact, Men & Mice services staff needed to spend no more than five days on location preparing for the deployment, training staff and eventually executing the deployment itself.

After the initial preparation and very well-attended training sessions, the deployment was put into action by using the robust and agile Men & Mice SOAP-API to migrate data to the new system. During the migration, business continued as usual without general employees experiencing any DNS/DHCP downtime or inconvenience. Users managing the company’s DNS/DHCP and IP address infrastructure could start updating IPAM data again through the new system after a mere ten-hour interval.

Apart from the time spent on preparation, training and deployment, Men & Mice services staff also cleaned up data, integrated with external databases, connected domain controllers for DNS and DHCP to Men & Mice and synchronized with AD sites and subnets.

The Fortune 500 retailer now has a system which provides unified information across their network, from their AD, DHCP servers, BIND servers, routers, as well as their IPAM database, and all through one pane of glass. Additionally, they have a feature rich and easy-to-use UI for advanced management, web interface and a particularly powerful API, plus the opportunity to further maximize efficiency through potential customized automation and workflow implementation capabilities contained in the Men & Mice Suite.


It’s perfectly understandable that customers fear a journey through the “looking-glass” of consolidating their DDI solutions: will they enter an unusual world of chaos and confusion? Or wake up in their own office chair with everything in its right place? More importantly, how much will this DDI journey cost them in terms of lost operations, time and money?

With a DDI solution and services that promise simplicity, reliability and flexibility when a situation calls for chaos and confusion, the only “looking-glass” that Men & Mice aims to leave behind with their customers, is the single pane of glass from which to painlessly manage their newly consolidated DNS/DHCP and IPAM infrastructure.   




Tags: Men & Mice Suite, DDI, IPAM

Men & Mice Suite version 6.9 released

Posted by Men & Mice 9/17/15 6:26 PM

Men & Mice the leading provider of DNS, DHCP and IP address Management software solutions (DDI), announces the release of version 6.9 of the Men & Mice Suite.

The Men & Mice Suite is a software based IP Address Management (IPAM) solution, used for managing many of the largest and most critical networks in the world. This new version further strengthens the Men & Mice lead when it comes to IPAM for Microsoft Active Directory oriented networks where virtualization and private clouds matter.

The Men & Mice approach to IPAM is that manageability is added on top of existing DNS and DHCP servers. The Suite provides the required manageability and overview while guaranteeing that current DNS and DHCP servers retain authority over DNS and DHCP configurations. As a result the Suite can provide seamless integration on hybrid networks with tight MS/AD integration where required.

The Suite is a great tool for network administrators for daily administration, planning, auditing and reporting in large networks.

Among new features in version 6.9 are:

System Health Monitoring

The Men & Mice Suite Health Monitoring feature provides administrators with a good overview of the general health of the Men & Mice Suite and other related services, through the Health Bar in the Management Console.  More importantly, it will give administrators an indication if there is a problem that needs to be addressed.

The Health Monitor status indicators are split into five categories, where each category represents a specific part of the system;

  • Men & Mice Suite
  • DNS
  • DHCP
  • IPAM
  • Appliances

Warnings and errors 

The Health Monitoring feature uses color codes to represent the severity of a status indicator. A warning or an error is shown as yellow or red, respectively; otherwise as green.
Expanding the Health bar on a warning or an error gives more detail and description in a separate window, as well as the opportunity to navigate to the object that is affected and fix it from there.

Examples of warnings and errors could be slave zones that are expiring or a zone that has not been loaded on a server due to an error. Both errors can cause outages for users and therefore have a serious impact on their business.

Virtual Routing and Forwarding Support (VRF Support)

VRF support allows for multiple instances of routing tables to coexist on a single router and work together in such a way that IP addresses can be re-used and don’t conflict with each other.  

The Men & Mice Suite communicates with routers to retrieve information for the subnet and host discovery functionality. Now, the Men & Mice Suite also supports retrieving information from VRF enabled routers.

Other Improvements

Version 6.9 also improves other aspects of the Suite, featuring enhanced Subnet Discovery, management of reverse records and further security enhancements for the Men & Mice Appliances.

Men & Mice Suite version 6.9 Free Trial



Tags: Men & Mice Suite, DDI, IPAM

The DNSSEC - Day

Posted by Men & Mice 7/6/15 5:35 PM

The first DNSSEC-Day was hosted on June 30th, 2015 in Germany.

With the increase of mobile devices (BYOD), the Internet of Things (IoT) and the growth of cloud-based virtual machines, a seismic shift has been in the DDI landscape, leading to greater awareness of network-related security risks.

Security manifests itself in various formats, such as availability, performance and the ability to withstand attacks like DDoS Attacks, DNS cache poisoning, DNS Spoofing and other DNS security threats.

United in increasing the security on the Internet, Heise publishing house, DeNIC, Sys4 AG and the Federal Office for Security in Information Technology (BSI) join forces and get experts to the table to explain, among other things the benefits of DNSSEC technology from the perspective of users and deal with practical questions from administrators.

The DNSSEC-Day was a 4-hour live video streaming session in German, supplemented with screencast recordings.

Contributing at the DNSSEC-Day was Men & Mice expert Mr. Carsten Strotmann giving his input on practical DNSSEC and DANE deployments.



Win a trip to Iceland at Cisco Live, San Diego

Posted by Men & Mice 6/11/15 3:04 AM

Lucky winner of the 1st Men & Mice "Win a trip to Iceland" at is Arshad Usmani from Wipro Limited.

On the last day, in front of a crowd of Cisco attendees, we drew the 2nd winner of a trip to Iceland. Strangely enough Arshad's friend from Wipro Limited, Mr. Piyush Trikha is the lucky winner!

Men & Mice welcomes them both to beautiful Iceland.





Tags: Cisco Live

Winners of a Trip to Iceland contest announced

Posted by Men & Mice 5/6/15 5:37 PM

Congratulations to Asheed Vasudevan from Greenway Health, and Aaron Koenig from Kohler Co. the lucky winners in Men & Mice's "Win a Trip to Iceland" contest at #Ignite2015!



Tags: Men & Mice, ignite

Men & Mice at Microsoft Ignite 2015

Posted by Men & Mice 5/5/15 11:46 AM

Men & Mice is at Microsoft Ignite 2015 and can be found at booth #371, where our intrepid team of black-clad gentlemen is busy giving away free trips to Iceland.

Men and Mice booth at Microsoft Ignite 2015

Tags: Men & Mice, Microsoft Ignite

Men & Mice Suite Version 6.8 Released

Posted by Men & Mice 4/28/15 1:49 PM

Reykjavik, Iceland, April 28th 2015 - Men & Mice announces the release of version 6.8 of the Men & Mice Suite.

The Men & Mice Suite is the ideal tool for network managers who desire minimal daily management, featuring planning, reporting, and auditing of growing dynamic IP networks, with the added benefit of delivering improved network security as well. The Men & Mice Suite version 6.8 can be deployed as a software solution on top of existing DNS/DHCP servers or as hardened DNS/DHCP virtual appliances.

Subnet Discovery and Ease of Use

Version 6.8 introduces several new features designed to streamline both initial deployment of the Men & Mice Suite, and day-to-day management of enterprise networks by way of automatic discovery and intuitive user interface improvements.

The new Subnet Discovery feature allows the Men & Mice Suite to directly query network routers for subnet information, making it far easier to add new subnets, and reducing administration time by eliminating the need for tedious manual input of new subnets. Meanwhile, the First Use Wizard allows new users to rapidly gain complete control over their networks by automating DNS/DHCP server and Active Directory Subnet discovery, and intelligently guiding administrators through the initial setup process.

Enhanced System Support

The Unbound Caching DNS Server now enjoys the same management utility as the Men & Mice Virtual Caching Appliance in the Men & Mice Suite, and can be simply added to the Men & Mice Suite Management Console like any other supported DNS server. With version 6.8 the Men & Mice Suite now also features native support for 64-bit Linux systems, and support for systemd integration on Linux installers.

Other Improvements

Version 6.8 also improves other aspects of the suite, featuring enhanced Windows DNSSEC support, improved failover handling on Microsoft DHCP servers, and a number of performance improvements to both the Men & Mice Suite and the Men & Mice Virtual Appliance products.

For a complete list of new features and enhancements:
Release notes on version 6.8.


Men & Mice Suite version 6.8 Free Trial


Tags: Men & Mice Suite, DDI, DNSSEC, IPAM, DHCP, Windows, Unbound

An Introduction to the Men & Mice Web Service: JSON-RPC

Posted by Men & Mice 2/23/15 4:48 PM

The Men & Mice Suite is a comprehensive DDI solution that allows you to manage your DNS, DHCP and IP Addresses in a simplified, flexible manner. In order to maximize this flexibility the Men & Mice Suite provides a rich set of commands accessible through its web service interface. These commands are used internally for almost all requests between the user interface and the Central service, so if something can be done in the user interface it can also be done through the web service interface.

Initially the web service interface provided a SOAP API and a WSDL service. Starting with version 6.6, the Men & Mice Web Service also provides a JSON-RPC service that complies with the JSON-RPC 2.0 specifications. The main reason for this decision to provide JSON-RPC along with SOAP is that JSON is well supported in popular programming languages such as JavaScript and Python, and working with JSON-like data instead of XML is much easier and less error prone, not to mention that JSON packets are smaller than XML packets and more human readable.

If you are interested in the SOAP service there is an excellent introduction to it on our blog (see: Introduction to the Men & Mice Web Service API).


The JSON-RPC service supports all the same commands as the SOAP API. You can find a complete list of the SOAP commands available here. The same code is used internally in the Men & Mice Suite so when a new SOAP command is added, it will be readily available as a JSON-RPC method. As with SOAP, our main focus is to provide JSON-RPC over HTTP/HTTPS.

No special magic is needed to send a JSON-RPC request. When our web service receives a packet it will determine from the content of the packet whether this is a SOAP or a JSON-RPC request. You can even mix those two and the web service will simply respond with a JSON if this was a JSON-RPC request or an XML if this was a SOAP request. The general format of a Men & Mice Web Service JSON-RPC request and a response is as follows:

--> {"jsonrpc": "2.0", "method": "theMethodName", "params": theParams, "id": 1}
<-- {"jsonrpc": "2.0", "result": theResult, "id": 1} 

The jsonrpc member should always be "2.0". The method member should contain a string with the name of the method to be executed. The params member contains data that should be passed to the method. The member id is optional, but if it exists the response will contain the same ID as provided in the request. If successful the response will include a member result that will contain the result from the RPC method that was executed. If an error occurs the response will not include a result but instead another member named error that will include information about what happened.

An example:

--> {"jsonrpc": "2.0", "method": "Login", "params": {"password": "secretPassword", "loginName": "administrator", "server": ""}, "id": 1}
<-- {"jsonrpc": "2.0", "result": {"session":"J95A5uh9obM6KjCtbtHZ"}, "id": 1}
<-- {"jsonrpc": "2.0", "method": "GetDNSServers", "params": {"session": "J95A5uh9obM6KjCtbtHZ"}, "id": 2}
--> {"jsonrpc": "2.0", "result": {"dnsServers":[{"ref":"{#2-#10}","name":"caching1.demo.","resolvedAddress":"","port":1337,"type":"Unbound","state":"OK","customProperties":[],"subtype":"Unbound"},{"ref":"{#2-#11}","name":"caching2.demo.","resolvedAddress":"","port":1337,"type":"Unbound","state":"OK","customProperties":[],"subtype":"Unbound"}],"totalResults":2}, "id": 2} 

JSON-RPC and Python

Python is powerful as a scripting language. The standard libraries are pretty comprehensive and if you need something more specific then there are plenty of additional libraries that can be found. One of the strengths of Python is its dynamic type system and "duck typing" that allows for the creation of complex objects without writing too much code.

We have created a small, light-weight Python module that uses the request library to simplify session handling and data conversion from Python dictionaries to JSON requests. The class overloads the __getattr__ method, so that all unknown functions are assumed to be RPC requests and all the arguments passed are assumed to be a RPC data.

You can find the latest version of the Python module here. To install it, extract the downloaded file, go into the subdirectory and run:

$ python install

Before we can use any of the commands we need to create a JSONClient object and log in to our Central Service. Let's start Python and type in the following commands.

$ python
>>> import mmJSONClient
>>> client = mmJSONClient.JSONClient()

The Basics

The Login method accepts the following arguments: proxy, server, username and password. Proxy is the name or IP address of a server running the Men & Mice Web Service. If you do not provide the proxy argument, then the Login method assumes the web service is running on the same machine as the Central Service. The server argument should contain the name or address of the machine that is running the Men & Mice Central Service. The username argument is the name of the user that we want to log in as and password is his password. Note that in order for this user to be able to use the web service he has to have permissions to use the web user interface. For optimal security, it is best to create a new dedicated user account that only has access to the objects the script needs to function.

Now let's log in to the server. In this example I'm logging in to a server named 'central.demo' with the user name 'a_user' and the password 'secret'. Since the web service is also running on 'central.demo' I don't need to provide the proxy argument.

>>> client.Login(server='central.demo', username='a_user', password='secret') 

As I mentioned earlier, we can use all the commands that are available for the SOAP API, and there are a lot (around 200 at last count). A list can be found here, along with descriptions of what arguments they need and what data they return.

Let's start with something simple, like the GetDNSServers method. As the name implies, the method will return all the DNS servers available to the user. Note that it might not return all the DNS servers available, but instead only those the user has permission to see. If you look at the description of GetDNSServers, you will see the only argument required is the session ID; everything else is optional. The session ID is a random string that the web service returned from the Login method. If you have successfully executed the Login method, you can see what your temporary session ID is by doing:

>>> print(client.sessionid)

Or if you are using Python 2.7, use print without parentheses:

>>> print client.sessionid

The rest of this article assumes use of Python 3.x. When using earlier versions of Python the syntax may have to be adjusted accordingly.

Fortunately when using the JSONClient class you don't have to worry about the session ID, as the class handles that automatically so if you want to list all the DNS servers available, you can simply type:

>>> print(client.GetDNSServers())
{u'totalResults': 2, u'dnsServers': [{u'name': u'caching1.demo.', u'resolvedAddress': u'', u'ref': u'{#2-#10}', u'subtype': u'Unbound', u'state': u'OK', u'customProperties': [], u'type': u'Unbound', u'port': 1337}, {u'name': u'caching2.demo.', u'resolvedAddress': u'', u'ref': u'{#2-#11}', u'subtype': u'Unbound', u'state': u'OK', u'customProperties': [], u'type': u'Unbound', u'port': 1337}]} 

The result from GetDNSServers is a Python dictionary that contains two members: totalResults and dnsServers. As stated in the SOAP API documentation, the totalResults member contains the number of DNS Servers we have access to, and the member dnsServers contains an array of DNS servers. To refer to a member in a Python dictionary we can use brackets - for example, the following can be used to print out the total number of DNS servers:

>>> print(client.GetDNSServers()['totalResults'])

Providing arguments to a method is simple. GetDNSServers has a number of optional arguments, for example the filter argument. Filter is powerful argument that is provided with many of the Men & Mice SOAP API commands. It allows you to limit the result to only the items that you want to see. You can use wildcards and regular expressions with a filter. For more information, look at the description of filtering in the SOAP API. Let's say that we wanted to get all the servers that contain the number 2 in their name. We can simply do:

>>> print(client.GetDNSServers(filter='name:2'))
{u'totalResults': 1, u'dnsServers': [{u'name': u'caching2.demo.', u'resolvedAddress': u'', u'ref': u'{#2-#11}', u'subtype': u'Unbound', u'state': u'OK', u'customProperties': [], u'type': u'Unbound', u'port': 1337}]} 

Or let's say we wanted to print out all A records from the zone '' that start with the name 'apple':

>>> print( '\n'.join(['{}\t{}\t{}'.format(r['name'],r['type'],r['data']) for r in client.GetDNSRecords(dnsZoneRef= '', filter='type:^A$ name:^apple')['dnsRecords']]) )
apple1 A
apple2 A
apple3 A 

In the example below we have created a Python script that logs on to a server, prints out all of its zones and then the first 10 records of a single zone. It assumes that we are running Men & Mice Web Service and Men & Mice Central on a server named 'central.demo'. It also assumes there is a zone named '' on one of the servers:

import mmJSONClient
client = mmJSONClient.JSONClient()
client.Login(server='central.demo.', username='a_user', password='secret')
result= client.GetDNSZones()
print('\nTotal number of zones: ' + str(result['totalResults']))
for zone in result['dnsZones']:
myZone = myZone= ''
result = client.GetDNSRecords(dnsZoneRef= myZone, limit= 10)
print('\nRecords in ' + myZone)
for record in result['dnsRecords']:
    print(record['name'] + "\t" + record['ttl'] + "\t" + record['type'] + "\t" + record['data'])

Manipulating DNS Zones

Now let's do something a little bit more complicated. Let's create a zone and add some records to it. If we look at the list of SOAP API commands we can find AddDNSZone. AddDNSZone requires at least two arguments: a session argument we don't have to worry about since JSONClient will handle that for us, and a dnsZone argument which should be of type DNSZone. The DNSZone type requires at least two members (or arguments): name and type. The name argument is a string, and the type argument is an enumeration which can be Master, Slave, Hint, Stub or Forward. If the call is successful AddDNSZone will return a reference to the newly created zone.

We also have to specify where we want to create the zone. Notice that we don't have any possible DNS server reference when creating a zone. The reason is that each DNS server can have one or more views that in turn can contain a number of zones. In most cases DNS servers will only have one view, called the default view or the empty view (''). When referring to any object in the Men & Mice Suite, you can either use its globally unique identifier (GUID), that was returned from the Central Server or you can pass on a string that will uniquely identify the object, in this case using its name (for a more detailed description on how this works, see Referencing Objects in the SOAP API). To reference a default view on a server you can simply use its fully qualified name and add a double column at the end.

As an example, let's say we want to send a reference to the default view as an argument on the DNS server dnsserver1.demo. Here we can simply pass the string 'dnsserver1.demo.:' as a DNS view reference.

>>> zoneRef= client.AddDNSZone(dnsZone={'dnsViewRef':'dnsserver1.demo.:', 'name':'', 'type':'Master'} , saveComment='A zone created using Python')
>>> print(zoneRef)
{u'ref': u'{#4-#2054}'} 

Note that we also added a save comment when creating the zone as it is sensible to always add a comment when you are making changes to the system. Also notice the return value from AddDNSZone. As before it is a Python dictionary, this time with only the one member, 'ref', that contains a reference to the newly created zone. Now let's create few records:

>>> for i in range(100,105):
...     client.AddDNSRecord(dnsRecord={'dnsZoneRef':zoneRef['ref'], 'name':'test{0}'.format(i), 'ttl':'', 'type':'A', 'data':'10.50.0.{0}'.format(i), 'enabled':1})

In this example, since I'm creating multiple records, I might instead use the SOAP command AddDNSRecords. AddDNSRecords will accept multiple records and update the zone just once instead of multiple times:

>>> client.AddDNSRecords(dnsRecords= [{'dnsZoneRef':zoneRef['ref'],  'name':'test{0}'.format(i), 'ttl':'', 'type':'A', 'data':'10.50.0.{0}'.format(i), 'enabled':1} for i in range(100,105)])
{'errors': [], 'objRefs': ['{#13-#9009}', '{#13-#9010}', '{#13-#9011}', '{#13-#9012}', '{#13-#9013}']}

As a final example, let's create a script that will check if all the PTR records for a DNS server are in order. The script will read through all the forward and reverse zones and report if there are any PTR records missing or if there are any orphaned PTR records:

import mmJSONClient
def qualifyName(recName, domainName):
    if len(recName) == 0:
        return domainName
    elif recName[len(recName) - 1] == '.':
        return recName + domainName
    return recName + '.' + domainName
mmServer    = 'central.demo.'
mmUser      = 'a_user'
mmPassword  = 'secret'
dnsServer   = 'b-centos6-32.demo.'
    print('Checking reverse zone on server [{}] ...'.format(dnsServer))
    client = mmJSONClient.JSONClient()
    client.Login(server= mmServer, username= mmUser, password= mmPassword)
    viewRef = client.GetDNSView(dnsViewRef= dnsServer + ':')
    # Get all forward and reverse zones
    zoneList = client.GetDNSZones(filter= 'dnsViewRef:' + viewRef['dnsView']['ref'])['dnsZones']
    forwardZoneList = [z for z in zoneList if (not z['name'].endswith('') and not z['name'].endswith(''))]
    revZoneList = [z for z in zoneList if z['name'].endswith('')]
    print('Found {} forward-zone(s) and {} reverse-zone(s)'.format(len(forwardZoneList), len(revZoneList)))
    # Collect all PTR records as a map of ip -> [record, zone, data] 
    # and give the user a warning if there are duplicates
    ptrRecordsMap = {}
    for z in revZoneList:
        print('Scanning reverse-zone [{}]'.format(z['name']))
            records = client.GetDNSRecords(dnsZoneRef= z['ref'], filter= 'type:^PTR$')['dnsRecords']
        except Exception as e:
        for r in records:
            domain = qualifyName(r['name'], z['name'])
            label = domain.split('.', 4)
            ip = '{}.{}.{}.{}'.format(label[3], label[2], label[1], label[0])
            if ip in ptrRecordsMap:
                print(  ('Warning: Ignoring reverse record [{} in {} {}] for the IP address [{}]:\n'
                        + '\talready found [{} in {} {}]').format(
                              r['name'], z['name'], r['data'], ip
                            , ptrRecordsMap[ip][0], ptrRecordsMap[ip][1], ptrRecordsMap[ip][2]))
                ptrRecordsMap[ip] = [r['name'], z['name'], r['data']]
    # Collect all A records as a map of ip -> [record, zone] 
    # and give the user a warning if there are duplicates
    aRecordsMap = {}
    aMatchedRecordsMap = {} # contains all record that found a match
    for z in forwardZoneList:
        print('Scanning forward-zone [{}]'.format(z['name']))
        records= []
            records = client.GetDNSRecords(dnsZoneRef= z['ref'], filter= 'type:^A$')['dnsRecords']
        except Exception as e:
        for r in records:
            ip = r['data']
            if ip in aRecordsMap:
                print(  ('Warning: Ignoring the A record [{} in {} {}]:\n'
                        + '\talready found [{} in {} {}]').format(
                            r['name'], z['name'], r['data']
                            , aRecordsMap[ip][0], aRecordsMap[ip][1], ip))
            elif ip in ptrRecordsMap:
                # We already have this as a PTR record but do the data match?
                if qualifyName(r['name'], z['name']) != ptrRecordsMap[ip][2]:
                    print(  ('Warning: Record [{} in {} {}] has an incorrect reverse reference:\n'
                            + '\talready found a PTR record [{} in {} {}]').format(
                                r['name'], z['name'], r['data']
                                , ptrRecordsMap[ip][0], ptrRecordsMap[ip][1], ptrRecordsMap[ip][2]))
                aMatchedRecordsMap[ip] = [r['name'], z['name']]
                del ptrRecordsMap[ip]
                # the ip wasn't found in the reverse list but it might already been matched
                if ip in aMatchedRecordsMap:
                    print(  ('Warning: Ignoring the A record [{} in {} {}]:\n'
                            + '\talready found [{} in {} {}]').format(
                                r['name'], z['name'], r['data']
                                , aMatchedRecordsMap[ip][0], aMatchedRecordsMap[ip][1], ip))
                    aRecordsMap[ip] = [r['name'], z['name']]
    print ('\nFound {} missing PTR-Record(s)...'.format(len(aRecordsMap)))
    for ip in aRecordsMap:
        print ('{} in {} {}'.format(aRecordsMap[ip][0], aRecordsMap[ip][1], ip))
    print ('\nFound {} orphan PTR-Record(s)...'.format(len(ptrRecordsMap)))
    for ip in ptrRecordsMap:
        print ('{} in {} {}'.format(ptrRecordsMap[ip][0], ptrRecordsMap[ip][1], ptrRecordsMap[ip][2]))
except Exception as e:


The primary focus of the Men & Mice development team has always been to simplify the complex task of administering a DDI environment while still being flexible, as different environments can have very different needs. To achieve this flexibility the Men & Mice Suite provides rich set of commands accessible through a web service interface.

As of version 6.6 both SOAP/WSDL and JSON-RPC services are supported. Both of these services have their advantages but JSON-RPC is more light-weight than SOAP/WSDL and a better fit for many programming languages.

Tags: Men & Mice Suite, DDI, DNS, DHCP, DNS Zone, Web Services, JSON, SCRIPTING

Hybrid Cloud DNS with the Men & Mice Suite

Posted by Men & Mice 2/2/15 3:55 PM

Since its humble origins as QuickDNS for the Apple Macintosh, the Men & Mice Suite has evolved into a comprehensive management solution for existing heterogeneous DNS/DHCP environments, with a powerful IPAM module that allows for seamless AD Sites & Subnets management in Windows Active Directory environments. Since 2011 Men & Mice have also offered the Men & Mice Appliance for customers that desire integrated DNS/DHCP or caching appliance solutions.

Introducing the Generic DNS Server Controller

In 2014 Men & Mice introduced the Generic DNS Server Controller, an extension of the existing Men & Mice DNS Server Controller that allows the Men & Mice Suite to integrate with any DNS server product that features an API to access and update DNS data.

The result is a flexible DNS solution that can deploy and centrally manage a wide variety of DNS products within a single hybrid environment, all without having to replace existing DNS infrastructure.

Better living through scripting

With the Generic Controller, communication between the DNS Server Controller and the DNS server itself is not hard coded; instead, a scripting interface is called instead of directly accessing the server whenever changes are made through the Men & Mice Management Console (or any other Men & Mice client interfaces).

Men & Mice currently provides two scripts (written in python) to interface with a cloud based DNS service (Amazons Route53) and PowerDNS (with a MySQL back-end, which is widely used as authoritative DNS in the ISP market). These scripts can be further tweaked and configured to interface with any number of different DNS servers without changes to the core infrastructure.

Looking forward

What does this mean for Men & Mice's customers?

Put simply, it can significantly lower infrastructure costs when moving into the future; should you plan to migrate your data into a cloud based DNS service or even switch over to some other DNS product types like PowerDNS you can still use the Men & Mice Suite to manage the DNS/DHCP and IPAM with all the advantages it brings, such as audit trails, automation, and delegation.

Hybrid Cloud DNS with the Men & Mice Suite
  • An administrator requests a change on the DNS server via the Men & Mice Management Console, which connects to the Men & Mice Central server.
  • Men & Mice Central connects to the DNS Server Controller and relays the change request.
  • The DNS Server Controller deploys the change and reports success or error back to Central.
  • Central reports back to the administrator.

Tags: Men & Mice Suite, IPAM, DNS, DHCP, CLOUD