The Men & Mice Blog

Men & Mice

Recent Posts

DNS training from A to Z, Part 5

Posted by Men & Mice on 9/20/19 9:25 AM

Continuing our glossary of DNS tips & tricks, we’re covering the letters M, N, and O this time.

M is for “master DNS zone”

A.k.a. the Primary Zone. Informally, The Zone Of All That Is Good and Pure. (May have made that one up.)

Simply put, the master DNS zone resides on the server which is authoritative for the zone’s data. h (As opposed to a slave zone; more on that in a bit.) When you make changes to the master DNS zone, such as adding, editing, or deleting a record, those changes will be replicated to the slave DNS zones.

Slave (or secondary) DNS zones are read-only copies of the master DNS zone, used to relieve the primary zone of query load or as a backup in case of failure. Data from the master DNS zone to the slave zone(s) is done through zone transfer

N is for “named-check*”

Namely (🙄) named-checkzone and named-checkconf. These two are helpful commands in BIND (we’ve talked about it before) to check a configuration file’s validity before pushing it live. 

The neat feature of these two commands is that not only do they report any errors in their respective configuration files, but also let you know the line number of the errors. When dealing with large files, this can save a lot of time and headache.

Use them freely.

O is for “OpCode”

A DNS opcode is a four-bit field that identifies the type of query being sent to the DNS server.

The opcode can be, per IANA’s (the Internet Assigned Numbers Authority, we’ve also talked about them before) designations:

OpCode

Name

0

Query (see RFC1035)

1

IQuery (Inverse Query, obsolete; see RFC3425)

2

Status (see RFC1035)

3

Unassigned

4

Notify (see RFC1996)

5

Update (see RFC2136)

6

DNS Stateful Operations (DSO) (see RFC8490)

7-15

Unassigned

OpCodes show up when you examine a query. (Like with dig.)

Want to learn more?

This series is byte-sized (that joke just never gets old) — but a lot more can be said and done. To learn more in-depth about DNS specifically, we offer a comprehensive DNS training program.

You can enroll in different groups depending on your skill level:

  • If you’re new to DNS, we offer the DNS & BIND Fundamentals (DNSB-F) course. It’s part of the DNS & BIND Week (DNSB-W) and serves as a shorter introduction to the world of DNS and BIND.
  • If you’re already familiar with the basics, the full five-day DNS & BIND Week (DNSB-W) course takes you deeper into DNS, including a heavy emphasis on security, stopping just short of DNSSEC (for which we offer a separate course).
  • And if you're looking for even more, we offer the DNS & BIND Advanced (DNSB-A) program, getting into the deep end of things.

To check if you can get on board with one of the remaining courses this year, check out our training calendar for 2019, and reach out to us with any questions.

Topics: Men & Mice Suite, DNS, IT best practices, DNS training

VMworld US 2019: all aboard for multicloud

Posted by Men & Mice on 9/12/19 10:46 AM

The guiding word for San Francisco between 25th and 29th August was ‘cloud.’ Everything revolved around it, from storage solutions to innovations in computing performance, just about every vendor  came set to showcase how their products provide distinct advantages in a cloud environment.

The verdict is clear: cloud adoption in one form or another is not an ‘if’, but a ‘when'. Those coming to VMworld whose companies haven’t yet invested in some kind of cloud offering, came prepared to explore all options.

Pitfalls and best practices

Cloud adoption is a complex task. And it is especially true in the area of our expertise: networks.

The show floor was abuzz with the newest advancements in technologies like storage for big data (in the cloud) and computing performance in service of machine learning (in the cloud).

Meanwhile, the stalwart Men & Mice team had a field day as scores of people came to us to learn how to do cloud better. We chatted with people running multiple data centers, on-prem, in the cloud or hybrid and multicloud, looking for better management solutions. We debated the merits of appliance-based approaches vs. overlays. (Overlays are better, of course). And we had a blast discussing the power of cloud DNS. (If you’re utilizing cloud DNS, you don’t need anything else. You’re already using the best there is. You just need to make it more transparent and compatible with your existing systems and processes.)

Cloud adoption, coupled with migration of data and existing systems, can bring with it a host of pitfalls to avoid, as well as a score of best practices to study and apply. But how do you get your network ready for cloud, or multicloud, adoption? 

On this subject, our North American Director of Sales Operations, Paul Terrill,  gave a talk at VMworld's Solutions Exchange Theater in San Francisco on future-ready network best practices. Take a look:

Cloud is a multiple choice question

We’ve arrived in an era where one cloud is not necessarily the best answer. The differentiation between services and their respective ecosystems has grown beyond simply executing similar processes along the same concept.

The quality of tools and depth of services between different cloud providers can vary considerably, and your needs may be best served by more than one. Every company has to evaluate what works for them. Networking best practices, as discussed by Paul Terrill in the above-mentioned talk, might help you decide what matters most to you. 

In this vibrant and varied landscape of the cloud market, solutions that provide a connective layer between the disparate offerings provide lasting value and position networks well for a rapidly changing network management landscape.

The Men & Mice Suite is such a solution, developed to provide an abstraction layer for cloud (and on-prem!) networks that can work with any underlying technology or service. From VMware to Azure to AWS, NS1 and Akamai -- it doesn’t matter what’s in your networks; what matters is how you see (and manage) it.

And because it’s a software-defined and API-first solution, the Men & Mice Suite can be deployed non-disruptively (no more re-buying appliances every five years) while offering advanced automation and customization tools to save valuable resources across network teams.

In short, with the Men & Mice Suite you don’t need to adapt your network to  to conform to our solution. You can continue to use the platforms you have, or want, to build the future-ready network you need. 

Get connected

IMG_6575We’ve had a great time in San Francisco (as illustrated) and answered a lot of questions from interested parties. We were also delighted to meet up with current customers and hear their success stories with the Men & Mice Suite.

From the latter, we’ll be bringing you deployment studies, white papers, and more technical content on the blog and in our podcast in the coming weeks and months.

For the former, our doors are always open for a chat, or delve deeper with a free demo.  Feel free to reach out to us and we’ll be happy to answer your questions and show you how we can help you change the way you see, and manage, your networks.

Topics: Men & Mice Suite, IPAM, DNS, DHCP, "cloud dns", vmworld

DNS forecast: cloudy (in a datacenter near you)

Posted by Men & Mice on 8/29/19 10:13 AM

Men & Mice @ VMworld 2019

The VMworld contingent of the Men & Mice team has arrived in San Francisco. We’ve met “Karl”, and taken the Moscone Center by storm, where, together with tens of thousands of attendees and hundreds of exhibitors from over 5,000 companies (and 86 countries!), our team is ready to see, show, and tell what’s in store for the future of networks. 

So what’s in store you might ask? From our vantage point in San Fran, it’s abundantly clear:  clouds. Loads of them.

Clouds. Clouds everywhere.

We expected the City of Fog (that has a name; it’s Karl) to be all about clouds, and it didn’t disappoint.

Everybody’s doing cloud. Or, rather, everybody’s doing hybrid and multicloud. We’ve expected as much, and our experience here at VMworld has confirmed it.

The interesting part is talking to people who haven’t yet started using cloud, or those that have already started entertaining the possibility of a multicloud strategy. As exhibitors strut their clouds and visitors contemplate the best options for their businesses, we’ve offered a gentle reminder: cloud adoption is not an either-or proposition - every future-ready network strategy should be having a serious look at it.  

And, not to blow our own horn too loudly, but it’s more apparent than ever - and more important than ever - to consider how an API-first network solution can help your network bridge the gaps between  different platforms, in a variety of clouds that offer a diverse selection of functionality and benefits.

On this note, we are pretty pleased to announce that Men & Mice was chosen as a finalist in TechTarget's 'Best of VMworld' networking category! More on that in our next post.

Stay tuned

paul_terrillOur post-VMworld report is coming in a few days - full of  details on what’s been happening at the event, what and how we think the future will be shaped from the things we’ve learned while meeting people at our booth, or attending and presenting talks (or being chosen as finalists for awards!).
As an additional treat, we’ll be posting a video from the talk our North American Director of Sales Operations, Paul Terrill, held on Monday, where he went into detail on what
’s the what in implementing best practices for future-ready network management.

In the meantime, spend a moment to be wonderstruck by our handsome booth babes. :-)



Topics: VMware, hybrid cloud, vmworld, multicloud, vrealize

Men & Mice @ VMWorld US 2019

Posted by Men & Mice on 8/23/19 9:31 AM

San Francisco: the Men & Mice contingent will be at booth 2033

Come meet us for all your DNS, DHCP, and IPAM needs. (Also the swag. We have good ones.) We'll be happy to chat, and also conducting lightning interviews for our DNS and networking podcast. (Speaking of which: check out the latest episode below.)

While at VMWorld, our North American Director of Sales Operations, Paul Terril, will also be giving a talk on network best practices. Paul has over a decade of experience in assisting enterprises to transition from local to global network operations, and scale accordingly, as well as developing the resilience necessary for secure and efficient  network management on a global scale.   

Changing the way you see your networks

The challenges organizations face are multi-faceted. It's a (multi)cloud-native world, and businesses need solutions that transform their networks into a future-ready state - and quickly.

In his talk, Paul will highlight pain points faced by managers who are getting their networks ready for tomorrow, today. These include:

  • the potential loss of access control assignments,
  • vendor compatibility hurdles
  • lost time and efficiencies 
  • low visibility across platforms
  • boosting security and control
  • optimising service-native features (both on-prem and cloud)
  • automating and workflows
  • unifying management with overlays

(v)Realize the power of your networks

We understand the importance of visibility, control, automation, and security — and also how challenging those can be in complex, hybrid IP infrastructures. Men & Mice provides API-driven DNS, DHCP, and IPAM software solutions to global enterprise, education, and government organizations.

Men & Mice also recognizes the importance of VMWare in enterprise networks. (Why else would we go to VMWorld? Other than the weather in San Francisco, that is ;-) .)

With Men & Mice, users aren't tied to a single DNS and DHCP platform. The Men & Mice Suite comes with built-in vRealize integration, and the ability to, amongst other things, rapidly allocate IPs and manage DNS entries via either the management console, the web interface, or a best-in-class API.

Questions?

Paul will describe in detail the advantage of overlay solutions over other methodologies, as well as where most hybrid and multicloud migration strategies go off the rails. For instance,  IT decision-makers need not fear APIs, but embrace them, especially for network-specific customisation and automation. Homegrown solutions are no longer acceptable.

Come and listen to Paul’s talk, ask the questions you need to know and visit us at booth 2033 throughout the event for an on-the-spot demo (and some super swag!). 

If you can’t make it to San Fran, worry not: we’ll be bringing you daily coverage here and on our social channels.



Topics: VMware, vmworld, resolv.pod, Paul Terrill, vrealize

The ABCs of DNS: a select glossary from the Men & Mice training archives - Part 4

Posted by Men & Mice on 8/16/19 8:43 AM

Continuing our glossary of DNS tips & tricks, we’re covering the letters J, K, and L this time.

J is for “jumbogram”

Ever wondered what the largest (internet-layer) packet you can send? It’s 4,294,967,295 bytes. (One byte less than 4 GB.) Theoretically. Let’s break down the math (and the tech).

IPv6, among other things, has an extension that allows for a 32-bit length field. Jumbogram is the term for IPv6 packets taking advantage of it, capable of carrying more than the 65,535 octets of the limit of IPv4’s 16-bit length field.

However, transport layers such as TCP and UDP are limited to 16 bits. (TCP doesn’t have a length field, but the TCP MSS option and TCP Urgent field are both limited to 16 bits.) To make transporting larger payloads possible, these transport layers need a redesign to include 32-bit length fields.

RFC 1883, which first described the IPv6 standard, contained these modifications but was superseded by RFC 2460 which no longer did. RFC 2147 described the TCP and UDP enhancements but was obsoleted by RFC 2675 which merged the relevant parts from 1883 and 2147 into one document.

This is all theoretical, of course. RFC 2675 is listed as ‘informational’ and the practicality of jumbograms are debatable. But, as networking becomes more and more ubiquitous with larger and larger data transport needs, it may very well become everyday practice soon enough. Especially because larger payloads mean speedier delivery and less overhead - on the other hand, networks need better reliability to handle them. If just a small bit gets lost, scrambled, or corrupted, the whole payload has to be re-sent.

K is for “Kea”

In addition to DNS, an essential component of any network is DHCP. Just like DNS, development in DHCP doesn’t stop, to the extent of completely new software emerging to replace the old one: as is in the case of the Kea DHCP server.

Kea is the successor to ISC DHCP. While mature and robust, ISC DHCP is also old. It started in 1995, a time when networks were a lot smaller. Since then, network management became a lot more complex and mission-critical.

Kea is a modern DHCP server developed for the challenges of modern times. It's more scalable and offer better performance, with a different architecture. Kea also brings a somewhat different feature set, such as hooks and a rich API to configure users and subnets, Radius integration, and support for several database backends.

As is the case with any software no longer in widespread deployment, the development of ISC DHCP will cease in favor of Kea. ISC already recommends, particularly for new deployments, to use Kea instead of ISC DHCP.

To learn more about Kea and how to migrate from ISC DHCP take a look at its website.

L is for “labels”

As we discussed earlier, domain names are made up of three or more parts. These are called labels. 

A typical fully qualified domain name (FQDN) will look like this:

  • root (the trailing dot at the end)
  • top-level domain or “TLD” (such as .com, .net, etc.)
  • domain (such as menandmice)
  • host (such as www, info, etc.)

Labels can contain 1 to 63 octets. (An octet is a unit consisting of 8 bits. While technically the same as a byte, the latter is usually used to describe storage unit sizes.) Put it simpler, labels can be between 1 and 63 characters. The null label (length zero) is reserved for the root zone and is represented by the label terminating in the trailing dot.

Labels were initially restricted to ASCII, but in 2003 ICANN approved the IDNA (internationalized domain name) system. The IDNA maps Unicode characters to valid DNS characters via Punycode. For example, Þórsmörk.is (lovely place, you should visit!) would become xn--rsmrk-ztay3d.is 

Because domain names can have a maximum of 253 characters, the theoretical limit of a domain is 127 levels. (127 1-character labels + 126 dots separating them.)

Want to learn more?

This series is byte-sized (or, well, octet-sized) — but a lot more can be said and done. To learn more in-depth about DNS specifically, we offer a comprehensive DNS training program. 

You can enroll in different groups depending on your skill level:

  • If you’re new to DNS, we offer the DNS & BIND Fundamentals (DNSB-F) course. It’s part of the DNS & BIND Week (DNSB-W) and serves as a shorter introduction to the world of DNS and BIND.
  • If you’re already familiar with the basics, the full five-day DNS & BIND Week (DNSB-W) course takes you deeper into DNS, including a heavy emphasis on security, stopping just short of DNSSEC (for which we offer a separate course).
  • And if you're looking for even more, we offer the DNS & BIND Advanced (DNSB-A) program, getting into the deep end of things.

Check out our training calendar for 2019, and reach out to us with any questions.



Topics: IPv6, DNS training, Kea, domain name

“The more you know” -- Men & Mice @ VMWorld 2019

Posted by Men & Mice on 8/5/19 3:45 AM

The more you knowNetworks, like businesses, are all about relationships. It's relationships that transform individual strengths into greater cumulative benefits. To build such relationships between locations, platforms, and vendors, businesses need to facilitate communication.

That’s what the Men & Mice Suite does.

The Men & Mice Suite is a software-defined and API-driven management overlay for complex Network IP infrastructures. Version 9.2, released earlier this year, brought advanced workflow and reporting features to streamline operations and eliminate bottlenecks while preserving the signature visibility and ease of use.

Freedom of movement in diverse networks

The Men & Mice Suite’s ability to bulk migrate DNS zones and DHCP scopes, implement role-based authorizations, as well as access to both streamlined management interfaces and comprehensive APIs (REST, SOAP and JSON-RPC) eliminates many of the complexities inherent in today's large-scale networks, while mitigating vulnerabilities stemming from DNS failures such as configuration errors and DDoS attacks.

To protect networks further, the Men & Mice Suite's xDNS Redundancy™ feature provides a level of abstraction to build automation, eliminate human error, and remove conflicting DNS service provider platform complexities (e.g. incompatible APIs), all through centralized views for organizational and structural visibility.

All your networks, managed as one

The cross-platform functionality of the Men & Mice Suite v9.2 for DNS, DHCP and IPAM (DDI) operations targets complex enterprise networks. These typically hybrid and multi-cloud networks make use of either multiple cloud (cloud native) vendors or a combination of on-prem and cloud (hybrid) services.

The Men & Mice Suite is compatible with best-in-class on-premise and cloud services such as Unix/Linux, Windows, and Cisco IOS. It’s able to manage DNS in BIND, Microsoft DNS, Azure DNS, Unbound, Amazon Route 53, Dyn, NS1, PowerDNS, and Akamai Fast DNS; control DHCP in ISC DHCP, ISC Kea, and Microsoft DHCP; as well as IPAM with AWS, Azure, OpenStack, Layer 3, Active Directory and vRealize Orchestrator.

The Men & Mice Suite v9.2 offers an integrated management approach, enhancing visibility across network resources and providing secure monitoring of all network spaces. It can be deployed quickly and non-intrusively, whether on-premise, in the cloud, or across multiple cloud environments to manage millions of IP addresses and DNS records, and provide API connections for  thousands of users for automation and provisioning.

Make complexity an asset

The Men & Mice Suite simplifies complex challenges arising from the adoption of partial - or migration to  full - cloud computing capabilities. Customers can eliminate the dangers of creating overlapping network spaces on different platforms by utilizing consolidated views in the unified management console, and save valuable staff time by automating through the reliable, compatible APIs.

It leverages an organization’s existing infrastructure investment, and facilitates smooth integration with new resources. By streamlining the migration and management of a large number of DNS zones through cloud-native features to monitor changes to DNS made outside of the Men & Mice Suite, it greatly improves synchronization of DNS data from cloud providers. 

Granular access control and system health monitoring helps to mitigate costly network security disruptions while integration with both cloud vendors and on-premise network segments unifies monitoring, managing, migrating and authorizing operations across distributed network environments. Additionally, the Men & Mice Suite v9.2 is available through licensing and subscription payment plans to meet the needs of the diverse organizations using the Men & Mice solution.  

Let us help you: find us at VMWorld

The ROI for integrated DDI solutions such as the Men & Mice Suite is largely comprised of two distinct cost-savers: mitigating downtime and optimizing network management efficiency by cutting OPEX. 

Men & Mice has been helping businesses to synchronize data across their diverse networks, avoid vendor lock-in, migrate between services as needed, modernize, diversify and capitalize on compatibility with cloud-native functionality in cloud services. Customers turn to Men & Mice to align network architecture and operations with business logic and policy for more intelligent, future-ready infrastructure.

Migrate your networks to the future with Men & Mice: visit us at VMWorld in San Francisco between August 25th to 29th at Booth #2033.



Topics: vmworld, network management

How to scale your business with the Men & Mice Partner Program

Posted by Men & Mice on 7/19/19 8:05 AM

Our contingent has been busy at Microsoft Inspire in Las Vegas this week - and unlike most other things, what happens at Inspire in Vegas most absolutely does not stay in Vegas.

Why not? Because Men & Mice's IP infrastructure management product not only integrates well with Azure (case in point: you can download it from the Azure Marketplace, with no frills), but also the Men & Mice Partner Program.

Men & Mice @ Microsoft Inspire

Helga Dögg Björgvinsdóttir and Jessica Poteet, Men & Mice channel partner managers, have just spent the week at Microsoft Inspire in Las Vegas to explore new opportunities for Men & Mice’s expanding channel program.

Helga joins Men & Mice from Microsoft and is leading our co-sell program, while Jessica, who hails from corporate business development with Chevron in Singapore, is focusing on channel partner management.

Together with VP of Partnerships Pétur Pétursson, Helga and Jessica are driving Men & Mice’s growing channel sales program in the US and Europe.

Putting 'partner' into 'Partner Program'

We understand partnerships should be a mutually beneficial investment. It's a relationship that transforms individual strengths into greater market differentiation, and ultimately business gain, for everyone.

In the same way our flagship product, the Men & Mice Suite, complements existing infrastructure and helps our customers capture new opportunities for building and managing a more efficient, productive, and secure network, the Men & Mice Partner Program aims to complement service offerings and open new market segments for our partners.

Offer native integration on all levels

We've visited Microsoft Inspire not only to be inspired (sorry, we just couldn’t resist that one!) by our peers, but also to expand our Partner Program. While we pride ourselves on integrating with many, if not all of the major DNS, and DHCP platforms and services there are, there are few ecosystems with which Men & Mice products form such a deep and extensive symbiosis as Microsoft's.

Microsoft’s software and services are present in just about every organization’s infrastructure, making the business of keeping critical infrastructure up and running consistent, reliable, and familiar for a lot of network managers. Familiarity of technology has its benefits, particularly when it’s possible to extend your network into the cloud within the same Microsoft ecosystem, as is the case with Azure cloud services.

Take your customers' investments in Microsoft one step further

Our Partner Program is enhanced by our experience in providing API-driven DNS, DHCP, and IPAM software solutions to global enterprise, education, and government organizations. We’ve worked with an industry-horizontal array of customers for decades and have gained deep insights into networking best practices as a result. Especially with Microsoft.

The first third-party solution to integrate with Azure DNS, Men & Mice takes its long-term technological focus a step further by simplifying availability of the Men & Mice Suite for Microsoft Azure customers. From Version 9.2, the Men & Mice Suite is available through the Azure Marketplace. Deployment can be done in a matter of minutes instead of hours, with one-click install and easy-to-follow instructions.

As a Co-Sell partner and a recent winner of the Microsoft Partner Award for Infrastructure Innovation, we’ve further expanded our reach with Microsoft beyond technical capabilities, which enables us to  continue making IP infrastructure management easier, better and more productive for customers who want to utilize Azure, or Azure in a hybrid infrastructure environment, on-premise and in one, or multiple clouds. .

Help your customers streamline their networks

Here are a few scenarios where the combination of the Men & Mice Suite and Azure really proved to be beneficial:

  • Mergers and acquisitions. Utilizing the Men & Mice Suite with Azure allows the dynamic scaling or migration from on-prem Microsoft DNS or BIND to Azure DNS. Likewise, unifying a multitude of on-prem and cloud network services and environments through the Men & Mice Suite, eases network transitions and provides near-immediate visibility across platforms.
  • Physical expansions. The Men & Mice Suite can be used to clone already working environments, while taking advantage of Azure’s global availability to reduce local latency and support turnaround.
  • Project fragmentation. Network overlaps and conflicts can be quickly resolved through Men & Mice Suite on top of Azure, providing transparency for all IP addresses, VNETS, and subnets.
  • Network diversification. Network supply chain diversity is critical to add redundancy and prevent against DDoS and other malicious attacks. Using the Men & Mice Suite’s xDNS Redundancy™ feature makes this easier, while the infrastructure is backed by Microsoft’s robust SLAs.

On top of these and other scenarios, the Men & Mice Suite version 9.2 introduced, among many things, tools like the Reporting and Workflow modules to address pain points within enterprise network management.

How to enroll in the Men & Mice Partner program

The Men & Mice Partner Program is executed on two levels:

Authorized Partner: 

  • receives extended support during the Sales process
  • not required to undergo intensive training as Men & Mice provides expert knowledge and resources where appropriate 
  • Men & Mice will liaise with their portfolio of new and existing customers to promote the product

Certified Partner:

  • autonomous agents who take greater responsibility during the processes of Sales, Delivery and Support.
  • committed to a joint business plan that defines engagement of resources on both sides, including the setting of sales targets.
  • Certified Partners’ Sales Teams receive applicable training.
  • Training can be extended to technical staff, as and when required.

Men & Mice also has a special program for Managed Service Providers, who can receive our products with no up-front costs and a pay-as-you-go subscription license. All managed client networks fall under a single subscription license, which offers considerable cost-efficiency.

All our partners receive strong implementation support from the Men & Mice team, ensuring a successful roll-out every step of the way.

Get in touch!

To get started with the Partner Program, reach out to our partner team: partners@menandmice.com 

Topics: Partner Program, Channel Partners, Microsoft Inspire

The ABCs of DNS training from A to Z - Part 3

Posted by Men & Mice on 7/11/19 12:01 PM

dns a-z coverContinuing our glossary of DNS tips & tricks, we’re covering the letters G, H, and I this time.

DNS TRAINING ALERT

Our next  DNS & BIND Week  is set to run in Bangalore, India and other locations from August onwards.  Want to join in? All info on our training page!

G is for “glue records”

Glue records are DNS records (A records) created at the domain registrar, that returns references for the authoritative nameserver of the domain. They’re useful for those wishing to run their own authoritative DNS servers.

Normally, a DNS query

  • first goes to the root (which returns the top-level domain or TLD),
  • then to the TLD (which returns the authoritative nameserver),
  • and finally to the authoritative nameserver (that resolves the domain name).

Problem is, when the authoritative nameserver is part of the domain (like “example.com” having nameservers such as “ns.example.com”) this creates a circular reference. Glue records allow for both resolving the domain name as well as listing the domain’s authoritative nameservers.

To check the validity of your glue records, you need to know the host and its assigned IP address, and use dig. The glue records will show up in the “additional section” part of dig’s output, listing the host names and their IPs.

Speaking of host names…

H is for “hosts”

The hosts file exists on every system that is connected (or capable to be connected) to a network. (On Linux and Mac it can be found in /etc; on Windows, it’s in %SystemRoot%\System32\drivers\etc.) It’s a plain text file whose only function is to provide local name resolution, mapping host names to IP addresses.

Usually, it’s managed automatically by the system, but it can be edited manually, bypassing the network’s own name resolution. For example, you can put

127.0.0.1 www.google.com google.com 

into your hosts file. If you’re running a web server (like nginx or Apache) locally — and it’s configured to answer — you can display any content instead of the actual Google search page.

This can be useful when testing a website or web application, depending on using a specific domain name, locally. You can, for example, clone your website’s file structure to your local system, set up a web server, and test it without having to reconfigure the domain name.


FUN FACT: the hosts file comes from the ARPANET days when networks didn’t have standardized name resolution, and each connected system had its own hosts file. When DNS was developed, and the queries became increasingly complex (and thus carrying more data) one of the suggestions to solve the issue was to distribute hosts files on CDs.


Imagine that, and where the internet would be today if that had happened.( We talked about this (and many, many more things) with Geoff Huston from APNIC on our podcast.)

Speaking of organizations tasked with assigning Internet names and numbers ...

I is for “IANA”

IANA - Internet Assigned Numbers Authority - is responsible for global coordination of some of the key elements that keep the Internet running smoothly, specifically allocating and maintaining unique codes and numbering systems that are used in the technical standards (“protocols”) that drive the Internet.  

It’s a  no-brainer: the Internet has become a mission-critical infrastructure for everything from business to banking to healthcare. Making sure it runs smoothly, and remains secure, apolitical, and free from centralized control, is essential. Yet there is a technical need for some key parts of the Internet to be globally coordinated. This is where organizations like IANA come into the picture.

One of the Internet’s oldest institutions (with functions dating back to the 1970s), IANA’s activities can be grouped broadly in three categories:

  • managing Domain Names, including management of the DNS Root,
  • coordinating global Number Resources, including providing IP and AS numbers to Regional Internet Registries (like APNIC and RIPE), and
  • certain Protocol Assignments, such as managing Internet protocols’ numbering systems in conjunction with standards bodies.

Since we’re talking about numbers, on the 14th of July it will be exactly 20 years since IANA made this historical announcement regarding the delegation of IPv6 address to regional registries, which set in motion the beginning of the worldwide deployment of IPv6. (Perhaps - eventually - IPv6 will prove to be as revolutionary as the storming of the Bastille in France in 1789, also celebrated on the 14th of July? Only time will tell …)

Want to learn more?

This series is byte-sized (see what we did there?) — but a lot more can be said and done. 

As mentioned, we recently talked with Geoff Huston from APNIC on our podcast (about, amongst many things, the hosts file) and we’ll continue bringing you DNS and networking-related content. Make sure you subscribe!

To learn more in-depth about DNS specifically, we offer a comprehensive DNS training program. You can enroll for different courses depending on your skill level:

  • If you’re new to DNS, we offer the DNS & BIND Fundamentals (DNSB-F) course. It’s part of the DNS & BIND Week (DNSB-W) and serves as a shorter introduction to the world of DNS and BIND.
  • If you’re already familiar with the basics, the full five-day DNS & BIND Week (DNSB-W) course takes you deeper into DNS, including a heavy emphasis on security, stopping just short of DNSSEC (for which we offer a separate course).
  • And if you're looking for even more, we offer the DNS & BIND Advanced (DNSB-A) program, getting into the deep end of things.

Check out our training calendar for 2019, and reach out to us with any questions.

Topics: DNS training, hosts file, glue records, IANA

DNS & DHCP spotlight: BIND 9.14 & Kea

Posted by Men & Mice on 7/4/19 11:33 AM

While we were at RIPE 78 in Reykjavik, we got to catch up with Matthijs Mekking, a software engineer at ISC tasked with working on BIND, DNSSEC and other projects. We made a podcast of our chat, but given just how important BIND is to everyday workflows, a blog post touching on some of the topics also seemed warranted.

BIND 9.14

BIND truly is one of the most fundamental pieces of software for anyone working with DNS. (It’s not for no reason that we call our training program DNS & BIND!)

Changing the BIND release scheme

Starting with BIND 9.13, ISC has changed the release schedule for BIND, where odd numbers represent development releases, and even numbers note the stable branch. Users welcomed the opportunity to test the development branch; and since many companies build on BIND's features, these versions offer a chance to strategize. It also allows ISC to gather valuable early feedback and enables them to better focus their resources or course correct where necessary. (Find out which version of BIND 9 suits you best)

What's new in BIND 9.14 

With BIND 9.14, ISC focused on making BIND a modern nameserver again. In addition to bug fixes, this includes responding to privacy and usability requests, including:

  • a lot of modernization and code refactoring
  • 12% performance increase 
  • QNAME minimization (and enabled by default in relaxed mode) for enhancing privacy
  • mirror zones (serving a transferred copy of a zone’s contents without acting as an authority for it)

What's coming in BIND 9.15

In BIND 9.15, ISC will continue to modernize BIND's codebase, in particular refactoring the networking code. This will allow them to streamline implementations such as DNS-over-TLS and DNS-over-HTTPS and make them easier to deploy.

Making DNSSEC in BIND more intuitive is also a priority. This includes making DNSSEC easy for signing purposes as well as providing support for offline and combined signing keys.

These roadmap plans should form a solid base for BIND 9.16, which is scheduled to be the next Extended Support Version (ESV) after BIND 9.11. 

Kea

As mature and robust as ISC DHCP is, it's also old. It was started in 1995, when networks were a lot smaller and network management a lot more straightforward, and perhaps not as integral to the success of business operations as it is today. ISC DHCP code was extended through the years, but that also made it harder to maintain.

Kea DHCP came alive as the natural successor to ISC DHCP, designed for modern mission-critical environments and destined to address these issues. It's a more scalable and better performing DHCP server, with a different architecture and a somewhat different feature set. (Such as new features coming with hooks and a rich API to configure users and subnets, radius integration, and support for several database backends.)

ISC recommends, particularly for new deployments, to use Kea instead of ISC DHCP. This is not only because Kea is better adapted to modern environments, but also because support for ISC DHCP will cease in the long term, most likely any time after 2020.

To learn more about Kea and how to migrate from ISC DHCP, take a look at this webinar from ISC:

Kea's modules vary from open source to paid (freemium and subscription) but the documentation for all modules is freely available for users to look at and evaluate. Beta versions are also freely available.

Where to from here?

As BIND and Kea shows, development in the network infrastructure (DNS, DHCP, IPAM) space is not only ongoing but vibrant. RIPE78 (as with all RIPE AGMs) provided a great opportunity for a glimpse at just how vibrant this sector is.

As a company wholly dedicated to DDI, we're following developments at ISC and other major developers continuously, and share what we learn along the way. For example, both our RIPE 78 blog coverage and our newly launched podcast focus on the details and implications of major changes that are happening or are expected to happen. Follow us here on our blog, on social, and subscribe to the podcast to stay in the know.

Topics: DNS, DHCP, BIND 9, ISC, Kea

Executing on future-ready networks in the wake of CLUS 2019

Posted by Men & Mice on 6/26/19 6:34 AM

Cisco Live 2019 may be behind us, but the people we've met and the things we've learned are anything but.

The best thing about attending events like Cisco Live is the intensity of it all. There’s literally a buzz in everything: from establishing new relationships to trying out new technologies to making unexpected discoveries while exploring this massive event.

The ThinkTank session with Men & Mice's Paul Terrill turned out to be well worth the time of the almost full house in attendance - we trust they got home ‘buzzed’ from learning about new best practices in hybrid and multicloud network environments.

For those who couldn't attend (and those who did, but would  like a reminder or to share the talk with colleagues) here's Paul's talk in full.

 

 

As discussed in detail by Paul, there are common pain points in adapting hybrid and multicloud network strategies, such as 

  • the potential loss of access control assignments,
  • lost time and staff resources during migration processes,
  • and compatibility hurdles between multiple services.

These are challenges today's network professionals encounter often. Professional environments require professional IT. Homegrown solutions are simply no longer acceptable.

To counter these challenges and sidestep the minefield of ad-hoc IT, yet retain control of their infrastructure, experts are increasingly turning to overlay solutions. (Such as the Men & Mice Suite.)

Software overlay solutions can maximize the value of infrastructure investments while positioning for future innovation. Hybrid network strategies can and should take advantage of service-native features in all IP infrastructure solutions, whether on-premise, cloud or multicloud.

If you have any questions about Paul's presentation, or would like to know more about how Men & Mice can solve your networking challenges, just reach out to us: we’re always ready and happy to talk about all things networking.

Topics: Cisco Live, Paul Terrill, CLUS 2019

Why follow Men & Mice?

The Men & Mice blog publishes educational, informational, as well as product-related material for everyone and anyone interested in IP Address Management, DNS, DHCP, IPv6, DNSSEC and more.

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all