The Men & Mice Blog

Men & Mice at VMworld 2018, Las Vegas Part 1: DATA CENTER AND CLOUD

Posted by Greg Fazekas on 7/30/18 6:30 AM

men_mice_dns_vmworld2018

We’re returning to VMworld in Las Vegas, August 26-30 (Booth #2124, come say hi!) — and excited to not only see how our industry is evolving to virtualization and automation, but to also contribute our two cents to the dialog (Or 9.1 cents, as it were).

Since the newly released Men & Mice Suite v9.1 offers highly scalable and efficient APIs that act as an abstraction layer to manage an organization’s whole DNS, DHCP and IP address infrastructure, across multiple vendors and cloud platforms, we’re focusing on two main tracks from the VMWorld agenda: Data Center and Cloud and Networking and Security, the first of which we’ll discuss in this post (the latter will appear in the next post).

DATA CENTER AND CLOUD

VMworld’s focus on integrated IT strategy plays nicely with the Men & Mice Suite v9.1 release (and our larger objectives as well).

Men & Mice has been providing compatibility with VMware’s vRealize Orchestrator and vRealize Automation for years now. As the industry turns toward virtualization and cloud technology to build its next-generation, hyper-converged infrastructure in hybrid cloud environments, running cloud-native applications to cut costs and increase efficiency, so to have we adapted our Men & Mice Suite of DNS, DHCP and IPAM solutions to help organizations manage networks effectively and at scale.

The Men & Mice Suite v9.1 supports Unix/Linux, Windows, and Cisco IOS and stretches into the cloud with functionality across Azure DNS, Amazon Route 53, Dyn, NS1 and Akamai Fast DNS, as well as IPAM in AWS, Azure and OpenStack.  It can be dropped on top of an organization’s existing infrastructure to manage, sync and automate network changes, authorizations and provide comprehensive insight into large-scale networks through one unified dashboard.

The Men & Mice Suite v9.1 supports thousands of concurrent users and API connections, with millions of managed IPs and DNS records, for automation and provisioning.

Virtualized Infrastructure and Applicationsmen & mice_secure_visible_dns

We favor virtualization over physical appliances and platform-specific, custom hardware allocation. Turns out, our customers do too.  We want our customers to be able to make the right choices for their network infrastructure (DDI) needs. Then, we offer our environment- and platform-agnostic Men & Mice Suite to help them manage it.

Virtualized infrastructure is both cost and performance efficient. Men & Mice Suite gives organizations the flexibility and adaptability they need as every area of business operations goes digital, providing the managaibility and visibility needed for high-availability networks to be, well, highly available.

Our new Men & Mice Suite v9.1, an overlay network management solution, offers many advantages for virtualizing and automating, as well as increasing visibility and ease-of-management of an enterprise organization’s network infrastructure, including its new web-based management application, which takes the “daunt” out of day-to-day operations and reporting.

Another way we’re making virtualization easier is through the Men & Mice virtual appliances, the DNS software for which we’ve upgraded to BIND 9.11, supporting various new features as well as DNSTAP. For example, details on DNS queries received and DNS replies sent by the Men & Mice virtual appliances can now be logged for further processing by enabling and utilizing the powerful DNSTAP feature with minimal performance impact on the appliances. They can also function as NTP (Network Time Protocol) servers and be served by the same network infrastructure as DNS and DHCP.

men_mice_hybrid network managementPrivate, Hybrid, and Public Clouds

Every cloud vendor is different. Different platforms and configurations offer different advantages (and drawbacks) for customers. They also offer very different, and often incompatible APIs. Men & Mice Suite v9.1 services complex enterprise hybrid and multi-cloud networks by providing single-pane-of-glass visibility and cross-platform functionality for DNS, DHCP and IPAM (DDI) operations, whose networks use either multiple cloud (cloud native) vendors or a combination of on-prem and cloud (hybrid).

The ability to bulk migrate DNS zones and DHCP scopes, ability to implement role-based authorizations, as well as providing 3 management interfaces (Windows-based management console, web-based management application and REST, SOAP and JSON-RPC APIs), the Men & Mice Suite v9.1 overlay software solution eliminates many of the complexities of today's large-scale networks while mitigating DNS failures such as configuration errors and DDoS attacks.

Further, Men & Mice Suite's xDNS Redundancy provides a level of abstraction that builds automation, provides centralized views, eliminates human error and removes conflicting DNS service provider platform complexities (e.g. incompatible APIs).

The Men & Mice Suite v9.1 also allows organizations to add Active Directory zones to xDNS groups. This, tied with the read-only members of xDNS groups, makes it easy for organizations to bring their internal, on-premises DNS into their virtual private clouds, and vice versa.

Cloud operations monitoring, a topic to which we’re looking greatly forward discussing at VMworld, is transparent and easy in the Men & Mice Suite v9.1. Not only have we integrated true cloud DNS into the Men & Mice Suite, but we also paid attention to the cloud-unique challenges it brings with it.

Can’t make it? No worries!

You can book an appointment to meet our team onsite at VMWorld (Booth #2124).

Or, if you’re missing the event, book a walk-thru any time by clicking the button below.

We’re always happy showcase the benefits of deploying our best-in-class overlay management solution on top of your network.

Book appointment

DNS, DHCP & IPAM Software Trial

Topics: DDI, Men & Mice, DNS, DHCP, API, VMware, Redundant DNS, DNS redundancy, DDoS, networking best practices, IP address management, hybrid cloud, hybrid network, "cloud dns"

Network virtualization with visibility and automation of DNS, DHCP and IPAM

Posted by Greg Fazekas on 7/16/18 8:45 AM

The Men & Mice Suite version 9.1, released last week, introduced several new features and improved functionality for hybrid and multi-cloud networks. One of the additions we developed in our mission to change the way the world sees networks is a cross-platform, easy-to-use web-based management application.

Seamless integration

We intend the web-based management application for the Men & Mice Suite to be the go-to interface for the most common tasks. In the future, it will also serve as the central platform for our innovations across DNS, DHCP and IPAM (DDI). We're highly focused on developing an increasing number of partnerships to make integration across services and vendors even more seamless.

Day-to-day DDI operations made simple


With three major sections — DNS, Networks, and Reporting — the Men & Mice web-based management application is organized around operational efficiency.

Where the existing Windows-based management console of the Men & Mice Suite gives you the full range of configuration and management options for your networks, the web-based management application focuses on day-to-day tasks, such as finding and working with DNS zones or records, IP address ranges, DHCP scopes and IP addresses. You may want to use the full Men & Mice Suite application for the yearly inspection or the large restructuring of your networks, but can quickly get things done from anywhere, on any device, with the web application.

Quick Commands: lightning-fast, best-in-class user experience

men_and_mice_quick_command

Another way the web-based management application helps to efficiently manage networks is through its Quick Commands feature.

If you ever used the Spotlight functionality in MacOS or the universal search bar in other platforms or services, you know how a deceptively simple function can save incredible amounts of time. The Quick Command feature interacts with a single click or key combination (ctrl+space) and uses auto-complete to arrive at the needed information or function in just a few keystrokes. 

We’ll continue to focus on and add functionality to Quick Commands in future releases. As it gets smarter, so to will your network management get easier.

Visit the Men & Mice Suite web-based management console guide for more information on its capabilities and full functionality.

Virtualization and automation 

In addition to our virtual DNS/DHCP appliances and Virtual DNS Caching appliances, in a larger context of network management, the v9.1 release of the Men & Mice Suite continues to forge its path towards greater network virtualization and automation. The Men & Mice Suite restores and significantly improves the unified network visibility usually forfeited in the process of virtualization, intuitively pulling data from critical network components and consolidating it in an easy-to-use UI with extensive centralized control and functionality.

The Men & Mice Suite offers unrivalled integration with Microsoft Active Directory Sites and Subnets, combined with real-time synchronization across diverse server environments and distributed virtual and physical locations.

The comprehensive built-in tracking and logging tools ensure the systematic keeping of records. It's important to know who made what change, when, where, and why. Transparency takes the sting out of the fast and dynamic change procedures that are the hallmarks of virtualized environments.

Access management is granular and fully integrated with Active Directory. Role-based access provides strong, centralized control and delegation. Different IT teams experience painless cooperation and efficiency, respecting the often hazy task boundaries created by the transformation from physical machines to virtual instances.

The Men & Mice roadshow continues!

men&mice_vmworld_Booth #2124

What we do at Men & Mice is help companies with large, complex network infrastructure automate and virtualize their networks. We also believe in the value of other forms of networking-- meeting customers and future customers in person.

We’ll be exhibiting at VMworld in Las Vegas August 26-30, to showcase the Men & Mice Suite at booth# 2124.  We'll report in on our social media and on this blog — hope to see you either there!

Topics: DDI, Men & Mice, DNS, DHCP, VMware, External DNS, IP address management, hybrid cloud, hybrid network, vmworld

Men & Mice Suite 9.1: cloud-ready network management for DNS, DHCP and IPAM

Posted by Men & Mice on 7/11/18 7:47 AM

Changing the way the world sees LI

Our commitment to efficient network management has a new number! The Men & Mice Suite 9.1 is a feature release with a host of cloud-ready enhancements plus the usual suspects (bug fixes and improvements).  

Network Management just got easier

Transparency, responsiveness, and ease-of-use are all core principles of Men & Mice for keeping networks healthy and safe from DDoS attacks and other DNS network failures.

The 9.1 release continues our mission to simplify network management without sacrificing features. Included in Men & Mice Suite v9.1:

  • A new web-based Men & Mice Suite management application
  • Optimized and enhanced cloud support
  • Improved xDNS Redundancy read-only zones for hybrid and multi-cloud networks
  • DNS software on appliances upgraded to BIND 9.11 with DNSTAP support
  • NTP functionality for virtual appliances
  • Various improvements and bug fixes

5 Things You’ll Love About Men & Mice Suite v9.1

Men & Mice Suite v9.1 focuses on features and refinements gleaned from customer feedback and engagement as well as refinements of previously introduced functionality. Here's what you will find in the new release: 

Web-based management application

The new web-based management application serves as an alternative to the Men & Mice Suite Windows-based management console. It’s designed to make performing day-to-day tasks, management functions and generating reports related to DNS and DHCP operations easier. The application features three sections: DNS, Networks and Reporting.

  • The DNS section makes all your DNS zones accessible from a single place.
  • The Networks section gives you instant access and overview of your networks.
  • Reporting lets you quickly find and run existing reports.

men_and_mice_quick_command-1

Its Quick Command functionality cuts down time on common tasks such as finding and working with DNS zones or records, IP address ranges, DHCP scopes and IP addresses.

Read-only zones in xDNS Redundancy groups

xDNS Redundancy, which can be used to synchronize DNS zones hosted with multiple cloud providers, now includes support for Active Directory-hosted zones. Zones in a redundancy group can be assigned to read-only mode, so that changes made to a DNS zone outside of the Men & Mice Suite will not be replicated to all other zone instances.

Optimized and enhanced Cloud support


Version 9.1 streamlines the migration and management of a large number of DNS zones with Azure DNS and Amazon Route 53 by utilizing cloud-native features to monitor changes to DNS made outside of the Men & Mice Suite, greatly improving synchronization of DNS data from the cloud providers.

Men & Mice virtual appliances upgraded to BIND 9.11 with 

DNSTAP support

DNS software on Men & Mice virtual appliances has been upgraded to BIND 9.11, which supports various new features as well as DNSTAP. Details on DNS queries received and DNS replies sent by the Men & Mice virtual appliances can now be logged for further processing by enabling and utilizing the powerful DNSTAP feature with minimal performance impact on the appliances.

NTP functionality for virtual appliances

The virtual appliances can also now function as NTP (Network Time Protocol) servers and be served by the same network infrastructure as DNS and DHCP.  Currently this functionality is manual and can be implemented per request with our support team. 

Nearly 30 years of DNS experience in one solution

The Men & Mice Suite v9.1 represents our commitment to enabling customers to adapt their infrastructure to be more software-enabled, cloud-ready and redundant, with increased visibility, control, security and automation.” --Magnús Björnsson, CEO of Men & Mice.

Complex enterprise network infrastructure can — and should — have the same elegant simplicity and responsiveness as IT professionals expect from customer-grade solutions. In the new release, Men & Mice has combined its nearly 30 years of expertise in developing DNS, DHCP and IPAM solutions with modern UX best practices to deliver a compelling, enjoyable management interface on top of a best-in-class, robust software-based DDI product.  

 If you want to try Men & Mice Suite v9.1 for free just click the button below. 

DNS, DHCP & IPAM Software Trial

Not ready? Read more about the Men & Mice Suite, or get an online demo.

DNS, DHCP and IPAM Demo

Topics: IPAM, DNS, DHCP, Redundant DNS, DDoS, IP address management, hybrid cloud, hybrid network, "cloud dns"

Version 8.3 – Faster, Leaner, Fitter DHCP

Posted by Johanna E. Van Schalkwyk on 1/11/18 11:16 AM

Doing DHCP

The beauty of DHCP is the speed at which it functions. Basically, DHCP (Dynamic Host Configuration Protocol) does what administrators can do manually, but DHCP just does it automatically, more efficiently, and in a fraction of the time.

Size can trump speed

Yet the bigger a network gets, the more DHCP servers and scopes are needed to dynamically assign, or lease, IP addresses and related IP information to network clients. The number of servers and scopes and the way the load is distributed and processed affect the speed at which networks can keep DHCP data fresh and IP leases available for use. On large networks, how efficiently DHCP lease data is documented, processed and synchronized becomes just as important as the initial matchmaking between DHCP clients and servers.

The relationship between DHCP client and server

DHCP does the hard work of handling communication between servers on a network, and client computers trying to access that network. If the series of messages between a DHCP server and a client computer would be illustrated as a conversation, it would probably look something like this.

DHCP conversation.png

Mind you, at any given moment on a large network, hundreds, or even thousands, such conversations can be occurring simultaneously. On top of that, the client computer sends its DHCPDISCOVER broadcast packet to all available servers, and all available servers can respond with a DHCPOFFER. The client is not programmed to be picky and always accepts the first offer it receives. Once they detect that their offers were not accepted, the other DHCP servers will withdraw their offers. In short, there’s a whole lot of to-and-fro action behind the scenes that is invisible to network administrators and users, but still finds its way into DHCP servers’ lease history. 

To complicate matters – or simplify it – these DHCP client-server relationships, or leases, are mostly temporary arrangements. Both parties know it will end. The server will revoke the lease once it’s expired. The client, on the other hand, can attempt to keep the lease by renewing it, or start looking for another IP address lease if the one they had had expired.

Apart from doing matchmaking between clients and servers, DHCP also ensures that each network client has a unique IP address and appropriate subnet masks. If two clients were to try and use the same IP address, neither of them would be able to communicate on the network.

These rotating relationships make the way DHCP lease data is documented, processed and synchronized so much more critical. If this is not done fast and efficiently, the whole process of dynamically assigning IP addresses can become slowed down, leaving DHCP clients, servers and ultimately network users, frustrated and ineffective.

Making DHCP management faster, leaner and fitter

Once networks run to hundreds, or thousands of DHCP scopes and servers, one needs to re-assess the way DHCP data is processed, and develop ways to improve speed and efficiency. This is exactly what Men & Mice developers set out to achieve in Version 8.3 of the Men & Mice Suite.

DHCP optimizations in Version 8.3 include:

  • Reduced network traffic, especially between the Central server and a DHCP server controller 
  • Improved database performance when processing data from a DHCP server
  • Reduced load on a DHCP server while it is being synced

Optimizing processes in these areas has resulted in lightening the often heavy load on DHCP servers, making DHCP server management considerably faster and more efficient – and more pleasurable for the people in charge of keeping it all going, all the time.

To dig into the more technical aspects of these enhancements and get the lowdown on what this boost in DHCP performance and scalability could mean for you or your network, get in touch with one of our sales engineers to walk you through the details.

 

Topics: Men & Mice Suite, IPAM, DHCP, CLOUD, Akamai, Performance

Men & Mice DDI Beehive at Cisco Live!

Posted by Men & Mice on 2/24/16 12:20 PM

The Men & Mice booth at Cisco Live! in Berlin last week caused quite a stir. Striking visual graphics, great company, fabulous give-aways (trip to Iceland, anyone?) and a steady stream of visitors eager to make use of our live demo environment, turned the booth into a proverbial beehive of activity for the three days of the show. 

CLBerlin2016.jpg

 The lucky winners of the three trips to Iceland are;

Mohamed Abdallah from Connect – PS,  Alexandra Perovic from SAGA D.O.O and Mike van der Vijver from Mind Meetings.

CLBerlin2016winner.jpg

 Mr. Petur Petursson from Men & Mice handing over the ticket for a trip to Iceland to Mr. Abdallah

Congratulations on your win! Unusual, unexpected, unsurpassed: Iceland defeats expectations every time. Be sure to stop by during your visit!

Carsten Strotman’s talk on the new KEA DHCP server at the WoS Theater stage was a great success. For those who want to have a taste of the KEA DHCP server, Carsten will host an online webinar " KEA DHCP - the new open source DHCP server from ISC" on March 22nd, you can sign up here.

A great THANK YOU to everyone who stopped by to make the Men & Mice booth truly alive at Cisco Live! We thoroughly enjoyed all the great company.

If you didn’t get a chance to stop and chat in Berlin, we’ll be at the CloudExpo in New York  from June 7th to 9th.  If you’d like to meet us before then, just send us a line at info@menandmice.com and we’ll be sure to come your way in a virtual jiffy!

The Men & Mice Team

Drawing inspiration from our geographic location midway between the USA and Europe, the Men & Mice Team possesses a unique perspective on the challenges of DNS, DHCP and IP address management faced by medium to large global enterprises today. Our dedication to pioneering simple solutions to complex problems is best observed in our flagship DDI product, the Men & Mice Suite.

Topics: Men & Mice, DHCP

Men & Mice Suite Version 6.8 Released

Posted by Men & Mice on 4/28/15 7:49 AM

Reykjavik, Iceland, April 28th 2015 - Men & Mice announces the release of version 6.8 of the Men & Mice Suite.

The Men & Mice Suite is the ideal tool for network managers who desire minimal daily management, featuring planning, reporting, and auditing of growing dynamic IP networks, with the added benefit of delivering improved network security as well. The Men & Mice Suite version 6.8 can be deployed as a software solution on top of existing DNS/DHCP servers or as hardened DNS/DHCP virtual appliances.

Subnet Discovery and Ease of Use

Version 6.8 introduces several new features designed to streamline both initial deployment of the Men & Mice Suite, and day-to-day management of enterprise networks by way of automatic discovery and intuitive user interface improvements.

The new Subnet Discovery feature allows the Men & Mice Suite to directly query network routers for subnet information, making it far easier to add new subnets, and reducing administration time by eliminating the need for tedious manual input of new subnets. Meanwhile, the First Use Wizard allows new users to rapidly gain complete control over their networks by automating DNS/DHCP server and Active Directory Subnet discovery, and intelligently guiding administrators through the initial setup process.

Enhanced System Support

The Unbound Caching DNS Server now enjoys the same management utility as the Men & Mice Virtual Caching Appliance in the Men & Mice Suite, and can be simply added to the Men & Mice Suite Management Console like any other supported DNS server. With version 6.8 the Men & Mice Suite now also features native support for 64-bit Linux systems, and support for systemd integration on Linux installers.

Other Improvements

Version 6.8 also improves other aspects of the suite, featuring enhanced Windows DNSSEC support, improved failover handling on Microsoft DHCP servers, and a number of performance improvements to both the Men & Mice Suite and the Men & Mice Virtual Appliance products.

For a complete list of new features and enhancements:
Release notes on version 6.8.

 

Men & Mice Suite version 6.8 Free Trial

 

Topics: Men & Mice Suite, DDI, DNSSEC, IPAM, DHCP, Windows, Unbound

An Introduction to the Men & Mice Web Service: JSON-RPC

Posted by Men & Mice on 2/23/15 10:48 AM

The Men & Mice Suite is a comprehensive DDI solution that allows you to manage your DNS, DHCP and IP Addresses in a simplified, flexible manner. In order to maximize this flexibility the Men & Mice Suite provides a rich set of commands accessible through its web service interface. These commands are used internally for almost all requests between the user interface and the Central service, so if something can be done in the user interface it can also be done through the web service interface.

Initially the web service interface provided a SOAP API and a WSDL service. Starting with version 6.6, the Men & Mice Web Service also provides a JSON-RPC service that complies with the JSON-RPC 2.0 specifications. The main reason for this decision to provide JSON-RPC along with SOAP is that JSON is well supported in popular programming languages such as JavaScript and Python, and working with JSON-like data instead of XML is much easier and less error prone, not to mention that JSON packets are smaller than XML packets and more human readable.

If you are interested in the SOAP service there is an excellent introduction to it on our blog (see: Introduction to the Men & Mice Web Service API).

JSON-RPC

The JSON-RPC service supports all the same commands as the SOAP API. You can find a complete list of the SOAP commands available here. The same code is used internally in the Men & Mice Suite so when a new SOAP command is added, it will be readily available as a JSON-RPC method. As with SOAP, our main focus is to provide JSON-RPC over HTTP/HTTPS.

No special magic is needed to send a JSON-RPC request. When our web service receives a packet it will determine from the content of the packet whether this is a SOAP or a JSON-RPC request. You can even mix those two and the web service will simply respond with a JSON if this was a JSON-RPC request or an XML if this was a SOAP request. The general format of a Men & Mice Web Service JSON-RPC request and a response is as follows:

--> {"jsonrpc": "2.0", "method": "theMethodName", "params": theParams, "id": 1}
<-- {"jsonrpc": "2.0", "result": theResult, "id": 1} 

The jsonrpc member should always be "2.0". The method member should contain a string with the name of the method to be executed. The params member contains data that should be passed to the method. The member id is optional, but if it exists the response will contain the same ID as provided in the request. If successful the response will include a member result that will contain the result from the RPC method that was executed. If an error occurs the response will not include a result but instead another member named error that will include information about what happened.

An example:

--> {"jsonrpc": "2.0", "method": "Login", "params": {"password": "secretPassword", "loginName": "administrator", "server": "10.5.0.6"}, "id": 1}
<-- {"jsonrpc": "2.0", "result": {"session":"J95A5uh9obM6KjCtbtHZ"}, "id": 1}
    
<-- {"jsonrpc": "2.0", "method": "GetDNSServers", "params": {"session": "J95A5uh9obM6KjCtbtHZ"}, "id": 2}
--> {"jsonrpc": "2.0", "result": {"dnsServers":[{"ref":"{#2-#10}","name":"caching1.demo.","resolvedAddress":"10.5.0.27","port":1337,"type":"Unbound","state":"OK","customProperties":[],"subtype":"Unbound"},{"ref":"{#2-#11}","name":"caching2.demo.","resolvedAddress":"10.5.0.30","port":1337,"type":"Unbound","state":"OK","customProperties":[],"subtype":"Unbound"}],"totalResults":2}, "id": 2} 

JSON-RPC and Python

Python is powerful as a scripting language. The standard libraries are pretty comprehensive and if you need something more specific then there are plenty of additional libraries that can be found. One of the strengths of Python is its dynamic type system and "duck typing" that allows for the creation of complex objects without writing too much code.

We have created a small, light-weight Python module that uses the request library to simplify session handling and data conversion from Python dictionaries to JSON requests. The class overloads the __getattr__ method, so that all unknown functions are assumed to be RPC requests and all the arguments passed are assumed to be a RPC data.

You can find the latest version of the Python module here. To install it, extract the downloaded file, go into the subdirectory and run:

$ python setup.py install

Before we can use any of the commands we need to create a JSONClient object and log in to our Central Service. Let's start Python and type in the following commands.

$ python
>>> import mmJSONClient
>>> client = mmJSONClient.JSONClient()

The Basics

The Login method accepts the following arguments: proxy, server, username and password. Proxy is the name or IP address of a server running the Men & Mice Web Service. If you do not provide the proxy argument, then the Login method assumes the web service is running on the same machine as the Central Service. The server argument should contain the name or address of the machine that is running the Men & Mice Central Service. The username argument is the name of the user that we want to log in as and password is his password. Note that in order for this user to be able to use the web service he has to have permissions to use the web user interface. For optimal security, it is best to create a new dedicated user account that only has access to the objects the script needs to function.

Now let's log in to the server. In this example I'm logging in to a server named 'central.demo' with the user name 'a_user' and the password 'secret'. Since the web service is also running on 'central.demo' I don't need to provide the proxy argument.

>>> client.Login(server='central.demo', username='a_user', password='secret') 

As I mentioned earlier, we can use all the commands that are available for the SOAP API, and there are a lot (around 200 at last count). A list can be found here, along with descriptions of what arguments they need and what data they return.

Let's start with something simple, like the GetDNSServers method. As the name implies, the method will return all the DNS servers available to the user. Note that it might not return all the DNS servers available, but instead only those the user has permission to see. If you look at the description of GetDNSServers, you will see the only argument required is the session ID; everything else is optional. The session ID is a random string that the web service returned from the Login method. If you have successfully executed the Login method, you can see what your temporary session ID is by doing:

>>> print(client.sessionid)
VFr79UQMhFfOq4Q8l0Qi 

Or if you are using Python 2.7, use print without parentheses:

>>> print client.sessionid
VFr79UQMhFfOq4Q8l0Qi 

The rest of this article assumes use of Python 3.x. When using earlier versions of Python the syntax may have to be adjusted accordingly.

Fortunately when using the JSONClient class you don't have to worry about the session ID, as the class handles that automatically so if you want to list all the DNS servers available, you can simply type:

>>> print(client.GetDNSServers())
{u'totalResults': 2, u'dnsServers': [{u'name': u'caching1.demo.', u'resolvedAddress': u'10.5.0.27', u'ref': u'{#2-#10}', u'subtype': u'Unbound', u'state': u'OK', u'customProperties': [], u'type': u'Unbound', u'port': 1337}, {u'name': u'caching2.demo.', u'resolvedAddress': u'10.5.0.30', u'ref': u'{#2-#11}', u'subtype': u'Unbound', u'state': u'OK', u'customProperties': [], u'type': u'Unbound', u'port': 1337}]} 

The result from GetDNSServers is a Python dictionary that contains two members: totalResults and dnsServers. As stated in the SOAP API documentation, the totalResults member contains the number of DNS Servers we have access to, and the member dnsServers contains an array of DNS servers. To refer to a member in a Python dictionary we can use brackets - for example, the following can be used to print out the total number of DNS servers:

>>> print(client.GetDNSServers()['totalResults'])
2 

Providing arguments to a method is simple. GetDNSServers has a number of optional arguments, for example the filter argument. Filter is powerful argument that is provided with many of the Men & Mice SOAP API commands. It allows you to limit the result to only the items that you want to see. You can use wildcards and regular expressions with a filter. For more information, look at the description of filtering in the SOAP API. Let's say that we wanted to get all the servers that contain the number 2 in their name. We can simply do:

>>> print(client.GetDNSServers(filter='name:2'))
{u'totalResults': 1, u'dnsServers': [{u'name': u'caching2.demo.', u'resolvedAddress': u'10.5.0.30', u'ref': u'{#2-#11}', u'subtype': u'Unbound', u'state': u'OK', u'customProperties': [], u'type': u'Unbound', u'port': 1337}]} 

Or let's say we wanted to print out all A records from the zone 'applepie.ak.is' that start with the name 'apple':

>>> print( '\n'.join(['{}\t{}\t{}'.format(r['name'],r['type'],r['data']) for r in client.GetDNSRecords(dnsZoneRef= 'applepie.ak.is.', filter='type:^A$ name:^apple')['dnsRecords']]) )
apple1 A 10.50.0.1
apple2 A 10.50.0.2
apple3 A 10.50.0.3 

In the example below we have created a Python script that logs on to a server, prints out all of its zones and then the first 10 records of a single zone. It assumes that we are running Men & Mice Web Service and Men & Mice Central on a server named 'central.demo'. It also assumes there is a zone named 'applepie.ak.is' on one of the servers:

import mmJSONClient
 
client = mmJSONClient.JSONClient()
client.Login(server='central.demo.', username='a_user', password='secret')
 
result= client.GetDNSZones()
print('\nTotal number of zones: ' + str(result['totalResults']))
for zone in result['dnsZones']:
    print(zone['name'])
 
myZone = myZone= 'applepie.ak.is.'
result = client.GetDNSRecords(dnsZoneRef= myZone, limit= 10)
print('\nRecords in ' + myZone)
for record in result['dnsRecords']:
    print(record['name'] + "\t" + record['ttl'] + "\t" + record['type'] + "\t" + record['data'])

Manipulating DNS Zones

Now let's do something a little bit more complicated. Let's create a zone and add some records to it. If we look at the list of SOAP API commands we can find AddDNSZone. AddDNSZone requires at least two arguments: a session argument we don't have to worry about since JSONClient will handle that for us, and a dnsZone argument which should be of type DNSZone. The DNSZone type requires at least two members (or arguments): name and type. The name argument is a string, and the type argument is an enumeration which can be Master, Slave, Hint, Stub or Forward. If the call is successful AddDNSZone will return a reference to the newly created zone.

We also have to specify where we want to create the zone. Notice that we don't have any possible DNS server reference when creating a zone. The reason is that each DNS server can have one or more views that in turn can contain a number of zones. In most cases DNS servers will only have one view, called the default view or the empty view (''). When referring to any object in the Men & Mice Suite, you can either use its globally unique identifier (GUID), that was returned from the Central Server or you can pass on a string that will uniquely identify the object, in this case using its name (for a more detailed description on how this works, see Referencing Objects in the SOAP API). To reference a default view on a server you can simply use its fully qualified name and add a double column at the end.

As an example, let's say we want to send a reference to the default view as an argument on the DNS server dnsserver1.demo. Here we can simply pass the string 'dnsserver1.demo.:' as a DNS view reference.

>>> zoneRef= client.AddDNSZone(dnsZone={'dnsViewRef':'dnsserver1.demo.:', 'name':'test1.com', 'type':'Master'} , saveComment='A zone created using Python')
>>> print(zoneRef)
{u'ref': u'{#4-#2054}'} 

Note that we also added a save comment when creating the zone as it is sensible to always add a comment when you are making changes to the system. Also notice the return value from AddDNSZone. As before it is a Python dictionary, this time with only the one member, 'ref', that contains a reference to the newly created zone. Now let's create few records:

>>> for i in range(100,105):
...     client.AddDNSRecord(dnsRecord={'dnsZoneRef':zoneRef['ref'], 'name':'test{0}'.format(i), 'ttl':'', 'type':'A', 'data':'10.50.0.{0}'.format(i), 'enabled':1})
... 

In this example, since I'm creating multiple records, I might instead use the SOAP command AddDNSRecords. AddDNSRecords will accept multiple records and update the zone just once instead of multiple times:

>>> client.AddDNSRecords(dnsRecords= [{'dnsZoneRef':zoneRef['ref'],  'name':'test{0}'.format(i), 'ttl':'', 'type':'A', 'data':'10.50.0.{0}'.format(i), 'enabled':1} for i in range(100,105)])
{'errors': [], 'objRefs': ['{#13-#9009}', '{#13-#9010}', '{#13-#9011}', '{#13-#9012}', '{#13-#9013}']}

As a final example, let's create a script that will check if all the PTR records for a DNS server are in order. The script will read through all the forward and reverse zones and report if there are any PTR records missing or if there are any orphaned PTR records:

import mmJSONClient
 
def qualifyName(recName, domainName):
    if len(recName) == 0:
        return domainName
    elif recName[len(recName) - 1] == '.':
        return recName + domainName
    return recName + '.' + domainName
 
mmServer    = 'central.demo.'
mmUser      = 'a_user'
mmPassword  = 'secret'
dnsServer   = 'b-centos6-32.demo.'
 
try:
    print('Checking reverse zone on server [{}] ...'.format(dnsServer))
    client = mmJSONClient.JSONClient()
    client.Login(server= mmServer, username= mmUser, password= mmPassword)
    viewRef = client.GetDNSView(dnsViewRef= dnsServer + ':')
    # Get all forward and reverse zones
    zoneList = client.GetDNSZones(filter= 'dnsViewRef:' + viewRef['dnsView']['ref'])['dnsZones']
    forwardZoneList = [z for z in zoneList if (not z['name'].endswith('in-addr.arpa.') and not z['name'].endswith('ip6.arpa.'))]
    revZoneList = [z for z in zoneList if z['name'].endswith('in-addr.arpa.')]
    print('Found {} forward-zone(s) and {} reverse-zone(s)'.format(len(forwardZoneList), len(revZoneList)))
  
    # Collect all PTR records as a map of ip -> [record, zone, data] 
    # and give the user a warning if there are duplicates
    ptrRecordsMap = {}
    for z in revZoneList:
        print('Scanning reverse-zone [{}]'.format(z['name']))
        try:
            records = client.GetDNSRecords(dnsZoneRef= z['ref'], filter= 'type:^PTR$')['dnsRecords']
        except Exception as e:
            print(e)
        for r in records:
            domain = qualifyName(r['name'], z['name'])
            label = domain.split('.', 4)
            ip = '{}.{}.{}.{}'.format(label[3], label[2], label[1], label[0])
            if ip in ptrRecordsMap:
                print(  ('Warning: Ignoring reverse record [{} in {} {}] for the IP address [{}]:\n'
                        + '\talready found [{} in {} {}]').format(
                              r['name'], z['name'], r['data'], ip
                            , ptrRecordsMap[ip][0], ptrRecordsMap[ip][1], ptrRecordsMap[ip][2]))
            else:
                ptrRecordsMap[ip] = [r['name'], z['name'], r['data']]
 
    # Collect all A records as a map of ip -> [record, zone] 
    # and give the user a warning if there are duplicates
    aRecordsMap = {}
    aMatchedRecordsMap = {} # contains all record that found a match
    for z in forwardZoneList:
        print('Scanning forward-zone [{}]'.format(z['name']))
        records= []
        try:
            records = client.GetDNSRecords(dnsZoneRef= z['ref'], filter= 'type:^A$')['dnsRecords']
        except Exception as e:
            print(e)
        for r in records:
            ip = r['data']
            if ip in aRecordsMap:
                print(  ('Warning: Ignoring the A record [{} in {} {}]:\n'
                        + '\talready found [{} in {} {}]').format(
                            r['name'], z['name'], r['data']
                            , aRecordsMap[ip][0], aRecordsMap[ip][1], ip))
            elif ip in ptrRecordsMap:
                # We already have this as a PTR record but do the data match?
                if qualifyName(r['name'], z['name']) != ptrRecordsMap[ip][2]:
                    print(  ('Warning: Record [{} in {} {}] has an incorrect reverse reference:\n'
                            + '\talready found a PTR record [{} in {} {}]').format(
                                r['name'], z['name'], r['data']
                                , ptrRecordsMap[ip][0], ptrRecordsMap[ip][1], ptrRecordsMap[ip][2]))
                aMatchedRecordsMap[ip] = [r['name'], z['name']]
                del ptrRecordsMap[ip]
            else:
                # the ip wasn't found in the reverse list but it might already been matched
                if ip in aMatchedRecordsMap:
                    print(  ('Warning: Ignoring the A record [{} in {} {}]:\n'
                            + '\talready found [{} in {} {}]').format(
                                r['name'], z['name'], r['data']
                                , aMatchedRecordsMap[ip][0], aMatchedRecordsMap[ip][1], ip))
                else:
                    aRecordsMap[ip] = [r['name'], z['name']]
 
    print ('\nFound {} missing PTR-Record(s)...'.format(len(aRecordsMap)))
    for ip in aRecordsMap:
        print ('{} in {} {}'.format(aRecordsMap[ip][0], aRecordsMap[ip][1], ip))
    print ('\nFound {} orphan PTR-Record(s)...'.format(len(ptrRecordsMap)))
    for ip in ptrRecordsMap:
        print ('{} in {} {}'.format(ptrRecordsMap[ip][0], ptrRecordsMap[ip][1], ptrRecordsMap[ip][2]))
except Exception as e:
    print(e)

Summary

The primary focus of the Men & Mice development team has always been to simplify the complex task of administering a DDI environment while still being flexible, as different environments can have very different needs. To achieve this flexibility the Men & Mice Suite provides rich set of commands accessible through a web service interface.

As of version 6.6 both SOAP/WSDL and JSON-RPC services are supported. Both of these services have their advantages but JSON-RPC is more light-weight than SOAP/WSDL and a better fit for many programming languages.

Topics: Men & Mice Suite, DDI, DNS, DHCP, DNS Zone, Web Services, JSON, SCRIPTING

Hybrid Cloud DNS with the Men & Mice Suite

Posted by Men & Mice on 2/2/15 9:55 AM

Since its humble origins as QuickDNS for the Apple Macintosh, the Men & Mice Suite has evolved into a comprehensive management solution for existing heterogeneous DNS/DHCP environments, with a powerful IPAM module that allows for seamless AD Sites & Subnets management in Windows Active Directory environments. Since 2011 Men & Mice have also offered the Men & Mice Appliance for customers that desire integrated DNS/DHCP or caching appliance solutions.

Introducing the Generic DNS Server Controller

In 2014 Men & Mice introduced the Generic DNS Server Controller, an extension of the existing Men & Mice DNS Server Controller that allows the Men & Mice Suite to integrate with any DNS server product that features an API to access and update DNS data.

The result is a flexible DNS solution that can deploy and centrally manage a wide variety of DNS products within a single hybrid environment, all without having to replace existing DNS infrastructure.

Better living through scripting

With the Generic Controller, communication between the DNS Server Controller and the DNS server itself is not hard coded; instead, a scripting interface is called instead of directly accessing the server whenever changes are made through the Men & Mice Management Console (or any other Men & Mice client interfaces).

Men & Mice currently provides two scripts (written in python) to interface with a cloud based DNS service (Amazons Route53) and PowerDNS (with a MySQL back-end, which is widely used as authoritative DNS in the ISP market). These scripts can be further tweaked and configured to interface with any number of different DNS servers without changes to the core infrastructure.

Looking forward

What does this mean for Men & Mice's customers?

Put simply, it can significantly lower infrastructure costs when moving into the future; should you plan to migrate your data into a cloud based DNS service or even switch over to some other DNS product types like PowerDNS you can still use the Men & Mice Suite to manage the DNS/DHCP and IPAM with all the advantages it brings, such as audit trails, automation, and delegation.

Hybrid Cloud DNS with the Men & Mice Suite
  • An administrator requests a change on the DNS server via the Men & Mice Management Console, which connects to the Men & Mice Central server.
  • Men & Mice Central connects to the DNS Server Controller and relays the change request.
  • The DNS Server Controller deploys the change and reports success or error back to Central.
  • Central reports back to the administrator.

Topics: Men & Mice Suite, IPAM, DNS, DHCP, CLOUD

An Introduction to the Men & Mice Web Service: SOAP API

Posted by Men & Mice on 8/29/14 9:51 AM

The Men & Mice Suite provides a large number of powerful features to manage DNS, DHCP and IP infrastructures of all sizes. All of these features are accessible through the Men & Mice GUI client or the web interface that come with the Suite.

An alternative to using the graphical tools, is to use the Men & Mice web service API to automate repetitive tasks. The web service has even been used to build new custom applications on top of the Men & Mice Suite. In this article, I will start by giving a brief overview of the API, followed by a short example to demonstrate how the service can be used.

Overview

The Men & Mice web service API first came out in 2008, and has been in constant development ever since. It uses the Simple Object Access protocol (SOAP) and has a Web Service Description Language (WSDL) definition that describes all operations that can be done. All new features in the Suite are implemented for the web service, so everything that can be done using the GUI tools can also be done through the API. The latest official API documentation can be found here. You can also see what operations are supported by your current release by connecting to the Men & Mice Central server that comes with the Suite (see the official API documentation for further details).

Examples of what users are doing with the Men & Mice web service include:
  • Search for DNS records in all zones that match a particular name.
  • Change the time to live (TTL) for all DNS records containing a certain pattern.
  • Construct a report for DHCP scope options and address pools, and e-mail to responsible personnel.
  • Automatically create DHCP reservations when deploying virtual machines.
  • Create DNS zones in bulk according to a template.
  • Manage a list of blacklisted DNS zones.
  • Run periodically a cleanup of IP addresses that haven't been seen on the network for some fixed time period.
  • Find the next free IP address, and create records and/or reservations through own web portals.

Numerous SOAP clients exist for different programming languages. For this article, we will be using the python programming language and the suds SOAP framework.

The first thing to do, when using the web service is to download the WSDL file from the Men & Mice Central server, that defines what SOAP commands are available for your release. The next step is to log into the system using the Login command to retrieve a session token that will be used to authenticate all subsequent calls to the service. Since the session token has to be used for all requests to the service, it becomes very repetitive to manually include it in all calls. We will, therefore, use a wrapper client, available from the Men & Mice website that will automatically append the token to all subsequent calls, once we have logged onto the system. Suds also requires a slight modification of the SOAP envelope in order to work with the Men & Mice web service, which will be handled by the client.

import suds
from soapCLI import mmSoap
 
try:
    cli = mmSoap(proxy="proxy.example.com",server="central.example.com",
             username="administrator", password="secret")
    cli.login()
except suds.WebFault as e:
    print "Error while logging into the Men & Mice suite: %s" % e.fault.faultstring

The same authentication model applies to users logged in through the web service, as to users using the GUI. The user needs to have permissions to work with a given resource (DNS records, zones, servers, users, etc). Special permissions are also needed to execute commands through the web server interface. The permissions can be granted by an administrator using a GUI, or the web service.

Error handling

The SOAP specification defines a format for messages containing error information and is used by the Men & Mice web service to notify a client when an operation fails. In some cases, we might also get partial failures. If we are for example deleting DNS records from a number of servers, then some of the DNS servers might be unreachable, while other servers successfully remove their corresponding records. In that case the operation will return a collection of error messages describing the errors.

Working with resources

All objects within the Men & Mice Suite, whether they are IP addresses, DNS zones, DNS records, DHCP scopes or any other type of resource, have a unique resource identifier that can be used to reference, retrieve and work with the resource. It is also possible to fetch a collection of items, for example DNS records and search the retrieved items for a specific pattern. Many of the SOAP commands also provide a filter input parameter, in order to filter what records to return from the service. Further details about references and filters can be found in the official Men & Mice API documentation .

Example usage

We will now demonstrate a simple, yet realistic example of how the API might be used.

The example demonstrates a scenario where we need to relocate a large number of websites hosted on different machines to a new web server. Instead of changing each DNS record manually by hand, we will automate the task by using a simple script.

We start by logging into the system using the before mentioned client available from the Men & Mice website. We then create an array of DNS records (arrayOfDNSRecordsToAdd) that will be used to store the new records that we want to add. We also create an array to store unique references to the records that we want to delete (dnsRecordsToRemove), after we have saved the newly created records.

try:
    cli = mmSoap(proxy=proxy,server=server,
             username=username, password=password)
    cli.login()
except suds.WebFault as e:
    print "Error while logging into the Men & Mice suite: %s" % e.fault.faultstring
    return False
    
arrayOfDNSRecordsToAdd = cli.create("ArrayOfDNSRecord")
dnsRecordsToRemove = cli.create("ArrayOfObjRef")

In order to get all DNS records, we need to fetch all DNS zones in the system using the GetDNSZones command. Once we have an object identifier for each zone (dnsZoneRef), we can use the GetDNSRecords SOAP command to retrieve all DNS records that are in the zone. Two filters are used. The first filter is used to make sure that only master zones are retrieved. The second filter is used to limit the results to records of type "A". If a record points to any of the servers we are migrating from (IP addresses 10.1.1.10, 10.1.1.11 or 1.1.1.1), then we add the record to the collection of records we want to remove and create a new DNS record pointing to the web server we are migrating to (IP address 10.0.0.1).

# Retrieve all master zones
(_, arrayOfDNSZone), (_, totalResults)  = cli.GetDNSZones(filter="type:Master")
if totalResults == 0:
    print "No DNS zones found."
    return True
for dnsZone in arrayOfDNSZone.dnsZone:
    # Fetch all A records from the zone 
    (_, arrayOfDNSRecord), (_, totalResults) = cli.GetDNSRecords(dnsZoneRef=dnsZone.ref, filter="type:^A$")
    if totalResults > 0:
        for dnsRecord in arrayOfDNSRecord.dnsRecord:
            if dnsRecord.data in ["10.0.0.10", "10.1.1.11", "1.1.1.1"]:
                # Modify records to point to new server
                dnsRecordsToRemove.ref.append(dnsRecord.ref)
                dnsRecord.ref = None
                dnsRecord.data = "10.0.0.1"
                arrayOfDNSRecordsToAdd.dnsRecord.append(dnsRecord)

Once we have created all the records, we add them to the system using the AddDNSRecords command. The command returns an array of record references for each new DNS record that has been added, along with an array of errors, if any. The references are used as a parameter to the GetDNSRecord command, that we use to get further information about the records.

The retrieved arrayOfDNSRecordRef will have the same record order as the arrayOfDNSRecordsToAdd that was passed to the SOAP command. If an error occurred when creating a particular record, then a "null" reference "{#0-#0}" will be returned for that record instead. The results could be used to make sure that any old records that correspond to the ones we were unable to add, will not be removed in the next step when we delete old records. We will, however, omit that step for this example and instead prompt the user to do a manual cleanup in case of any errors.

if len(arrayOfDNSRecordsToAdd.dnsRecord) > 0:
    # Create new records
    (_, arrayOfDNSRecordRef), (_, addRecordArrayOfErrors) = cli.AddDNSRecords(dnsRecords=arrayOfDNSRecordsToAdd, 
                                                                                saveComment='Modifying DNS records to point to host "10.0.0.1".')
    if len(arrayOfDNSRecordRef.ref) > 0:
        for recordRef in arrayOfDNSRecordRef.ref:
            if recordRef == "{#0-#0}":
                # Caused by a record that was not added due to some error
                continue
            try:
                print "Added record:", cli.GetDNSRecord(dnsRecordRef=recordRef)
            except suds.WebFault as e:
                print 'Unable to retrieve record with ref "%s" due to the following error: %s' % (recordRef, e.fault.faultstring)

If any errors came up while adding new records, then we instruct the user to do a manual clean up. Note that the error property from the AddDNSRecords response is "nillable". That means that it might not be present in the response. We therefore check if it has been set, before using it.

If no errors came up while adding new records, then we remove the old records using the RemoveObjects operation. The RemoveObjects command can be used to delete almost any object in the system, given that we have a resource reference to the object.

 

if hasattr(addRecordArrayOfErrors, "error") and len(addRecordArrayOfErrors.error) > 0:
    print """One or more errors occurred while adding records: %s.
 Old records will not be deleted. Please check manually and delete old records that were successfully migrated.""" % addRecordArrayOfErrors.error
    return False
else:       
    # No errors came up during migration, we delete the old records
    removeRecordErrors = cli.RemoveObjects(objRefs=dnsRecordsToRemove,
                                            saveComment="Removing records that now point to host %s." % addressTo)
    if len(removeRecordErrors) > 0:
       print "The following errors occurred while removing old records:", removeRecordErrors
       return False

The complete example can be downloaded here.

Summary

The Men & Mice web service API can be used to automate repetitive DNS, DHCP and IP address management tasks and can be used to write custom applications on top of the Men & Mice Suite. The service can be used by most common programming languages, and as demonstrated, is easy to use.

Topics: Men & Mice Suite, IPAM, DNS, DHCP, DNS Zone, Web Services, SCRIPTING

[Webinar] IETF 90 Report – DNS, DHCP, IPv6 and DANE

Posted by Men & Mice on 7/7/14 6:15 AM

Report from IETF 90 in Toronto 2014

The IETF, Internet Engineering Task Force, those that are working on new Internet Standards, met in Toronto in July 2014.IETF resized 600

Mr. Carsten Strotmann from the Men & Mice Services team gives an overview of interesting developments from the working groups inside the IETF, after attending online at the IETF 90 in Toronto.

Hear more on:

  • DNS
  • DNS-Privacy
  • IPv6
  • DANE
  • DHCP(v6)
  • and new RFCs that have been published since the last IETF in March 2014

Fetch the slides, webinar recording and link collection.

Topics: IPv6, DNS, DHCP, Webinars