The Men & Mice Blog

DNS training from A to Z, Part 5

Posted by Men & Mice on 9/20/19 9:25 AM

Continuing our glossary of DNS tips & tricks, we’re covering the letters M, N, and O this time.

M is for “master DNS zone”

A.k.a. the Primary Zone. Informally, The Zone Of All That Is Good and Pure. (May have made that one up.)

Simply put, the master DNS zone resides on the server which is authoritative for the zone’s data. h (As opposed to a slave zone; more on that in a bit.) When you make changes to the master DNS zone, such as adding, editing, or deleting a record, those changes will be replicated to the slave DNS zones.

Slave (or secondary) DNS zones are read-only copies of the master DNS zone, used to relieve the primary zone of query load or as a backup in case of failure. Data from the master DNS zone to the slave zone(s) is done through zone transfer

N is for “named-check*”

Namely (🙄) named-checkzone and named-checkconf. These two are helpful commands in BIND (we’ve talked about it before) to check a configuration file’s validity before pushing it live. 

The neat feature of these two commands is that not only do they report any errors in their respective configuration files, but also let you know the line number of the errors. When dealing with large files, this can save a lot of time and headache.

Use them freely.

O is for “OpCode”

A DNS opcode is a four-bit field that identifies the type of query being sent to the DNS server.

The opcode can be, per IANA’s (the Internet Assigned Numbers Authority, we’ve also talked about them before) designations:

OpCode

Name

0

Query (see RFC1035)

1

IQuery (Inverse Query, obsolete; see RFC3425)

2

Status (see RFC1035)

3

Unassigned

4

Notify (see RFC1996)

5

Update (see RFC2136)

6

DNS Stateful Operations (DSO) (see RFC8490)

7-15

Unassigned

OpCodes show up when you examine a query. (Like with dig.)

Want to learn more?

This series is byte-sized (that joke just never gets old) — but a lot more can be said and done. To learn more in-depth about DNS specifically, we offer a comprehensive DNS training program.

You can enroll in different groups depending on your skill level:

  • If you’re new to DNS, we offer the DNS & BIND Fundamentals (DNSB-F) course. It’s part of the DNS & BIND Week (DNSB-W) and serves as a shorter introduction to the world of DNS and BIND.
  • If you’re already familiar with the basics, the full five-day DNS & BIND Week (DNSB-W) course takes you deeper into DNS, including a heavy emphasis on security, stopping just short of DNSSEC (for which we offer a separate course).
  • And if you're looking for even more, we offer the DNS & BIND Advanced (DNSB-A) program, getting into the deep end of things.

To check if you can get on board with one of the remaining courses this year, check out our training calendar for 2019, and reach out to us with any questions.

Topics: Men & Mice Suite, DNS, IT best practices, DNS training

VMworld US 2019: all aboard for multicloud

Posted by Men & Mice on 9/12/19 10:46 AM

The guiding word for San Francisco between 25th and 29th August was ‘cloud.’ Everything revolved around it, from storage solutions to innovations in computing performance, just about every vendor  came set to showcase how their products provide distinct advantages in a cloud environment.

The verdict is clear: cloud adoption in one form or another is not an ‘if’, but a ‘when'. Those coming to VMworld whose companies haven’t yet invested in some kind of cloud offering, came prepared to explore all options.

Pitfalls and best practices

Cloud adoption is a complex task. And it is especially true in the area of our expertise: networks.

The show floor was abuzz with the newest advancements in technologies like storage for big data (in the cloud) and computing performance in service of machine learning (in the cloud).

Meanwhile, the stalwart Men & Mice team had a field day as scores of people came to us to learn how to do cloud better. We chatted with people running multiple data centers, on-prem, in the cloud or hybrid and multicloud, looking for better management solutions. We debated the merits of appliance-based approaches vs. overlays. (Overlays are better, of course). And we had a blast discussing the power of cloud DNS. (If you’re utilizing cloud DNS, you don’t need anything else. You’re already using the best there is. You just need to make it more transparent and compatible with your existing systems and processes.)

Cloud adoption, coupled with migration of data and existing systems, can bring with it a host of pitfalls to avoid, as well as a score of best practices to study and apply. But how do you get your network ready for cloud, or multicloud, adoption? 

On this subject, our North American Director of Sales Operations, Paul Terrill,  gave a talk at VMworld's Solutions Exchange Theater in San Francisco on future-ready network best practices. Take a look:

Cloud is a multiple choice question

We’ve arrived in an era where one cloud is not necessarily the best answer. The differentiation between services and their respective ecosystems has grown beyond simply executing similar processes along the same concept.

The quality of tools and depth of services between different cloud providers can vary considerably, and your needs may be best served by more than one. Every company has to evaluate what works for them. Networking best practices, as discussed by Paul Terrill in the above-mentioned talk, might help you decide what matters most to you. 

In this vibrant and varied landscape of the cloud market, solutions that provide a connective layer between the disparate offerings provide lasting value and position networks well for a rapidly changing network management landscape.

The Men & Mice Suite is such a solution, developed to provide an abstraction layer for cloud (and on-prem!) networks that can work with any underlying technology or service. From VMware to Azure to AWS, NS1 and Akamai -- it doesn’t matter what’s in your networks; what matters is how you see (and manage) it.

And because it’s a software-defined and API-first solution, the Men & Mice Suite can be deployed non-disruptively (no more re-buying appliances every five years) while offering advanced automation and customization tools to save valuable resources across network teams.

In short, with the Men & Mice Suite you don’t need to adapt your network to  to conform to our solution. You can continue to use the platforms you have, or want, to build the future-ready network you need. 

Get connected

IMG_6575We’ve had a great time in San Francisco (as illustrated) and answered a lot of questions from interested parties. We were also delighted to meet up with current customers and hear their success stories with the Men & Mice Suite.

From the latter, we’ll be bringing you deployment studies, white papers, and more technical content on the blog and in our podcast in the coming weeks and months.

For the former, our doors are always open for a chat, or delve deeper with a free demo.  Feel free to reach out to us and we’ll be happy to answer your questions and show you how we can help you change the way you see, and manage, your networks.

Topics: Men & Mice Suite, IPAM, DNS, DHCP, "cloud dns", vmworld

New Men & Mice Suite Reporting Module: Cut through data congestion with a reporting superhighway

Posted by Men & Mice on 3/20/19 8:23 AM

Reports management is critical in any enterprise-level organization. Knowing who did what, when, and why — even, and especially, after months or years — is invaluable for regulatory requirements, transparency, and a clear line of responsibility. Having a good handle on reports also helps managers to identify notable efficiencies or worrying weaknesses in existing processes.

The benefits of reliable and usable reporting affect the entire business, from IT to C-Suite. Decision makers on all levels need to track available assets and spot workload trends that affect them; clear and transparent reporting can expose security vulnerabilities or reveal human error before they cascade into catastrophe; and business decisions benefit from comprehensive data deepening the understanding of what changes are needed.

Reporting has always had a presence within the Men & Mice Suite, but from version 9.2 a new advanced Reporting Module ups the reports management ante several levels.

The foundation

The Men & Mice Suite has been known for its robust handling of object history for all DNS, DHCP, and IP data since the very beginning.

Inspector-actionsChanges made to an object (DNS record, DHCP scope, IP address, you name it) managed through the Men & Mice Suite are logged in the system. Hand
ling these objects in the Suite’s management web application, users can view the history of changes individually per object.

Having the data, however, is just the beginning. To make these foundations satisfy the need for high-frequency, and often automated, reporting, the Men & Mice Suite Reporting Module streamlines the way users can mine this data, offering greater reports management and control.

The traffic control

The new Men & Mice Suite Reporting Module enables users and administrators to view, collect and utilize data within the Men & Mice Suite and/or export it for download. Users can:

  • create and save new report definitions

  • schedule reports to be generated

  • run reports

  • download reports in various formats

report1

The Reporting Module offers a variety of report templates, from audit trails to a list of DNS zones filtered by criticality, as well as a straightforward process for customization. Tailor-made reports can be generated by correlating data and templates in just a few steps. Users can also create reporting definitions and schedule them to run reports on a daily, weekly, or custom schedule.report2

The Reporting Module is a central tool for businesses to maintain transparency, clear communications, and scalability. Apart from  generating reports and scheduling them to run on a regular basis, the Reporting Module provides a variety of other use cases such as:

  • during internal reorganization, project leaders can quickly generate reports to list available assets;

  • objects can be organized into a report to locate vulnerabilities and prevent security incidents;

  • business expansion is aided through defining reports on resources reaching capability limits, thus helping to make smarter business decisions

The result

The Reporting Module especially shines in cases where on-prem and cloud network resources are mixed and scaled across multiple locations and platforms. With the Reporting Module, Men & Mice Suite  provides streamlined reports management, giving you an enhanced overview of your network and system processes, and taking you one step closer to unifying the way you see, and control, your hybrid and multicloud network resources.

Take a look at the following video to see the Reporting Module in action:

 

 

Try the Men & Mice Suite 9.2

The Men & Mice Suite helps to make complex enterprise IP infrastructure management, across hybrid and multicloud environments, as elegantly simple and quietly robust as customer-grade technology — but on an enterprise-grade scale.

The new Reporting Module is an important improvement in streamlining network management in the enterprise. Building on the already robust data facilities of the Men & Mice Suite, it provides valuable data and insights for making better decisions.

You can try version 9.2 of the Men & Mice Suite by clicking the button below or grab it directly from the Azure Marketplace. The new Reporting Module is part of the Men & Mice Suite and can be licensed as an add-on to versions of Men & Mice Suite v9.2 or beyond.

Men & Mice Suite Free Trial

Topics: Men & Mice Suite, Men & Mice, day-to-day IT

Reason to use Men & Mice for IPAM and DNS with Windows 2016 and Azure

Posted by Greg Fazekas on 9/20/18 10:30 AM

Men & Mice + Microsoft Ignite

Men & Mice at #MSIgnite

It's no surprise, given our long-standing relationship and integration with Microsoft's solutions, as well as our mutual enterprise customers, that we'll be attending the Microsoft Ignite event again this year. 

Come to Booth 108, where we'll be answering questions and demoing the Men & Mice Suite. But if you want to learn more about Men & Mice and Microsoft, here's some information that can help you understand our compatibility and how that may be beneficial to your network infrastructure management and operations. 

Book appointment

Men & Mice and Microsoft

Robust and trusted: magic words in any enterprise IT environment.

Microsoft has been able to largely dominate this space because its products are robust and its reputation is trusted. Enterprise IT professionals understand the value accountability that their network infrastructure solutions brings to the table.

With the Men & Mice Suite for DNS, DHCP and IPAM (DDI), you can leverage your existing Microsoft investments without replacing hardware or adding additional appliances. Trusted for decades by the architects and managers overseeing some of the world’s largest network infrastructures, Men & Mice offers simplified integration, advanced control, and improved security.  

Why Men & Mice?

What makes the Men & Mice DDI Suite valuable? Using Men & Mice’s software solutions with your existing Microsoft environment has numerous important advantages through our architecture, Active Directory and Azure integration.

The more robust a network is, the more complex it becomes. Men & Mice, simply put, ‘takes the daunt’ out of network management, while still staying robust and providing the ever-expanding features and support our customers came to trust.

As you scale to meet your expanding networking needs, Men & Mice offers you flexibility, portability, and complete management - all while cutting operational expenses and strengthening overall network resilience.

Architecture

Any vendor-specific appliance, including Microsoft, works best in their own homogenous environment. But the everyday realities of life rarely afford businesses the luxury of such. Once a foreign element, from another vendor or from the same but in another location, is given entry to the network, the chances for strategic disconnect and vulnerabilities multiply.

The Men & Mice suite (now at version 9.1) is an overlay DDI solution. Its architecture is designed to intuitively integrate with a Microsoft infrastructure environment or multi-vendor, multi-platform networks.

The Men & Mice Suite takes care of coordinating between hardware, software, no matter where they are or where they’re from. It unifies resources under a single-pane-of-glass interface, and can be deployed non-destructively. A powerful API serves the users for automation, while redundancies and fine-tuned access control ensures security.

Core advantages of the Men & Mice Suite architecture include:


  • Single pane of glass visibility over all DDI operations on-prem and in the cloud.
  • Audit trails across all changes to DNS, DHCP, and IPAM.
  • Granular, role-based access to objects residing with MS servers, services, and cloud subscriptions.
  • Easy and automated migration of data from server to server, or between on-prem and cloud.
  • Reliable and widely compatible APIs to automate and manage all your DDI operations and data.
  • Monitoring of data integrity and usage, such as DHCP scope and subnet utilization.

Active Directory

The Active Directory synergy of the Men & Mice suite is at the core of our product, and has been since the earliest days. As the first IPAM solution to fully integrate with Microsoft Active Directory, we can list - among others - functionality essential to enterprise businesses powered by Microsoft software:

  • Synchronization ensures real-time system integrity, allowing and propagating changes through both the Men & Mice Suite or Active Directory.
  • Role-based granular access (both for users and groups), tracking, and auditing fortifies security and boosts administrative efficiency. Users can be authenticated through Active Directory (AD) and use single sign-on (SSO) to access Men & Mice Suite.
  • Global overview and administration of Sites and Subnets directly through the Men & Mice Suite.

Portability

With the 9.1 release of the Men & Mice Suite, we've introduced a web-based application. It is designed to (further) simplify the day-to-day management of your company's network,

Having everything at your disposal all the time can often result in complicated, slow processes for even the simplest tasks. We’ve cut down on the noise, deploying our wealth of experience working with and listening to enterprise IT professionals, to identify the most common tasks.

And then we made them lightning-fast and possible to do on any device, from anywhere in the world. (While still plugging into Active Directory, if required. Portability is no excuse for less security.)

Azure

Our customers are the customers of Microsoft as well: we support their needs and investments in IT.

Microsoft takes their cloud strategy seriously, and so do we. We've been working closely with various solutions teams at Microsoft to build compatibility into the Men & Mice Suite. For example, we were the first to offer comprehensive support for Windows Server 2016 (including zone scope and DNS policies) and Azure DNS.

Whether your company is migrating to Azure from another provider, or looking to scale its existing network, Men & Mice provides support through:

  • Cloud-native integration with Azure and Azure DNS.
  • Bulk migration or import of DNS zones into Azure DNS.
  • Tracking changes, delegating access, and seeing all zones across multiple subscriptions, and managing data through APIs after migration.

It's only natural that the same compatibility, ease-of-use, security, and portability that our customers got used to with regards to Microsoft’s existing software and Active Directory, exists for Azure DNS as well. 

Topics: Men & Mice Suite, Windows, microsoft active directory, Microsoft Ignite, Azure DNS, azure, windows 2016

Men & Mice at Microsoft Ignite 2018: hybrid compatibility with on-prem Windows Servers and Azure / multi-cloud portability

Posted by Greg Fazekas on 9/5/18 2:25 PM

Fresh from the great experiences at VMWorld in Las Vegas — including a Finalist nod in the Networking category for the Best of VMworld Awards, thank you very much — the Men & Mice team is heading to Orlando, FL at the end of September, to talk all things Windows, Azure, hybrid DNS and IP address management at Microsoft Ignite 2018.

(Best of) VMworld 2018

menmice_vmworld_bestof

Men & Mice was awarded as the Finalist in TechTarget’s ‘Best of VMworld 2018’ awards in the Networking category, and we couldn’t be more proud.

We brought the Men & Mice Suite to VMworld to showcase our no-nonsense, unified approach to simplifying enterprise DNS, DHCP and IP address management. Our commitment to developing software solutions that scale and adapt to changing network needs while keeping costs and complexity down (through automation, virtualization and full network visibility) were validated both in conversations we had at our booth and reflected in the award we received for Men & Mice Suite v9.1.

The Men & Mice Suite is an overlay management solution that can be dropped on to an organization’s existing on-prem and cloud infrastructure, maximizing investments to give full visibility, synchronization and added security across network environments. Its fast-implementation and non-disruptive deployment, as well as reliable REST APIs, cloud-native functionality, fine-grained access controls and web-based management application simplifies day-to-day operations while amplifying compatibility with best-in-class platforms and vendors for greater network flexibility and portability as an enterprise network evolves.

ignite2018

At Microsoft Ignite 2018 -- Hybrid & Multi-cloud Network Management

Microsoft Ignite is a prized opportunity not just for Microsoft, but for third-party developers, like Men & Mice, to connect with customers, partners (and each other) in order to advance Network technology further.

The Men & Mice Suite was born amidst the rolling green hills of Iceland but feels right at home flying in the Azure skies of Microsoft (and on the ground in Windows Servers-based on-prem).

Ignite will focus on cloud and networking (and cloud networking.) as dialog around cloud integration shifts from“if” to “how” and “how to make it better.” From datacenter modernization, and its fundamental transition to Managed Services, to cloud-native development for future-ready network infrastructure, Men & Mice will feel right at home. We are about simplified DNS, DHCP and IP address management, after all.

Azure DNS

Men & Mice has been working closely with the Azure DNS team for a long time, to implement full support for Azure DNS in the Men & Mice Suite, an augmentation of the suite’s existing functionality with Windows-based on-prem environments, unparalleled Active Directory integration and hybrid IPAM synchronization with Azure cloud instances.

Men & Mice customers have been able to enjoy the same high availability, performance, and convenience of Azure DNS while maintaining the low cost and full control of their DNS domains and IP address blocks via the tools provided by the Men & Mice Suite.

With the newest additions to the Men & Mice Suite  v9.1, including xDNS Redundancy, which includes cloud-native integration and support, full portability of DNS zones between on-prem, cloud and between cloud vendors, fully leveraging your resources has never been simpler and more efficient. With our web-based management application you can even take everyday network management on the go, while our APIs offer powerful automation (and more!).

Meet Us at Booth 108

Drop by our booth to see how the Men & Mice Suite can increase network flexibility, scalability and simplify your Windows and Azure-based network management — including hybrid networks with on-prem Windows servers, IPAM in Azure and DNS on Azure DNS — without burdening administrators and end users with the complexities.

Come meet us in Orlando to see for yourself.

DNS, DHCP and IPAM Demo

Topics: Men & Mice Suite, Windows, Microsoft Ignite, hybrid cloud, Azure DNS, azure, multi-cloud

Version 8.3 – Faster, Leaner, Fitter DHCP

Posted by Johanna E. Van Schalkwyk on 1/11/18 11:16 AM

Doing DHCP

The beauty of DHCP is the speed at which it functions. Basically, DHCP (Dynamic Host Configuration Protocol) does what administrators can do manually, but DHCP just does it automatically, more efficiently, and in a fraction of the time.

Size can trump speed

Yet the bigger a network gets, the more DHCP servers and scopes are needed to dynamically assign, or lease, IP addresses and related IP information to network clients. The number of servers and scopes and the way the load is distributed and processed affect the speed at which networks can keep DHCP data fresh and IP leases available for use. On large networks, how efficiently DHCP lease data is documented, processed and synchronized becomes just as important as the initial matchmaking between DHCP clients and servers.

The relationship between DHCP client and server

DHCP does the hard work of handling communication between servers on a network, and client computers trying to access that network. If the series of messages between a DHCP server and a client computer would be illustrated as a conversation, it would probably look something like this.

DHCP conversation.png

Mind you, at any given moment on a large network, hundreds, or even thousands, such conversations can be occurring simultaneously. On top of that, the client computer sends its DHCPDISCOVER broadcast packet to all available servers, and all available servers can respond with a DHCPOFFER. The client is not programmed to be picky and always accepts the first offer it receives. Once they detect that their offers were not accepted, the other DHCP servers will withdraw their offers. In short, there’s a whole lot of to-and-fro action behind the scenes that is invisible to network administrators and users, but still finds its way into DHCP servers’ lease history. 

To complicate matters – or simplify it – these DHCP client-server relationships, or leases, are mostly temporary arrangements. Both parties know it will end. The server will revoke the lease once it’s expired. The client, on the other hand, can attempt to keep the lease by renewing it, or start looking for another IP address lease if the one they had had expired.

Apart from doing matchmaking between clients and servers, DHCP also ensures that each network client has a unique IP address and appropriate subnet masks. If two clients were to try and use the same IP address, neither of them would be able to communicate on the network.

These rotating relationships make the way DHCP lease data is documented, processed and synchronized so much more critical. If this is not done fast and efficiently, the whole process of dynamically assigning IP addresses can become slowed down, leaving DHCP clients, servers and ultimately network users, frustrated and ineffective.

Making DHCP management faster, leaner and fitter

Once networks run to hundreds, or thousands of DHCP scopes and servers, one needs to re-assess the way DHCP data is processed, and develop ways to improve speed and efficiency. This is exactly what Men & Mice developers set out to achieve in Version 8.3 of the Men & Mice Suite.

DHCP optimizations in Version 8.3 include:

  • Reduced network traffic, especially between the Central server and a DHCP server controller 
  • Improved database performance when processing data from a DHCP server
  • Reduced load on a DHCP server while it is being synced

Optimizing processes in these areas has resulted in lightening the often heavy load on DHCP servers, making DHCP server management considerably faster and more efficient – and more pleasurable for the people in charge of keeping it all going, all the time.

To dig into the more technical aspects of these enhancements and get the lowdown on what this boost in DHCP performance and scalability could mean for you or your network, get in touch with one of our sales engineers to walk you through the details.

 

Topics: Men & Mice Suite, IPAM, DHCP, CLOUD, Akamai, Performance

Men & Mice Suite Version 8.1 – Loving you long time

Posted by Men & Mice on 1/24/17 10:10 AM

It’s January, so it must be time for the annual Men & Mice Suite LTS release, aka long term support release.

A version upgrade of the Men & Mice Suite is scheduled for release three times a year. The versions are differentiated as Long Term Support (LTS) releases, and feature releases.

The first release in January of every year is an LTS release. By LTS we mean this version will be supported for two years after its initial release date. The two feature releases have a shorter LTS.pngsupport cycle.

While the primary focus of the feature releases is to introduce new functionality and features, the primary focus of the LTS releases is to fine-tune and improve newly introduced features, as well as to improve the stability and performance of the Men & Mice Suite in general. We like to see our annual LTS release as the prime example of our commitment to quality, superior functionality and keeping our solution as fast, simple and stable as our customers have become accustomed to.

To have a peek at what good features found their way into the Suite in 2016 and are fine-tuned in Version 8.1, check out details on our Windows Server 2016 support, REST API and VMware plug-in here. If you want to sink your teeth into the REST API, read our detailed article on the subject. And if you’re curious about support for ISC Kea DHCP and Windows Server 2016 Response Rate Limiting, look no further than here.

Finally, read more on how Men & Mice also made inroads into the cloud in 2016 with support for Azure DNS, developed in close cooperation with the Microsoft Azure Team.

One brand new tidbit added to 8.1. is a beautiful new look to the console. A new, fresher font and some easy-to-follow icons are sure to make the superior Men & Mice Suite ergonomic experience all that much more visually pleasing. Enjoy!

All further information on Men & Mice Suite Version 8.1 is obtainable from the Documentation Release Notes.

New Call-to-action


If you’d like to meet up with Men & Mice in person, please come and visit us at Booth E54 at Cisco Live Berlin at the end of February.

If you can’t make it to Berlin, let Men & Mice come to you - sign up for the Bind 9 Logging Best Practices webinar on February 2nd!

Happy January all the way from a not-so-chilly Iceland,

The Men & Mice Team

 

Topics: Men & Mice Suite, DDI

Men & Mice Suite Version 7.3 – Plugging into VMware while having a REST

Posted by Men & Mice on 11/10/16 9:12 AM

Men & Mice Suite Version 7.3 has arrived - and not a minute too soon! Yet considering that it’s jam-packed with goodies such as a brand-new REST API, VMware vRealize Orchestrator plug-in and further support for Windows Server 2016, it was definitely worth the wait.

Let’s take a quick peek at what Version 7.3 has in store for our customers.

Taking a break with the REST API

API.png

API. In the world of the Internet, it means Application Programming Interface. In the world of the Icelandic language (where Men & Mice has its roots) it means … monkey. Literally. And maybe just as well – a good API, with or without hair, really does seem to make life so much better.

Monkey business or no monkey business, the Men & Mice REST API is sure to offer customers a very welcome extra set of hands - and feet, so to speak – with which to create workflows and write handy scripts for the import and export of data, amongst other things.

Used by browsers, REST (Representational State Transfer) is often considered to be the language of the internet. By using HTTP requests to GET, POST, PUT and DELETE data, REST paves the way for two computers to communicate over the internet by one acting as a web server and the other as a web browser. Making use of a stateless protocol, RESTful services exhibit particularly fast performance, reliability and scalability.

The Men & Mice REST API includes all the functionality of the existing Men & Mice SOAP API and JSON-RPC, but delivers the added advantages of ease of use, combined with a rich set of tools and support libraries. Additionally REST, as a resource-based instead of a standards-based API, means users gain considerably greater operational flexibility.

More information on how to get the most out of REST can be found in the Men & Mice REST API article.

Plugging in where it matters – VMware vRealize Orchestrator Plug-In

Men & Mice takes a further step towards simplifying virtualization by introducing the VMware vRealize Orchestrator plug-in. Designed to integrate seamlessly within the VMware Orchestrator framework, the Men & Mice Suite VMware plug-in allows for fast and efficient provisioning of virtual machines.

 

vmware_plugin.png

 

When a Men & Mice Suite user puts in a request for a new virtual machine (VM), the vRealize Orchestrator receives the next available IP address from the requested subnet, together with other essential configuration information. vCenter creates the VM and communicates the changes back to the Men & Mice Suite, which then updates DNS infrastructure accordingly. Additionally:

  • the Men & Mice Suite’s custom properties allow further customization of the VM’s visibility and status.
  • VM information retained in the Men & Mice Suite enables VM tracking, synchronization and updates, including the release of IP addresses after a virtual server is taken down.
  • the Men & Mice Suite talks to DNS servers and registers DNS entries and other changes, such as updates to DNS policies, thereby consolidating DNS data required by the vRealize Orchestrator.

By plugging into the vRealize Orchestrator, the Men & Mice Suite enables integrated functionality that not only saves time, but also strengthens security, eliminates errors of configuration and ensures improved and continuously synchronized network manageability.

Windows Server 2016 Support Released in Tandem with General Availability

Men & Mice Suite support for primary Windows Server 2016 DNS and DHCP features was already included in Version 7.2, released in May 2016. A stand-out feature was support for Response Rate Limiting, which significantly reduces the impact of a Denial of Service (DoS) attack on servers.

With Windows Server 2016 achieving General Availability in September 2016, Men & Mice expands its support for the following additional Windows Server 2016 features:

DNS policies

DNS policies grant a user control over how queries are handled based on specific criteria. These criteria can, for example, be used in the following scenarios:

  • High availability of DNS services
  • Traffic management
  • Split brain DNS 
  • Filtering
  • Forensics
  • Redirection based on date/time

Specific types of policies are:

  • Zone transfer policies
    Essentially used to define how zone transfers take place, zone transfer policies control zone transfer permission on the server level or the zone level. 
  • Recursion policies
    Control how the DNS server performs recursion for a query. 
  • DNS query resolution policies
    Used to specify how incoming DNS queries are handled by the DNS server. 

IPv6 root hints

The IPv6 root servers can now be used for performing name resolution. 

DANE TLSA records

DANE, or DNS-based Authentication of Named Entities, allows a domain owner to specify in a particular DNS record which certificates authorities are allowed to issue for the domain.

The Men & Mice Suite Release Notes provide more detail on other minor improvements and fixes that form part of the Version 7.3 Release.

That wraps it up for a quick round-up of all things new and shiny that the Men & Mice Suite Version 7.3 has to offer. If you’d like to jump right in and try out these new features, treat yourself to a Version 7.3 free trial. 

Men & Mice Suite trial

 

Coming up in December is the last in our 2016 series of webinars, this time focusing on DNS high availability tools. Don’t forget to sign up!

 

Topics: Men & Mice Suite, DDI, API, VMware

Men & Mice Web Service: REST API

Posted by Men & Mice on 11/10/16 6:42 AM

Introduction to Men & Mice REST API

Men & Mice is expanding our web service offerings by adding a REST API web service to the existing SOAP/XML and JSON-RPC services.

This article serves as an introduction to the Men & Mice REST API, providing information on background, purpose and functionality.

What is REST?

REST, or more specifically Representational State Transfer, is often described as the language of the Internet. An architectural style for distributed hypermedia systems, REST was first introduced by Roy Fielding in his doctoral dissertation at UC Irvine in the year 2000.

Fielding’s experience as one of the principal authors of the HTTP specification led to his development of REST as a set of principles and constraints for communication between computers on the Internet. The six architectural constraints unique to REST are client-server separation, statelessness, cacheability, uniform interface, layered systems and code on demand – the latter being the only constraint that is optional.

According to Fielding, the purpose of creating REST was to simplify and enhance the distribution of data between systems. Given how widespread REST has become, it’s safe to say Fielding’s mission has been accomplished. Architectural properties affected by REST are performance, scalability, simplicity of a uniform interface, modifiability of components, visibility of communication between components, portability of components and reliability.

Since its introduction, REST has gained much popularity, likely due to its positive effect on architectural properties and its simplicity, both particularly critical in the era of exponential increases in cloud usage offerings. Today, the majority of new web services are designed as RESTful[1] services instead of SOAP/XML, JSON-RPC, or other types of communications.

Why add a REST API to the Men & Mice Suite?

Men & Mice web services in the form of SOAP/XML and JSON-RPC provide an extensive set of commands to configure and control all aspects of the Men & Mice Suite. However, REST has become the first choice of communication for web service applications. By making use of a stateless protocol, RESTful services exhibit particularly fast performance, reliability and scalability. Additionally, REST’s simplicity generally makes it easier for users to get started and engage with the service.

The greatest difference for users between SOAP and REST is that SOAP as a standards-based web service access protocol is more rigid in execution, whereas REST as a resource-based web service provides greater flexibility. In most cases, a user will only need a browser or a simple command line tool such as cURL to access data from a RESTful web service.

How does the Men & Mice REST API work?                                               

In REST, the focus is on resources. You specify a resource with a URL (Uniform Resource Location) and then apply an operation on the resource using an HTTP method. The Men & Mice REST API supports the four most common HTTP methods: GET, PUT, POST and DELETE.

  • GET – Retrieve a resource (read)
  • PUT - Modify an existing resource (update)
  • POST - Add a new resource (create)
  • DELETE - Remove a resource (delete)

The resources or the objects found in the Men & Mice Suite are:

  • AddressSpaces
  • ADForests
  • ADSiteLinks
  • ADSites
  • ChangeRequests
  • CloudNetworks
  • CloudServiceAccounts
  • Devices
  • DHCPAddressPools
  • DHCPExclusions
  • DHCPGroups
  • DHCPReservations
  • DHCPScopes
  • DHCPServers
  • DNSRecords
  • DNSServers
  • DNSViews
  • DNSZones
  • Folders
  • Groups
  • Interfaces
  • IPAMRecords
  • Ranges
  • ReportDefinitions
  • Reports
  • ReportSources
  • Roles
  • Users

An example of a URL referring to a DNS zone would be:

     http://mmsuite.company.com/mmws/api/DNSZones

To get all the zones defined in the Men & Mice Suite you would use HTTP GET:

     GET http://mmsuite.company.com/mmws/api/DNSZones

To get a specified zone, e.g. test.menandmice.com, you would also use HTTP GET, but with a reference to the specific zone:

     GET http://mmsuite.company.com/mmws/api/DNSZones/test.menandmice.com.

The Men & Mice REST API understands two types of content: JSON and XML. The content type of the response will depend on the type of content in the request. If there is no content in the body of the request, the web service will check for a clue in the HTTP header fields "Content-Type" and "Accept". If either of the fields exist and contain "application/json", it will return a JSON formatted response. If either of the fields exist and contain "application/xml" or "application/soap+xml", it will return an XML formatted response. If no clues can be found, it will select JSON as the response format.

It’s also possible to mix these two content types during the same session and the web service will simply respond with JSON if this was a JSON request, or XML if the content type detected was XML.

To get a full list of supported REST command and how to use them enter http://mmsuite.company.com/mmws/api/doc/ in your browser. If the web services is correctly set up you should get a Swagger definition of all commands. For more information regarding Swagger see: https://swagger.io/

The Men & Mice REST API is built on the same code base as both SOAP/XML and JSON-RPC. However, some of the commands you will see in SOAP/XML and JSON-RPC are not a part of the REST API. The reason for this is that in REST, the focus is on resources, not commands. You can, however, execute all the commands found in SOAP/XML and JSON-RPC using the URL: api/command/<command>.  For example, to get all orphan DNS records found in your Men & Mice Suite, you can say:

     GET http://mmsuite.company.com/mmws/api/command/GetOrphanReverseDNSRecords

Orphan DNS records are PTR records where the corresponding A/AAAA record is missing.

For possible commands, please refer to the Men & Mice SOAP reference manual.

Arguments

The Men & Mice REST API supports many arguments that can be added to the URL. For example, when getting zones you can say:

     GET http://mmsuite.company.com/mmws/api/DNSZones?limit=2&pretty=true

This would return to you a list of zones in the Men & Mice Suite. At the most two lists would be returned, with the output made easier to read by adding lines and spaces.

There are a few arguments that are always available, no matter what resource you are referring to:

  • pretty – If set to ‘true’ it will make the response more readable.
  • server - Name or address of a Men & Mice Central server to connect to.
  • loginName - The name of the user who wants to log in.
  • password - The password for the user.
  • session - An ID of a valid session.

These arguments are only optional. You don't need to use arguments to log on to a server. The Men & Mice REST API offers different types of authentication, such as Basic Authentication, Windows NTLM and Kerberos. Note that in order for a user to be able to use the REST web service, the user has to have the applicable permission to use the web user interface.

There are some arguments that you can provide in many cases when using the HTTP GET method:

  • filter - Filtering criteria for the result returned.
  • offset - Specifies the offset to use when listing the results. A value of 0 starts with the first result.
  • limit - The maximum number of results to return.
  • sortBy - The name of the field to sort by.
  • sortOrder - The sort order to use.

When adding, or changing a resource, you will need to provide some data. In most cases the data will be provided as a body of the HTTP request. Data can also be provided as an argument. The server will understand that you are providing something that should be a part of the data. For example, when adding a DNS record, instead of providing a body with the HTTP method POST, you can say instead:

     POST http://mmsuite.company.com/mmws/api/DNSZones/test.menandmice.com./DNSRecords?dnsRecord={ "name": "restest", "type": "A", "data": "1.2.3.11"}

Filter arguments

The filter is a powerful argument that can be provided with many of the get methods. It allows you to limit the result to only those items you want to retrieve. You can use different kinds of operators, wildcards and regular expressions in a filter.

As of version 9.1 a new, highly optimised and user friendly, filter syntax was added. Before that version, the Men & Mice Suite had a filter syntax that mainly focused on regular expressions and only had a limited set of operators (i.e. metric operators >, =, <). Using operators can come really handy when you are trying to limit your result on properties rather then plain strings. Even though the new filter syntax has been introduced, the old filter syntax can still be used for backwards compatibility.

Some examples of how the filters can be used:

Return all items that contain the string "mycorp" in any properties:

mycorp
Return all A records containing the string "rec" in it's name:
type=A AND name=@rec
Return all records with the name "rec" and of type A, AAAA or CNAME:
name=rec AND (type=A OR type=CNAME OR type=TXT)
The in operator can be used as well to get the same result:
name=rec AND type in(A,CNAME,TXT)
To get all IP address in the range 10.0.0.0 - 10.10.255.255:
from >= 10.0.0.0 AND to <= 10.10.255.255
To get all ranges created in the last month use:
created <= -1M

For more information regarding filters please refer to the Men & Mice Suite Documentation.

Men & Mice REST API in action - examples 

Several great tools are available for working with web services, such as Postman and cURL.

Postman is highly recommended, especially for those interested in testing web services. Postman allows the testing of requests, after which it can be asked to generate code snippets for that request in different programming languages.

cURL is a popular command line tool that is available on most platforms. It is installed by default on most Unix flavors. For Windows, it can be downloaded from https://curl.haxx.se

cURLl can be handy when you want to export data or combine data with simple scripts. The examples on the following pages were created by trying out the REST API using cURL.

For these examples, let's assume that our web service is running on the server mmsuite.company.com, our user name is "john" and our password is "secret".

$ curl --user john:secret -X GET http://mmsuite.company.com/mmws/api/DNSServers

{
   "result": {
       "dnsServers": [
           {
           "ref": "DNSServers/3",
           "name": "a-win2008r2.mmsuite.company.com.",
           "resolvedAddress": "172.17.0.17",
           "port": 1337,
           "type": "MS",
           "state": "OK",
           "customProperties": {},
           "subtype": "Win2008",
           "enabled": true
           }
       ],
       "totalResults": 1
   }
}

Since we didn’t provide any information about what kind of content type we wanted, the server responded with JSON output. If we want to get the result back in XML format, we can simply add the XML "Content-Type".

$ curl --user john:secret --header "Content-Type: application/xml" -X GET http://mmsuite.company.com/mmws/api/DNSServers

<response>
    <result>
        <dnsServers>
            <dnsServer>
                <ref>DNSServers/3</ref>
                <name>a-win2008r2.mmsuite.company.com.</name>
                <resolvedAddress>172.17.0.17</resolvedAddress>
                <port>1337</port>
                <type>MS</type>
                <state>OK</state>
                <customProperties/>
                <subtype>Win2008</subtype>
                <enabled>1</enabled>
            </dnsServer>
        </dnsServers>
        <totalResults>1</totalResults>
    </result>
</response>

Now let's try to use filters and get a list of all reverse zones in the Men & Mice Suite.

$ curl --user john:secret -X GET "http://mmsuite.company.com/mmws/api/DNSZones?filter=name=\$in-addr.arpa.&pretty=true"

{
    "result": {
        "dnsZones": [
            {
                "adIntegrated": false,
                "authority": "a-win2008r2.remote.mm.lab.",
                "customProperties": {},
                "dnsViewRef": "DNSViews/3",
                "dnssecSigned": false,
                "dynamic": false,
                "kskIDs": "",
                "name": "1.5.2.in-addr.arpa.",
                "ref": "DNSZones/10",
                "type": "Slave",
                "zskIDs": ""
            },
            {
                "adIntegrated": false,
                "authority": "a-win2008r2.remote.mm.lab.",
                "customProperties": {},
                "dnsViewRef": "DNSViews/3",
                "dnssecSigned": false,
                "dynamic": false,
                "kskIDs": "",
                "name": "10.in-addr.arpa.",
                "ref": "DNSZones/11",
                "type": "Slave",
                "zskIDs": ""
            }
        ],
        "totalResults": 2
    }
}

Notice the quotation marks around the URL and the arguments. The reason for this is that we are using characters such as "&" that might confuse the command line. By putting quotation marks around it, we are saying that everything inside the quote is a part of the data and should not be interpreted in a different way.

Here is another great example of how powerful the filters are. Let's find all A records starting with “vm” in the zone dev.lab.

$ curl --user john:secret -X GET "http://mmsuite.company.com/mmws/api/DNSZones/dev.lab./DNSRecords?filter=type=A AND name=^vm&pretty=true"

{
    "result": {
        "dnsRecords": [
            {
                "comment": "",
                "data": "10.4.4.3",
                "dnsZoneRef": "DNSZones/20",
                "enabled": true,
                "name": "vm-1",
                "ref": "DNSRecords/374",
                "ttl": "",
                "type": "A"
            },
            {
                "comment": "",
                "data": "10.4.4.1",
                "dnsZoneRef": "DNSZones/20",
                "enabled": true,
                "name": "vm-1",
                "ref": "DNSRecords/376",
                "ttl": "",
                "type": "A"
            },
            {
                "comment": "",
                "data": "10.4.4.2",
                "dnsZoneRef": "DNSZones/20",
                "enabled": true,
                "name": "vm-1",
                "ref": "DNSRecords/377",
                "ttl": "",
                "type": "A"
            }
        ],
        "totalResults": 3
    }
}

Note that all of the GET commands can be executed in a simple browser. When you enter a URL in a browser, it will send an HTTP GET command to the server you are referring to. This can become handy if you don't have cURL installed. You can try this by opening a browser, entering the address of your Men & Mice Web Server and appropriating a REST resource, e.g.

            http://menandmice.com mmws/mmws/api/DNSZones&pretty=true

If your Men & Mice web service is configured to allow Basic Authentication or Windows Authentication (NTLM or Kerberos), it will prompt you for a user name and password.

Scripts or programming languages

Now what about scripts or programming languages? Because, as mentioned earlier, REST is the simplest and most popular choice when creating a web service, it is usually well supported in all languages. As an example, let's look at how we would list out all records in a reverse zone that are suspicious. A reverse zone usually only contains NS and PTR records. Other record types are allowed, but usually don't appear there.

We wrote this script using Python. Python is a great scripting language and well-suited to smaller scripts, especially when dealing with JSON and strings. It is a pretty comprehensive language, yet there are plenty of additional libraries to be explored, if one should need something more.

From Python 3 onwards you can use the http.client library to create a REST request. Bear in mind that Python 2.7, however, does not include the http.client library. Since we will be using Python 2.7, we will be using the requests library which is not a part of the standard installation. For information on how to install the requests library, see http://docs.python-requests.org/en/latest/

#!/usr/bin/env python
#
# restDemo.py – list all suspicious records found in
# reverse zones
import requests
 
username = 'john'
password = 'secret'
headers = {'content-type':'application/json'}
url = 'http://mmsuite.company.com/mmws/api/'
params= {'filter' : 'name=$in-addr.arpa.'}

sess = requests.Session()
resp = sess.get(url + 'DNSZones', params=params, auth=(username, password), headers=headers)
# resp should now contain a list of all reverse zone

if resp.ok:
    for zone in resp.json()['result']['dnsZones']:
        print 'checking zone: ' + zone['name']
        # for each zone get all the records
        resp = sess.get(url + zone['ref'] + '/DNSRecords', auth=(username, password), headers=headers)
        if resp.ok:
            for rec in resp.json()['result']['dnsRecords']:
                if rec['type'] not in ['SOA', 'NS', 'PTR']:
                    print '\t!!!\t' + rec['name'] + '\t' + rec['type'] + '\t' + rec['data']

The output resulting from the script is illustrated in the next box.

$ ./restDemo.py
checking zone: 1.5.2.in-addr.arpa.
checking zone: 10.in-addr.arpa.
checking zone: 137.168.192.in-addr.arpa.
checking zone: 4.6.2.in-addr.arpa.
checking zone: 49.10.in-addr.arpa.
checking zone: 7.3.2.in-addr.arpa.
checking zone: 2.2.63.in-addr.arpa.
!!!   jonas TXT   test

The script found 7 reverse zones. One of them contained a TXT record which we consider suspicious. And just for fun, because we love those filters, we could have used them to retrieve only the records that are not of the type SOA, NS and PTR. So the last part of our Python script could have been written like this:

...
        print 'checking zone: ' + zone['name']
        params= {'filter' : 'type in (SOA,NS,PTR)'}
        # for each zone get all the records, only get records of
        # all types other then SOA, NS or PTR
        resp = sess.get(url + zone['ref'] + '/DNSRecords', params=params, auth=(username, password), headers=headers)
        if resp.ok:
            for rec in resp.json()['result']['dnsRecords']:
                print '\t!!!\t' + rec['name'] + '\t' + rec['type'] + '\t' + rec['data']

Writing the script this way leads to less traffic and less load, which can make a difference if the reverse zones are large.

When creating scripts, it is best to create a new, dedicated user account that only has access to the objects the script needs to function. If you are running Microsoft Windows in an AD environment, the web service can also be configured to allow single sign-on.

Men & Mice REST API: Summary

The primary focus of the Men & Mice development team has always been to simplify the complex task of administering a DDI[2] environment, while retaining network flexibility and maintaining speed, as different network environments and different types of users have very different needs. To achieve this flexibility, our mission has been, and continues to be, developing and providing a rich set of commands, combined with easy user access through a web service interface.

Extending the Men & Mice Suite to include a REST API creates a powerful additional tool for users. With the Men & Mice REST API, users gain easier access to data in the Men & Mice Suite, as well as the means to process it according to their particular needs. The Men & Mice REST API therefore extends the range of tools with which customers can create workflows, write handy scripts to import and export data or generally just develop customised ways to lighten the load of administering the often complex, but vital, daily tasks existing in our technical lives.

[1] REST or RESTful?

REST is the set of architectural constraints and is not dependent on any protocol. Web service APIs are typically called RESTful when they adhere to the REST architectural constraints. Practically every RESTful service uses HTTP as its underlying protocol.

[2] DNS, DHCP and IP Address Management

Topics: Men & Mice Suite, API

Microsoft Azure DNS and Men & Mice Making More Sparks Together

Posted by Men & Mice on 9/29/16 10:57 PM

Chemistry. Sometimes, when two separate entities meet, they just have it. Sometimes they don’t. When it comes to Men & Mice and Microsoft, it’s definitely a case of the former. There’s surefire chemistry, and, even though the relationship already dates back to way back when, we’ve never been stronger together than we are now.

Just this week, Microsoft Azure announced General Availability of their domain hosting service, Azure DNS, in a joint statement with Men & Mice, released on September 26th at the Microsoft Ignite conference in Atlanta, USA. The General Availability announcement comes slightly more than a year after Microsoft first unveiled the public preview of this new addition to their cloud network offerings at Microsoft Ignite in Chicago in 2015. Men & Mice had already announced support for Microsoft Azure DNS in January of this year, with the release of the Men & Mice Suite Version 7.1. Now everyone is able to pick the fully ripe fruits of this productive partnership.

According to Jonathan Tuliani, Program Manager for Azure Networking – DNS and Traffic Manager, with this announcement Azure DNS is now ready to be used for production workloads. Given that Azure DNS “is supported via Azure Support and is backed by a 99.99% availability SLA” this means that Men & Mice Suite customers can now sit back and enjoy the high availability, performance, low cost and convenience of hosting their domains in the cloud with Azure DNS, while maintaining full control of their DNS domains and IP address blocks with the help of the powerful DNS, DHCP and IP Address Management (DDI) tools provided by the Men & Mice Suite.

azure_dns.jpg

Magnus E. Bjornsson, CEO of Men & Mice, sees this as one more positive step towards the continued development of third-party support products in close cooperation with Microsoft. “We are proud partners of Microsoft and embrace the opportunity to join forces with this leader in the field of IT. Our mutual collaboration enhances the value of the open and adaptable Men & Mice Suite to our customers.”

The Men & Mice Suite already exhibits a core, unfettered synergy with Microsoft Active Directory, which helps to make it one of the world’s top choice suppliers of DNS, DHCP and IP Address Management software solutions. With the addition of support for Azure DNS, as well as support for Windows Server 2016, there’s no telling where this juicing up of existing chemistry will take us next. If the past is anything to go by, it’s bound to be a happy combination of small steps and giant leaps towards collaborative, innovative creation.

The full General Availability announcement can be accessed on the Microsoft Azure blog.

 

Topics: Men & Mice Suite, DNS

Why follow Men & Mice?

The Men & Mice blog publishes educational, informational, as well as product-related material for everyone and anyone interested in IP Address Management, DNS, DHCP, IPv6, DNSSEC and more.

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all