Skip to content

FAQ

Jump to bottom Edit New page
Matt Simerson edited this page Aug 30, 2019 · 22 revisions

Frequently Asked Questions

  1. What does NicTool need to run?
  2. What DNS servers does NicTool work with?
  3. What Resource Records does NicTool support?
  4. How does NicTool simplify DNS?
  5. Can I run the exports on the BIND nameserver?
  6. When does the nameserver re-read the config file?
  7. Do I have to set up an export for every nameserver?
  8. Can I specify a BIND zone template for each zone?
  9. Does NicTool support locations or views?
  10. Run two instances of NicTool Server on Apache

What does NicTool need to run?

NicTool is written in perl. The client can be run on any platform that has perl and a web server. It has been tested under apache and lighttpd. NicToolServer requires MySQL and Apache. NicTool is known to run on Linux, FreeBSD, MacOS X, and other UNIX-like operating systems.

What DNS servers does NicTool work with?

NicTool can export to DNS servers running tinydns, BIND, PowerDNS, MaraDNS, NSD, and Knot.

What Resource Records does NicTool support?

NicTool currently supports the following Resource Record types: A, NS, CNAME, SOA, PTR, MX, TXT, AAAA, LOC, SRV, NAPTR, DS, SSHFP, IPSECKEY, RRSIG, NSEC, DSNKEY, NSEC3, NSEC3PARAM, and SPF.

How does NicTool simplify DNS?

NicTool provides templates that ease adding a domain, or group of domains, that share a common set of records. The NicTool API allows users and admins to perform mass DNS updates without granting extraordinary privileges. All changes made via the API are logged and visible via NicToolClient.

You don't need to add or maintain NS records for your zones. NS records are automatically generated for every NS a zone is published to. SOA record creation is completely automated as well.

NicTool provides web forms that simplify DNS data entry. Sure, everyone that manages DNS frequently knows that 86,400 seconds is one day, but NicTool also provides handy popups with commonly used values. This is especially handy if one doesn't remember whether 1 or 2 is the correct value for a DSA fingerprint in an SSHFP record.

There are also BIND zone templates, which make it very easy to include zone specific information within the BIND configuration file.

When does the nameserver re-read the config file?

Tinydns serves directly from the compiled data.cdb file. The instant that file is compiled (by tinydns-data), it is moved into place and tinydns is serving from it.

BIND rereads the config file when told (rndc reload).

PowerDNS has an expiration timer and rechecks if zone files have been updated, and if so, automatically re-reads them.

NSD serves from a compiled database (similar to tinydns)

Can I run the exports on the BIND nameserver?

Yes, but it is not the most secure way of doing so. It requires the BIND nameserver to have database access to the NicTool database on the NicTool Server. If the two systems are on different networks, use stunnel to encrypt the traffic between them. You will need to perform the following steps:

  1. Install NicToolServer on the BIND nameserver. You will need the mysql client libraries installed.
  2. Configure nictool/server/lib/nictoolserver.conf with the DSN settings.
  3. Make sure that the export directory (default /etc/namedb/nictool) you specified in the NicTool configuration for that name server is writable by the NicTool export user.
  4. Configure a BIND export per the normal instructions

Do I have to set up an export for every nameserver?

You could just set up one export. Then, edit the Makefile (that is automatically created in the export directory) and manually insert the extra rsync targets. You would change the entry that looks like this:

remote: data.cdb
    rsync -az data.cdb tinydns@10.0.1.1:/usr/local/tinydns-ns1/root/data.cdb

To look more like this:

remote: data.cdb
    rsync -az data.cdb tinydns@10.0.1.1:/usr/local/tinydns-ns1/root/data.cdb
    rsync -az data.cdb tinydns@10.0.1.2:/usr/local/tinydns-ns2/root/data.cdb
    rsync -az data.cdb tinydns@10.0.1.3:/usr/local/tinydns-ns3/root/data.cdb

Can I specify a BIND zone template for each zone?

Yes, see the article on BIND zone file templates

Does NicTool support locations or views?

Almost.

See this post on the support forums.

Support exists for exporting tinydns locations in the database and export scripts. That support still needs to be added to NicToolServer and NicToolClient.

Two Nictool-One Apache

It is possible to run two instances of NicTool Server (on separate ports, of course) under one Apache 2 instance. The secret is adding the '+Parent' option in each vhost declaration. See [this article on mod_perl OTRS](http://blog.otrs.org/2010/08/11/how-to-run-multiple-mod_perl-supported-otrs- on-a-single-host/)

Install Steps: NicTool Server | NicTool Client | Nameserver | Imports | Exports

Install NicTool

Install Nameserver

Publish to

Support

Clone this wiki locally