Documentation forIP Address Manager

BIND permissions

IPAM offers support for Linux-based BIND DNS server monitoring and management.

The following are the minimum requirements needed to monitor BIND DNS.

  • IPAM supports Debian 8.6 and 9.5, and RHEL/CentOS version 6 and 7.
  • IPAM supports BIND versions BIND 9.9+, BIND 9.10+, and BIND 9.11+.

    SolarWinds recommends using BIND 9.11+, as it supports commands for checking configuration syntax, which IPAM is able to use for configuration change validation during management operations.

Required permissions

The user account needs to be configured to enable remote telnet or SSH access to the BIND machine.

Read and write file access is required for:

  • the /etc/named.conf directory and all included files
  • the system temp directory /tmp for all zone data files
  • the /var/named directory

    The DNS zone configuration files are stored here by default - without this permission it is impossible to create/modify them.

    By default IPAM preserves mode, ownership and timestamps during file copying (IPAM works on copies so that it will not break anything during error) and if the user (in IPAM credentials) is not an owner of the configuration files (e.g. /var/named) then an Operation not permitted error will occur as preserving timestamps is only allowed for the target file owner (Unix/Linux mechanics).

    There are two options:

    1. Administrator can disable timestamps preservation in the IPAM system settings by checking the “No preserve timestamps” checkbox:
      • No additional configuration on the OS side is required – timestamps will not be preserved
    2. OS Administrator can change the owner of the configuration files to the desired user:
      • Not always possible (which is why the first option was implemented)
      • This requires additional OS configuration

CLI Commands

IPAM uses both standard Linux commands (POSIX) and BIND specific commands. The following are the commands used by IPAM for both management and monitoring:

  • named
  • ps
  • grep
  • sha1sum
  • cat
  • if [ -r "filepath" ] ; then echo 'true'; else echo 'false'; fi
  • if [ -w "filepath" ] ; then echo 'true'; else echo 'false'; fi
  • if [ $? -eq 0 ] ; then echo 'true'; else echo 'false'; fi
  • cp
  • mkdir
  • rm
  • named-checkconf

After you add a BIND in IPAM, your device syncs and imports BIND DNS configurations which can then be monitored or managed.