Documentation forIP Address Manager

BIND permissions

IPAM offers support for Linux-based BIND DNS server monitoring and management.

The following are the minimum requirements needed to monitor BIND DNS.

  • IPAM supports Debian 8.6 and 9.5, and RHEL/CentOS version 6 and 7.
  • IPAM supports BIND versions BIND 9.9+, BIND 9.10+, and BIND 9.11+.

    SolarWinds recommends using BIND 9.11+, as it supports commands for checking configuration syntax, which IPAM is able to use for configuration change validation during management operations.

Required permissions

The user account needs to be configured to enable remote telnet or SSH access to the BIND machine.

Read and write file access is required for:

  • the /etc/named.conf directory and all included files
  • the system temp directory /tmp for all zone data files
  • the /var/named directory

    The DNS zone configuration files are stored here by default - without this permission it is impossible to create/modify them.

    By default IPAM preserves mode, ownership and timestamps during file copying (IPAM works on copies so that it will not break anything during error) and if the user (in IPAM credentials) is not an owner of the configuration files (e.g. /var/named) then an Operation not permitted error will occur as preserving timestamps is only allowed for the target file owner (Unix/Linux mechanics).

    There are two options:

    1. Administrator can disable timestamps preservation in the IPAM system settings by checking the “No preserve timestamps” checkbox:
      • No additional configuration on the OS side is required – timestamps will not be preserved
    2. OS Administrator can change the owner of the configuration files to the desired user:
      • Not always possible (which is why the first option was implemented)
      • This requires additional OS configuration

CLI Commands

IPAM uses both standard Linux commands (POSIX) and BIND specific commands. The following are the commands used by IPAM for both management and monitoring:

  • named
  • ps
  • grep
  • sha1sum
  • cat
  • if [ -r "filepath" ] ; then echo 'true'; else echo 'false'; fi
  • if [ -w "filepath" ] ; then echo 'true'; else echo 'false'; fi
  • if [ $? -eq 0 ] ; then echo 'true'; else echo 'false'; fi
  • cp
  • mkdir
  • rm
  • named-checkconf

After you add a BIND in IPAM, your device syncs and imports BIND DNS configurations which can then be monitored or managed.

Troubleshooting

If you are unable to add a DNS server set up using the BIND 9 package for Debian distribution, and testing the credentials results in the following error:

then please apply the following steps:

  1. Log in on your DNS server machine.
  2. Open the /etc/default/bind9 file
  3. Edit the OPTIONS variable by adding the configuration file path flag:

      OPTIONS="-u bind -c <path to named.conf>

      By default <path to named.conf> on Debian BIND 9 is /etc/bind/named.conf

  4. Save this change and restart the Bind9 daemon.

You should now be able to add the DNS server to IPAM without any issues.

The reason for specifying the -c flag, even if you have the default configuration, lies in the Bind9 Debian package configuration (specified during build time). One of the commands that IPAM executes to get information about the environment is "named -V". Normally it outputs a lot of information including a sysconfdir flag pointing to the directory containing the named.conf file. Unfortunately, in the Bind9 package, the sysdirconf flag occurs twice (also pointing to /etc & /etc/bind) which is ambiguous to the IPAM results parser and causes it to output the "Test Failed: Unable to find configuration file" error.