CentOS - May 2012 - editing bind (DNS) configuration under CentOS 6

Hello listmates,

It appears that system-config-bind has been phased out. Whatever the
reasoning was behind that decision - what are we expected to do now? Edit
it manually? That is doable, of course, but kind of cumbersome. Does
anybody know if there is a tool we are expected to use for that purpose?

Thanks.

Boris.

On 02.05.2012 13:58, Boris Epstein wrote:
> Hello listmates,
>
> It appears that system-config-bind has been phased out. Whatever the
> reasoning was behind that decision - what are we expected to do now? 
> Edit
> it manually? That is doable, of course, but kind of cumbersome. Does
> anybody know if there is a tool we are expected to use for that 
> purpose?
>
> Thanks.
>
> Boris.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
If you're afraid of "vi", I can recommend webmin.
http://dl.nux.ro/rpm/webmin.repo

-- 
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

Webmin is perfect for that. 

Sent from my iPhone

On 2 May, 2012, at 8:58 PM, Boris Epstein <borepstein at gmail.com> wrote:
> Hello listmates,
> 
> It appears that system-config-bind has been phased out. Whatever the
> reasoning was behind that decision - what are we expected to do now? Edit
> it manually? That is doable, of course, but kind of cumbersome. Does
> anybody know if there is a tool we are expected to use for that purpose?
> 
> Thanks.
> 
> Boris.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

On Wed, May 2, 2012 09:15, Karanbir Singh wrote:
> On 05/02/2012 02:09 PM, Nux! wrote:
>>> it manually? That is doable, of course, but kind of cumbersome.
>>> Does
>>> anybody know if there is a tool we are expected to use for that
>>> purpose?
>>
>> If you're afraid of "vi", I can recommend webmin.
>> http://dl.nux.ro/rpm/webmin.repo
>>
>
> and then you have 2 problems, one of which is a security hole.
>
> I've mostly just gone to using nsupdate  from the cli for all zone
> edits in bind zones. if you ever need the clear zone file, its
> easily dumped out with rndc - works, and you can do some fairly
> complex things in a clear and simple transaction manner ( plus,
> easily automated  from other scripts / code for more win )
>
For those of us not blessed with either the depth of experience or the
time required to master every single idiosyncratic cli for each one of
the the very many system daemons we are required to administer Webmin
is an excellent alternative to daily trips into the arcane.  Any
security issue respecting access to Webmin is handled simply and
efficiently in three steps:

1.  Set IPTables, or whatever firewall you employ, to block all access
to webmin's listening port (default 10000) from addresses outside your
local lan or from any but a specific host address.  Do this first and
reload the firewall rules.

2. Install and immediately configure Webmin to use https only.  This
can be done from the command line using any convenient editor by
editing the following three lines in /etc/webmin/miniserv.conf:

keyfile=/etc/webmin/miniserv.pem
ssl=1
ssl_redirect=1

3. Create a secure tunnel to an address inside your firewall that is
permitted access to webmin using whatever means you find convenient. 
I use SOCKS via "ssh -D 2001 user at host" with RSA certs and Firefox
configured to use the SOCKS proxy on my local host.  VPN or other
techniques will work as well, if not better.  But SOCKS over ssh works
well enough for my purposes.

This will get you up and going without ever having to pass credentials
to webmin over the wire enclair.

Webmin has the virtue of being remarkably easy to setup and simplifies
most abuse configuration issues on a wide variety of services.  For
one, it usually handles which files require which configuration
options. It does not, and cannot, cover every eventuality. But, for
basic setup and ongoing control of the main system services running on
most mainline Linux distros Webmin works most admirably in my
experience.  It certainly saves me a great deal of time and
frustration.

I would not give access to Webmin to anyone that did not already have
root access to that server.  But, if they already have root then I see
no reason to make their work any harder than it needsbe.

One caution.  Webmin is a powerful tool.  If you do not know what you
are doing then you can hurt yourself very badly with it.  On the other
hand I have made serious configuration errors with an editor some of
which were just spelling mistakes; a problem that Webmin mostly
avoids.

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

At 13:58 02/05/2012, you wrote:
>It appears that system-config-bind has been phased out. Whatever the
>reasoning was behind that decision - what are we expected to do now? Edit
>it manually? That is doable, of course, but kind of cumbersome. Does
>anybody know if there is a tool we are expected to use for that purpose?
Welcome to the command line!!
Unleash the power people.  God if there is one thing I love about 
linux it is the command line.
4am in a DC, MD screaming about SLA, enter the penguin!

Karanbir your an inspiration, keep up the excellent work, same goes 
for the rest of the CentOS team.

Tim D'Cruz
_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos

On Wed, May 2, 2012 16:17, Karanbir Singh wrote:
those of us not blessed with either the depth of experience
or
>> the
>
> sure, if you are new to Linux on the whole and need a point and click
> basics interface to a bunch of things webmin might be a suiteable
> option
Sure, if you work for some multi-billion dollar enterprise then the
cost of one or more employees perpetually mastering the ever-changing
minutiae of dozens of *nix services, most with documentation that is
charitably described as scant, can be borne.  The rest of the world
needs a reasonable answer at a reasonable price in a reasonable time. 
Something that Webmin and similar products provide.

My personal experience with point and click interfaces to *nix
utilities (which goes back to 1995) is that they often prove far
better at getting something working than losing yourself in the
byzantine cli and configuration file options that are the alternative.
> the most important vuln in webmin is how its designed, perl
> interfaces running as root with exclusive rights to anything
> on the machine, easily fiddled with on the machine itself.
> Perhaps 90% of all hacked centos machines running webmin, that
> I've looked at, were exploited locally
Myself, I never permit local shell accounts on systems that run
publicly available services. Once one requires local shell access to a
system be granted to ordinary users then I treat that host as
compromised, install and run nothing on it beyond what is required to
support shell access, and firewall it as if it resides on an alien
network.

Webmin is not the problem in this case. Want of prudence is. I admit
that my personal practice in this regard possibly colours my view of
how the 'security' boogieman is often used to denigrate a product that
I find extremely useful.
> Also, your email client looks to be broken, its not setting headers
> needed for mailing lists threading.
My email client is Squirrel Mail. I do not consider it to be broken
software. I receive the mailing list in digest format. Perhaps the
headers you seek are not provided in that format by the mailing list
manager itself.  However, maintaining the subject header usually
proves sufficient elsewhere.

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3