This repository has been archived by the owner on Sep 8, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
DNSDusty – web based DDNS management. Note: I barely maintain this repo
License
rimas-kudelis/dnsdusty
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Welcome to the DNSDusty program.
Setting up BIND for dynamic updates:
You'll need to set up BIND so that it accepts signed dynamic updates for your
zone. Here's an overview:
1) generate a key using tsig-keygen like this:
% tsig-keygen DNSDusty > /etc/dnsdusty/dnsdusty.key
this will create the key that will be used when signing zone update requests.
2) add this key to your named.conf file in a stanza like this:
key "DNSDusty" {
algorithm hmac-sha256;
secret "rUnmCsAl8Q+fC0Td4Og5NrnyYyNARV+Hsy637/fNvAs=";
};
3) For each zone that you want to manage with DNSDusty, add this keyname to
both your 'allow-update' and 'allow-transfer' lists:
zone "example.com" {
type master;
file "/etc/bind/db.example"
allow-update { key DNSDusty; };
allow-transfer { key DNSDusty; };
}
4) reload named to make it see your new configuration.
Prerequisites:
DNSDusty requires the following non-standard perl modules:
Net::DNS
CGI::FormBuilder
HTML::Template
Make sure these are installed prior to getting the software working.
Installing DNSDusty:
DNSDusty comes set up to be installed according to the Debian packaging
guidelines. The sources also come with an EPM listfile. If you have the EPM
program installed (see https://www.msweet.org/epm/), then you should be able to
package the software by running:
% epm -v -f native dnsdusty
Once you generate the package, install it with your OS's installation tool.
You'll then need to modify the config file, which is by default:
/etc/dnsdusty/dnsdusty.conf.
Both the config file and the key file should only be writable by root, and only
readable by the user that your webserver runs as. Since it contains the key to
allow updates to your webserver, make sure that you secure it well, unless you
want the world to be able to update your server.
Setting up Apache:
DNSDusty doesn't have any authentication built in, so you'll need to secure it
at the webserver level. I use Apache2 for my webserver, and only allow access
to DNSDusty from the SSL-enabled section (this keeps passwords from being sent
in cleartext). I use the mod-auth-pam and mod-auth-sys-group modules to
authenticate users with system level authentication on my setup.
Here is the relevant stanza from an example apache config. This should be
inside a VirtualHost section for the SSL-enabled section of the site.
ScriptAlias /dnsdusty/cgi-bin/ /usr/lib/dnsdusty/cgi-bin/
<Directory "/usr/lib/dnsdusty/cgi-bin/">
SSLOptions +StdEnvVars
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from 10.10.10.0
Deny from All
AuthPAM_Enabled on
AuthGROUP_Enabled on
AuthType Basic
AuthName "DNSDusty"
require group dnsadmins
</Directory>
The per-zone authorization depends on having a valid $REMOTE_USER environment
variable, so if you plan to use this feature, then HTTP Authentication is
required.
Problems, Questions and Patches:
If you have problems, questions, suggestions or patches, feel free to report
these issues or (preferably) create pull requests on GitHub.
Enjoy!
About
DNSDusty – web based DDNS management. Note: I barely maintain this repo
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published