wiki:WikiStart

DeepNet DNS Administrator

This is a DNS management tool I developed as a replacement for VegaDNS.

It closely follows the UI layout from VegaDNS's (apparently abandoned) 1.1.x development releases, but treats groups, domains, users, and domain records more uniformly. I also separated the group tree list from the operational sections.

It theoretically supports all DNS types (although actual support for deprecated or very obscure types is limited or nonexistent). Practically, A, AAAA, CNAME, MX, NS, PTR, SRV, and TXT records are supported. SOA records can mostly be altered but serial number schemes other than "let tinydns Do The Right Thing" are not yet supported (#24).

With the addition of support for reverse DNS zones, some new pseudotypes that emulate some tinydns entries are also available: A+PTR, AAAA+PTR, PTR template, and A+PTR template. An AAAA+PTR template type is defined and listed, but it's only present for completeness; expanding a template to all IPs in any IPv6 block would take far too long. Only A+PTR is natively supported in tinydns; AAAA and AAAA+PTR records are only native with a third-party patch. PTR template and A+PTR template allow simple storage and manipulation of large blocks of DNS entries for IP ranges with fairly simple patterns without having to manually edit hundreds or thousands of records.

If added via web UI, A+PTR, A+PTR template, and AAAA+PTR records are visible in both the forward domain and reverse zone they are part of, and can be edited at will from either.

Data export to any front-end DNS server software should be possible; currently only export to tinydns is available.

Releases

v1.4 is released. Download the stable tarball from https://secure.deepnet.cx/releases/dnsadmin/.

Development on new features will continue on the trunk at https://secure.deepnet.cx/svn/dnsadmin.

Try out the live demo of v1.4 - full access is available using the default admin/admin user/password. Two other accounts are defined - test1 can create, edit, and delete domains and domain records; test2 is restricted to a subgroup, and can't make any changes. Use password test for either one.

Features

  • Tree-based access scope control (users in subgroups can only see domains in that subgroup, and its direct children)
  • Per-group default user permission and default record sets. Default records for a new group are cloned from the immediate parent group on creation.
  • Per-user action controls - permission to add, edit, and delete groups, domains, users, or records can all be set separately.
  • AXFR domain import
  • WHOIS and DNS lookup tools
  • Full internal activity logging

Added in v1.2

  • Full support for reverse DNS data including:
    • Forward/reverse combined records such as the native tinydns "=" record
    • Templating types for creating large numbers of similar records such as found in bulk residential access IP ranges
  • Locations/views - depending on the IP that made the request, a different result may be returned
  • Records that are only valid up until a set time, or only valid after a set time
  • Full RPC support for most common operations (add, edit, or delete forward and reverse zones, records, users, or groups)

Added in v1.4

  • Mainly internal refinements based on active production use
  • TXT export now configurable to "let tinydns manage the chunks" (results in 127-character TXT chunks) or force 255-character chunks, to placate some mindless auditing checklist or tool
  • Record-locator search in the menu sidebar
  • Log filtering
  • Log record aggregation/collapse: On domain adds, each default record would previously get its own standalone log entry. This groups them together, and abuses the CSS from the group tree in the menu to show/hide the record entries under a parent "Added active domain example.org" entry.

See the ticket list or roadmap for features on the to-do list.

Requirements

  • Perl
    • Standard modules:
      • CGI::Carp
      • Text::Wrap
    • Common non-core modules:
      • DBI
      • Digest::MD5
      • Net::DNS
      • Net::SMTP
    • Other modules:
      • CGI::Session
      • CGI::Simple
      • Crypt::PasswdMD5
      • HTML::Template
      • NetAddr::IP >= 4.027
      • Time::TAI64
    • Modules for RPC:
      • Frontier::Responder
        Depending on usage, you may want to apply a patch to support:
        • HTTP AUTH (apply on the client) and
        • suppress a horde of "Use of uninitialized value..." warnings (probably more useful on the server)
      • FCGI (not strictly required but strongly recommended for production use)
  • Postgres recommended; any database with real transaction support for all data manipulation could be used.
  • Webserver supporting CGI executables.
Last modified 7 months ago Last modified on Jun 13, 2017, 4:01:12 PM