Hi,
I've been giving vegadns another try this evening and have a few issues
to report.
I'm using vegadns 0.9.9.1 on Fedora Core 5 with SELinux enabled and
php-5.1.2/apache-2.2.0/mysql-5.0.18
1. SELinux
In order to get axfr transfer working I had to add the following local
SELinux policy:
module local 1.0;
require {
role object_r;
role system_r;
class association { recvfrom sendto };
class file { getattr read };
class netif { tcp_recv tcp_send udp_recv udp_send };
class node { tcp_recv tcp_send udp_recv udp_send };
class process execheap;
class tcp_socket { bind connect create getattr name_connect
node_bind read recv_msg send_msg write };
class udp_socket { bind connect create getattr name_bind
node_bind read recv_msg send_msg write };
type auth_port_t;
type dns_port_t;
type http_port_t;
type httpd_sys_script_t;
type httpd_t;
type inaddr_any_node_t;
type net_conf_t;
type netif_t;
type node_t;
type port_t;
type unconfined_t;
type unlabeled_t;
};
allow httpd_sys_script_t auth_port_t:tcp_socket { name_connect send_msg };
allow httpd_sys_script_t dns_port_t:tcp_socket { name_connect recv_msg
send_msg };
allow httpd_sys_script_t dns_port_t:udp_socket { recv_msg send_msg };
allow httpd_sys_script_t http_port_t:tcp_socket { name_connect recv_msg
send_msg };
allow httpd_sys_script_t inaddr_any_node_t:tcp_socket node_bind;
allow httpd_sys_script_t inaddr_any_node_t:udp_socket node_bind;
allow httpd_sys_script_t net_conf_t:file { read getattr};
allow httpd_sys_script_t netif_t:netif { tcp_recv tcp_send udp_recv
udp_send };
allow httpd_sys_script_t node_t:node { tcp_recv tcp_send udp_recv
udp_send };
allow httpd_sys_script_t node_t:tcp_socket node_bind;
allow httpd_sys_script_t port_t:udp_socket name_bind;
allow httpd_sys_script_t self:tcp_socket { bind connect create getattr
name_connect read write };
allow httpd_sys_script_t self:udp_socket { bind create connect getattr
read write };
allow httpd_sys_script_t unlabeled_t:association { recvfrom sendto };
allow unconfined_t self:process execheap;
Save this policy to a file "local.te" and run the following commands:
checkmodule -M -m -o local.mod local.te
semodule_package -o local.pp -m local.mod
semodule -i local.pp
2. Is it possible to add secondary DNS records for domains, i.e. >1 name
server? If so, how?
3. axfr-get works mush faster if you use the "-R" option to tcpclient.
4. When the axfr-get completes, I get a page full of errors - the
following lines are repeated and not necessarily in this order:
Notice: Undefined index: default_soa in
/var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 534
Notice: Undefined index: default_soa in
/var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 589
Notice: Undefined index: default_soa in
/var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 604
Notice: Undefined index: default_ns in
/var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 537
Notice: Undefined index: default_ns in
/var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 585
Notice: Undefined index: out_array in
/var/www/vegadns/vegadns-0.9.9.1/src/functions.php on line 433
If I click in the address bar and hit return, the page displays OK but
with the following notices:
Notice: Undefined index: default_soa in
/var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 534
Notice: Undefined index: default_ns in
/var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 537
And, the following error:
Error: <alphabetically-first-domain> is already in this database
All the domains seem to have imported OK, e.g. if I click on "Domains".
5. I'd like to see the axfr-transfer code be a little more robust and to
not fail on protocol errors, i.e. it should continue with the next
domain in the list and print a list of failed transfers when it finishes
processing the list of domains.
Any help with these issues would be appreciated.
R.
