On Tuesday 25 Apr 2006 02:07, Robin Bowes wrote:
> Hi,
>
> I've been giving vegadns another try this evening and have a few issues
> to report.
>
> I'm using vegadns 0.9.9.1 on Fedora Core 5 with SELinux enabled and
> php-5.1.2/apache-2.2.0/mysql-5.0.18
>
> 1. SELinux
>
> In order to get axfr transfer working I had to add the following local
> SELinux policy:
>
> module local 1.0;
>
> require {
> role object_r;
> role system_r;
>
> class association { recvfrom sendto };
> class file { getattr read };
> class netif { tcp_recv tcp_send udp_recv udp_send };
> class node { tcp_recv tcp_send udp_recv udp_send };
> class process execheap;
> class tcp_socket { bind connect create getattr name_connect
> node_bind read recv_msg send_msg write };
> class udp_socket { bind connect create getattr name_bind
> node_bind read recv_msg send_msg write };
>
> type auth_port_t;
> type dns_port_t;
> type http_port_t;
> type httpd_sys_script_t;
> type httpd_t;
> type inaddr_any_node_t;
> type net_conf_t;
> type netif_t;
> type node_t;
> type port_t;
> type unconfined_t;
> type unlabeled_t;
> };
>
> allow httpd_sys_script_t auth_port_t:tcp_socket { name_connect send_msg };
> allow httpd_sys_script_t dns_port_t:tcp_socket { name_connect recv_msg
> send_msg };
> allow httpd_sys_script_t dns_port_t:udp_socket { recv_msg send_msg };
> allow httpd_sys_script_t http_port_t:tcp_socket { name_connect recv_msg
> send_msg };
> allow httpd_sys_script_t inaddr_any_node_t:tcp_socket node_bind;
> allow httpd_sys_script_t inaddr_any_node_t:udp_socket node_bind;
> allow httpd_sys_script_t net_conf_t:file { read getattr};
> allow httpd_sys_script_t netif_t:netif { tcp_recv tcp_send udp_recv
> udp_send };
> allow httpd_sys_script_t node_t:node { tcp_recv tcp_send udp_recv
> udp_send };
> allow httpd_sys_script_t node_t:tcp_socket node_bind;
> allow httpd_sys_script_t port_t:udp_socket name_bind;
> allow httpd_sys_script_t self:tcp_socket { bind connect create getattr
> name_connect read write };
> allow httpd_sys_script_t self:udp_socket { bind create connect getattr
> read write };
> allow httpd_sys_script_t unlabeled_t:association { recvfrom sendto };
> allow unconfined_t self:process execheap;
>
> Save this policy to a file "local.te" and run the following commands:
>
> checkmodule -M -m -o local.mod local.te
> semodule_package -o local.pp -m local.mod
> semodule -i local.pp
>
> 2. Is it possible to add secondary DNS records for domains, i.e. >1 name
> server? If so, how?
just add another NS record, either to the record itself or to the template
There are no 'primary' and 'secondary' NS records, unlike MX.
>
> 3. axfr-get works mush faster if you use the "-R" option to tcpclient.
>
> 4. When the axfr-get completes, I get a page full of errors - the
> following lines are repeated and not necessarily in this order:
>
> Notice: Undefined index: default_soa in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 534
> Notice: Undefined index: default_soa in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 589
> Notice: Undefined index: default_soa in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 604
> Notice: Undefined index: default_ns in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 537
> Notice: Undefined index: default_ns in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 585
> Notice: Undefined index: out_array in
> /var/www/vegadns/vegadns-0.9.9.1/src/functions.php on line 433
>
> If I click in the address bar and hit return, the page displays OK but
> with the following notices:
>
> Notice: Undefined index: default_soa in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 534
> Notice: Undefined index: default_ns in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 537
>
> And, the following error:
>
> Error: <alphabetically-first-domain> is already in this database
>
> All the domains seem to have imported OK, e.g. if I click on "Domains".
>
> 5. I'd like to see the axfr-transfer code be a little more robust and to
> not fail on protocol errors, i.e. it should continue with the next
> domain in the list and print a list of failed transfers when it finishes
> processing the list of domains.
I run axfr-get from a shell script so I can catch the return codes, then
process the tinydns data afterwards. Sometimes it has needed munging to fit
into vegadns, not brilliant. If the named zone files are simple it works OK.
>
> Any help with these issues would be appreciated.
>
> R.
--
-----------------
Bob Hutchinson
Midwales dot com
-----------------
