Re: [users] Several vegadns issues

2006-04-25 Thread Bob Hutchinson
On Tuesday 25 Apr 2006 11:19, Robin Bowes wrote:
> Bob Hutchinson wrote:
> > On Tuesday 25 Apr 2006 02:07, Robin Bowes wrote:
> >> 2. Is it possible to add secondary DNS records for domains, i.e. >1 name
> >> server? If so, how?
> >
> > just add another NS record, either to the record itself or to the
> > template There are no 'primary' and 'secondary' NS records, unlike MX.
>
> OK, so is the Primary Nameserver listed in the SOA record different to
> the nameserver lines in the Default Records?

hmm I put that badly ;-(

The nameserver listed in SOA should also have a NS record
so
NS -> ns1.example.com
NS -> ns2.example.com
and so on
There should be A records for these as well, somewhere, either on your own 
server or elsewhere.

Similar for MX
MX -> mail.example.com
A -> mail.example.com -> xx.xx.xx.xx

In the default_records table you would use DOMAIN as a placeholder

I do this for every domain we have records for, so if the owner has their own 
mailserver or wants to use some other service I only have to change the dns.

I also set up A records for www ftp webmail
The last two are just my own thing, but www is probably pretty well 
obligatory.

If you have another box running tinydns you can just transfer the data.cdb to 
it every time there is an update to the data file, I use rsync.

Alternately if you are running a second (backup) dns server and it is working 
in that role for others, transfer the data file with a unique name and 
concatenate them all into 'data' and run make at regular intervals.


>
> >> 5. I'd like to see the axfr-transfer code be a little more robust and to
> >> not fail on protocol errors, i.e. it should continue with the next
> >> domain in the list and print a list of failed transfers when it finishes
> >> processing the list of domains.
> >
> > I run axfr-get from a shell script so I can catch the return codes, then
> > process the tinydns data afterwards. Sometimes it has needed munging to
> > fit into vegadns, not brilliant. If the named zone files are simple it
> > works OK.
>
> It seems to work fine for me, apart from when there are some rogue zone
> files on the name server I'm sucking from (e.g. the user has left a
> half-finished zone file on the server, etc.).
>
> Perhaps I'll see how easy it is to continue after an error and add
> another patch.
>
> R.

-- 
-
Bob Hutchinson
Midwales dot com
-


Re: [users] Several vegadns issues

2006-04-25 Thread Robin Bowes
Bob Hutchinson wrote:
> On Tuesday 25 Apr 2006 02:07, Robin Bowes wrote:
>>
>> 2. Is it possible to add secondary DNS records for domains, i.e. >1 name
>> server? If so, how?
> 
> just add another NS record, either to the record itself or to the template
> There are no 'primary' and 'secondary' NS records, unlike MX.

OK, so is the Primary Nameserver listed in the SOA record different to
the nameserver lines in the Default Records?

>> 5. I'd like to see the axfr-transfer code be a little more robust and to
>> not fail on protocol errors, i.e. it should continue with the next
>> domain in the list and print a list of failed transfers when it finishes
>> processing the list of domains.
> 
> I run axfr-get from a shell script so I can catch the return codes, then 
> process the tinydns data afterwards. Sometimes it has needed munging to fit 
> into vegadns, not brilliant. If the named zone files are simple it works OK.

It seems to work fine for me, apart from when there are some rogue zone
files on the name server I'm sucking from (e.g. the user has left a
half-finished zone file on the server, etc.).

Perhaps I'll see how easy it is to continue after an error and add
another patch.

R.


Re: [users] Several vegadns issues

2006-04-25 Thread Robin Bowes
Bob Hutchinson wrote:
> On Tuesday 25 Apr 2006 02:56, Robin Bowes wrote:
>> I've fixed all these.
> 
> You beat me to it ;-)
> 
> make a patch and submit it, perhaps Bill will feed it in.

Patch attached.

This contains the following fixes:

axfr-get.php

Add "-R" to the tcpclient command.
This stops tcpclient looking up TCPREMOTEINFO which is often not
available and simply causes the tcpclient command to hang until it times
out (default 26 seconds)

index.php
=
Turn on Full error reporting (E_ALL)
This is useful for debugging when evaluating vegadns but should be
disabled in production.

create_tables.php
=
Add quotes to md5() function when creating default password.
VegaDNS wouldn't work for me without this. Identified by Bob Hutchinson.

domains.php
===
Add checks for default_ns and default_soa being present in the $_REQUEST
array before accessing them.
This prevents php warning notices in the form:
Notice: Undefined index: default_soa in
/var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 534

functions.php
=
Set a default value for $out_array in the parse_dataline function.
This prevents phph warning notices in the form:
Notice: Undefined index: out_array in
/var/www/vegadns/vegadns-0.9.9.1/src/functions.php on line 433

R,
diff -ur vegadns-0.9.9.1/axfr_get.php vegadns-0.9.9.1-working/axfr_get.php
--- vegadns-0.9.9.1/axfr_get.php2005-02-04 00:07:16.0 +
+++ vegadns-0.9.9.1-working/axfr_get.php2006-04-25 01:23:48.0 
+0100
@@ -45,7 +45,7 @@
 $rand = rand();
 $file = "/tmp/$domain.$rand";
 
-$command = "/usr/local/bin/tcpclient '".escapeshellcmd($hostname)."' 53 
/usr/local/bin/axfr-get '".escapeshellcmd($domain)."' $file $file.tmp 2>&1";
+$command = "/usr/local/bin/tcpclient -R '".escapeshellcmd($hostname)."' 53 
/usr/local/bin/axfr-get '".escapeshellcmd($domain)."' $file $file.tmp 2>&1";
 exec($command, $out);
 
 // Print any errors first
diff -ur vegadns-0.9.9.1/index.php vegadns-0.9.9.1-working/index.php
--- vegadns-0.9.9.1/index.php   2005-09-10 17:49:22.0 +0100
+++ vegadns-0.9.9.1-working/index.php   2006-03-29 20:26:44.0 +0100
@@ -23,6 +23,7 @@
 ini_set('log_errors', 1);
 ini_set('allow_url_fopen', 0);
 ini_set('session.use_cookies',0);
+ini_set('error_reporting', E_ALL);
 
 // Check that register_globals is off
 if(ini_get('register_globals')) {
diff -ur vegadns-0.9.9.1/src/create_tables.php 
vegadns-0.9.9.1-working/src/create_tables.php
--- vegadns-0.9.9.1/src/create_tables.php   2005-02-04 00:05:34.0 
+
+++ vegadns-0.9.9.1-working/src/create_tables.php   2006-03-29 
20:28:51.0 +0100
@@ -40,7 +40,7 @@
 ) TYPE=MyISAM";
 mysql_query($q) or die(mysql_error());
 
-$q = "INSERT INTO accounts VALUES 
(0,0,'test@test.com','".md5(test)."','Test','User','','senior_admin','active')";
+$q = "INSERT INTO accounts VALUES 
(0,0,'test@test.com','".md5('test')."','Test','User','','senior_admin','active')";
 mysql_query($q) or die(mysql_error()."".$q);
 
 $q = "CREATE TABLE active_sessions (
diff -ur vegadns-0.9.9.1/src/domains.php vegadns-0.9.9.1-working/src/domains.php
--- vegadns-0.9.9.1/src/domains.php 2005-09-10 12:35:33.0 +0100
+++ vegadns-0.9.9.1-working/src/domains.php 2006-04-25 02:44:46.0 
+0100
@@ -531,10 +531,10 @@
 
 $counter = 0;
 // default SOA and NS
-if ($_REQUEST['default_soa']=="on")
+if (isset($REQUEST['default_soa']) && $_REQUEST['default_soa']=="on")
  $def_soa=mysql_fetch_array(
   mysql_query("SELECT host,val FROM default_records WHERE type='S'"));
-if ($_REQUEST['default_ns']=="on") {
+if (isset($REQUEST['default_ns']) && $_REQUEST['default_ns']=="on") {
  $q=mysql_query("SELECT host,val,distance,ttl FROM default_records WHERE 
type='N'");
  while ($l = mysql_fetch_array($q))
   $def_ns[]=$l;
@@ -582,11 +582,11 @@
 if($line_key != 'domain' && !ereg("^#", $value)) {
 $result = parse_dataline($value);
 if(is_array($result)) {
-   if (($_REQUEST['default_soa']=="on") && 
($result['type']=='S')) {
+   if ((isset($_REQUEST['default_soa']) && 
$_REQUEST['default_soa']=="on") && ($result['type']=='S')) {
 $result['val']=$def_soa['val'];
 $result['host']=$def_soa['host'];
}
-   if (($_REQUEST['default_ns']!="on") || 
($result['type']!='N')) {
+   if ((isset($_REQUEST['default_ns']) && 
$_REQUEST['default_ns']!="on") || ($result['type']!='N')) {
  $q = "insert into records 
  (domain_id,host,type,val,distance,ttl) 
  values(
@@ -601,7 +601,7 @@
 }
 }
}
-if ($_REQUEST['default_ns']=="on") {
+if (isset($_REQUEST['default_ns']) && $_REQUEST['default_ns']=="on") {
 $counter=0;
  while ($ns = $def_n

Re: [users] Several vegadns issues

2006-04-25 Thread Bob Hutchinson
On Tuesday 25 Apr 2006 02:07, Robin Bowes wrote:
> Hi,
>
> I've been giving vegadns another try this evening and have a few issues
> to report.
>
> I'm using vegadns 0.9.9.1 on Fedora Core 5 with SELinux enabled and
> php-5.1.2/apache-2.2.0/mysql-5.0.18
>
> 1. SELinux
>
> In order to get axfr transfer working I had to add the following local
> SELinux policy:
>
> module local 1.0;
>
> require {
> role object_r;
> role system_r;
>
> class association { recvfrom sendto };
> class file { getattr read };
> class netif { tcp_recv tcp_send udp_recv udp_send };
> class node { tcp_recv tcp_send udp_recv udp_send };
> class process execheap;
> class tcp_socket { bind connect create getattr name_connect
> node_bind read recv_msg send_msg write };
> class udp_socket { bind connect create getattr name_bind
> node_bind read recv_msg send_msg write };
>
> type auth_port_t;
> type dns_port_t;
> type http_port_t;
> type httpd_sys_script_t;
> type httpd_t;
> type inaddr_any_node_t;
> type net_conf_t;
> type netif_t;
> type node_t;
> type port_t;
> type unconfined_t;
> type unlabeled_t;
>  };
>
> allow httpd_sys_script_t auth_port_t:tcp_socket { name_connect send_msg };
> allow httpd_sys_script_t dns_port_t:tcp_socket { name_connect recv_msg
> send_msg };
> allow httpd_sys_script_t dns_port_t:udp_socket { recv_msg send_msg };
> allow httpd_sys_script_t http_port_t:tcp_socket { name_connect recv_msg
> send_msg };
> allow httpd_sys_script_t inaddr_any_node_t:tcp_socket node_bind;
> allow httpd_sys_script_t inaddr_any_node_t:udp_socket node_bind;
> allow httpd_sys_script_t net_conf_t:file { read getattr};
> allow httpd_sys_script_t netif_t:netif { tcp_recv tcp_send udp_recv
> udp_send };
> allow httpd_sys_script_t node_t:node { tcp_recv tcp_send udp_recv
> udp_send };
> allow httpd_sys_script_t node_t:tcp_socket node_bind;
> allow httpd_sys_script_t port_t:udp_socket name_bind;
> allow httpd_sys_script_t self:tcp_socket { bind connect create getattr
> name_connect read write };
> allow httpd_sys_script_t self:udp_socket { bind create connect getattr
> read write };
> allow httpd_sys_script_t unlabeled_t:association { recvfrom sendto };
> allow unconfined_t self:process execheap;
>
> Save this policy to a file "local.te" and run the following commands:
>
> checkmodule -M -m -o local.mod local.te
> semodule_package -o local.pp -m local.mod
> semodule -i local.pp
>
> 2. Is it possible to add secondary DNS records for domains, i.e. >1 name
> server? If so, how?

just add another NS record, either to the record itself or to the template
There are no 'primary' and 'secondary' NS records, unlike MX.

>
> 3. axfr-get works mush faster if you use the "-R" option to tcpclient.
>
> 4. When the axfr-get completes, I get a page full of errors - the
> following lines are repeated and not necessarily in this order:
>
> Notice: Undefined index: default_soa in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 534
> Notice: Undefined index: default_soa in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 589
> Notice: Undefined index: default_soa in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 604
> Notice: Undefined index: default_ns in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 537
> Notice: Undefined index: default_ns in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 585
> Notice: Undefined index: out_array in
> /var/www/vegadns/vegadns-0.9.9.1/src/functions.php on line 433
>
> If I click in the address bar and hit return, the page displays OK but
> with the following notices:
>
> Notice: Undefined index: default_soa in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 534
> Notice: Undefined index: default_ns in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 537
>
> And, the following error:
>
> Error:  is already in this database
>
> All the domains seem to have imported OK, e.g. if I click on "Domains".
>
> 5. I'd like to see the axfr-transfer code be a little more robust and to
> not fail on protocol errors, i.e. it should continue with the next
> domain in the list and print a list of failed transfers when it finishes
> processing the list of domains.

I run axfr-get from a shell script so I can catch the return codes, then 
process the tinydns data afterwards. Sometimes it has needed munging to fit 
into vegadns, not brilliant. If the named zone files are simple it works OK.


>
> Any help with these issues would be appreciated.
>
> R.

-- 
-
Bob Hutchinson
Midwales dot com
-


Re: [users] Several vegadns issues

2006-04-25 Thread Bob Hutchinson
On Tuesday 25 Apr 2006 02:56, Robin Bowes wrote:
> Robin Bowes wrote:
> > 4. When the axfr-get completes, I get a page full of errors - the
> > following lines are repeated and not necessarily in this order:
> >
> > Notice: Undefined index: default_soa in
> > /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 534
> > Notice: Undefined index: default_soa in
> > /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 589
> > Notice: Undefined index: default_soa in
> > /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 604
> > Notice: Undefined index: default_ns in
> > /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 537
> > Notice: Undefined index: default_ns in
> > /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 585
> > Notice: Undefined index: out_array in
> > /var/www/vegadns/vegadns-0.9.9.1/src/functions.php on line 433
> >
> > If I click in the address bar and hit return, the page displays OK but
> > with the following notices:
> >
> > Notice: Undefined index: default_soa in
> > /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 534
> > Notice: Undefined index: default_ns in
> > /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 537
> >
> > And, the following error:
> >
> > Error:  is already in this database
> >
> > All the domains seem to have imported OK, e.g. if I click on "Domains".
>
> I've fixed all these.

You beat me to it ;-)

make a patch and submit it, perhaps Bill will feed it in.

>
> Basically, variables are being used when they are not yet defined.
>
> In functions.php, I've added "$out_array = '';" to the top of the
> parse_dataline function
>
> In domains.php, I've replaced code like this:
>
> if ( $_REQUEST['default_soa']=="on") ...
>
> with code like this:
>
>  if (isset($REQUEST['default_soa']) && $_REQUEST['default_soa']=="on")
>
> I've also modified axfr-get.php to use the -R option to tcpclient:
>
> $command = "/usr/local/bin/tcpclient -R '" ... etc
>
> R.

-- 
-
Bob Hutchinson
Midwales dot com
-


Re: [users] Several vegadns issues

2006-04-24 Thread Robin Bowes
Robin Bowes wrote:
> 
> 4. When the axfr-get completes, I get a page full of errors - the
> following lines are repeated and not necessarily in this order:
> 
> Notice: Undefined index: default_soa in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 534
> Notice: Undefined index: default_soa in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 589
> Notice: Undefined index: default_soa in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 604
> Notice: Undefined index: default_ns in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 537
> Notice: Undefined index: default_ns in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 585
> Notice: Undefined index: out_array in
> /var/www/vegadns/vegadns-0.9.9.1/src/functions.php on line 433
> 
> If I click in the address bar and hit return, the page displays OK but
> with the following notices:
> 
> Notice: Undefined index: default_soa in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 534
> Notice: Undefined index: default_ns in
> /var/www/vegadns/vegadns-0.9.9.1/src/domains.php on line 537
> 
> And, the following error:
> 
> Error:  is already in this database
> 
> All the domains seem to have imported OK, e.g. if I click on "Domains".

I've fixed all these.

Basically, variables are being used when they are not yet defined.

In functions.php, I've added "$out_array = '';" to the top of the
parse_dataline function

In domains.php, I've replaced code like this:

if ( $_REQUEST['default_soa']=="on") ...

with code like this:

 if (isset($REQUEST['default_soa']) && $_REQUEST['default_soa']=="on")

I've also modified axfr-get.php to use the -R option to tcpclient:

$command = "/usr/local/bin/tcpclient -R '" ... etc

R.