These projects tend to be custom... there may be a prepackaged solution, but everything I've run into has either been tied to the specific abstractions of a project - or very low level.
Mine uses the Perl Net::DNS module to setup update transactions. Net::DNS gives you the ability to send update, use TSIG, get all the response fields conveniently, and get display text. It's pretty well supported - and the basis for a number of DNS tools and tests. When first approached, it can be, er, less than obvious exactly how to make UDPATE work. If you get stuck, I can probably extract the code to do (TSIG-signed) updates. As for the next layer - XML or whatever - that's another project. If you speak Perl, it would not be difficult to wrap Net::DNS to meet your needs. P.S. Other than using it (and reporting the occasional bug), I have no relationship with Net::DNS :-) Timothe Litt ACM Distinguished Engineer -------------------------- This communication may not represent the ACM or my employer's views, if any, on the matters discussed. On 01-Apr-20 05:07, Petr Bena wrote: > Hello, > > Some preamble: Some time ago I created an open source DNS admin web > GUI *1 that is basically a wrapper around dig and nsupdate that allows > people with "less CLI knowledge" to easily manipulate DNS records. The > main reason for this was that in our corporation we have about 400 > internal DNS zones hosted on over 100 different BIND master servers, > in more than 10 countries around the planet and this tool allowed us > to unify the management as it allowed integration with different > master servers, allow granular role based access for individual zones > (integrated with LDAP groups), including some web API for our > automation tools etc. > > Now to the actual problem: as I said, this tool is just a wrapper > around nsupdate and dig, I like it that way because it's non-invasive, > unlike other similar DNS admin panels, it doesn't require ANY changes > on DNS server configuration and it integrates well with other > solutions already in place. The problem I have however, is, that > nsupdate was created as a tool for humans, rather than machines and > parsing its output and even giving it input is very hard. Plus some > things don't even seem to be possible in it. > > Is there any alternative to nsupdate, something that can work with XML > or JSON payloads or provide output in such machine parseable format? > For example, typical problem I am facing right now - is that nsupdate > silently ignores things that IMHO shouldn't be ignored - for example > when someone try to add a record that already exists, or try to add an > A record over CNAME, nsupdate silently ignores this, even in debug > output I can't see any difference, in first send the record is > created, resulting in NOERROR, in second identical send, update is > ignored resulting in NOERROR, so I have no way to tell users of my app > that record was not in fact created or changed (because it already > exists). For example: > > Here is operation where I first add a CNAME record and then try to add > same A record (imagine two different users were doing this so user B > was unaware that CNAME already exists) you can see in both cases > nsupdate respond with same answer, despite record is created only in > first case. And on top of that this answer is not easy to machine parse. > > > debug > > update add petrbena.test.zone. 600 CNAME this.is.test. > > send > Sending update to 10.15.12.17#53 > Outgoing update query: > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 48433 > ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 > ;; ZONE SECTION: > ;test.zone. IN SOA > > ;; UPDATE SECTION: > petrbena.test.zone. 600 IN CNAME this.is.test. > > ;; TSIG PSEUDOSECTION: > server. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1585729680 300 > 16 xx== 48433 NOERROR 0 > > > Reply from update query: > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 48433 > ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 > ;; ZONE SECTION: > ;test.zone. IN SOA > > ;; TSIG PSEUDOSECTION: > server. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1585729680 300 > 16 xx== 48433 NOERROR 0 > > > update add petrbena.test.zone. 600 A 0.0.0.0 > > send > Sending update to 10.15.12.17#53 > Outgoing update query: > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 30709 > ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 > ;; ZONE SECTION: > ;test.zone. IN SOA > > ;; UPDATE SECTION: > petrbena.test.zone. 600 IN A 0.0.0.0 > > ;; TSIG PSEUDOSECTION: > > server. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1585729721 300 > 16 xx== 30709 NOERROR 0 > > > Is there any alternative to nsupdate that can do this? Or some newer > version of nsupdate that can acomplish this? > > Thanks > > > *1 https://github.com/benapetr/dnsphpadmin > >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
