cgi script for managing DNS
This cgi script uses zone transfers and secure dynamic updates
to manage DNS zones.
I wrote this when I needed to manage my home DNS and I got
tired of remembering the nsupdate syntax ;)
The script has a couple of benefits:
- Once you start using dynamic updates, the zone transfers to
secondaries will be incremental (much faster)
- Because the server is maintining the zone, its impossible to
add syntactically incorrect entries into the zone.
The script (actually, not the script, but dynamic updates) have a couple
of nasty side-effects too:
- Once you start using dynamic updates, you can no longer
edit the zone file directly.
- You can't even look at zone file
to check the zone contents - since there is a .jnl file that
modifies the contents of the zone in memory.
Download the script here and name it dns.cgi
Download parse.sh here
How to set it up
Suggestions
- you should definitely ensure that users must authenticate before running
this cgi script
- you should probably run this on an SSL-based web site
Thanks!
Thanks to Tim Wilfong for supplying a patch to cause zone transfer requests to
be sent to the server specified in the SOA RR rather than to the default
DNS server for the server where the CGI is running.