<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>These projects tend to be custom... there may be a prepackaged
solution, but everything I've run into has either been tied to the
specific abstractions of a project - or very low level.<br>
</p>
<p>Mine uses the Perl Net::DNS module to setup update transactions.</p>
<p>Net::DNS gives you the ability to send update, use TSIG, get all
the response fields conveniently, and get display text. It's
pretty well supported - and the basis for a number of DNS tools
and tests.</p>
<p>When first approached, it can be, er, less than obvious exactly
how to make UDPATE work. If you get stuck, I can probably extract
the code to do (TSIG-signed) updates.<br>
</p>
<p>As for the next layer - XML or whatever - that's another
project. If you speak Perl, it would not be difficult to wrap
Net::DNS to meet your needs.</p>
<p>P.S. Other than using it (and reporting the occasional bug), I
have no relationship with Net::DNS :-)<br>
</p>
<p>Timothe Litt
</p>
<pre class="moz-signature" cols="72">ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.
</pre>
<div class="moz-cite-prefix">On 01-Apr-20 05:07, Petr Bena wrote:<br>
</div>
<blockquote type="cite"
cite="mid:%3Cb2611eef-5bec-7158-46da-66bd1130ee13@bena.rocks%3E">Hello,
<br>
<br>
Some preamble: Some time ago I created an open source DNS admin
web GUI *1 that is basically a wrapper around dig and nsupdate
that allows people with "less CLI knowledge" to easily manipulate
DNS records. The main reason for this was that in our corporation
we have about 400 internal DNS zones hosted on over 100 different
BIND master servers, in more than 10 countries around the planet
and this tool allowed us to unify the management as it allowed
integration with different master servers, allow granular role
based access for individual zones (integrated with LDAP groups),
including some web API for our automation tools etc.
<br>
<br>
Now to the actual problem: as I said, this tool is just a wrapper
around nsupdate and dig, I like it that way because it's
non-invasive, unlike other similar DNS admin panels, it doesn't
require ANY changes on DNS server configuration and it integrates
well with other solutions already in place. The problem I have
however, is, that nsupdate was created as a tool for humans,
rather than machines and parsing its output and even giving it
input is very hard. Plus some things don't even seem to be
possible in it.
<br>
<br>
Is there any alternative to nsupdate, something that can work with
XML or JSON payloads or provide output in such machine parseable
format? For example, typical problem I am facing right now - is
that nsupdate silently ignores things that IMHO shouldn't be
ignored - for example when someone try to add a record that
already exists, or try to add an A record over CNAME, nsupdate
silently ignores this, even in debug output I can't see any
difference, in first send the record is created, resulting in
NOERROR, in second identical send, update is ignored resulting in
NOERROR, so I have no way to tell users of my app that record was
not in fact created or changed (because it already exists). For
example:
<br>
<br>
Here is operation where I first add a CNAME record and then try to
add same A record (imagine two different users were doing this so
user B was unaware that CNAME already exists) you can see in both
cases nsupdate respond with same answer, despite record is created
only in first case. And on top of that this answer is not easy to
machine parse.
<br>
<br>
> debug
<br>
> update add petrbena.test.zone. 600 CNAME this.is.test.
<br>
> send
<br>
Sending update to 10.15.12.17#53
<br>
Outgoing update query:
<br>
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:
48433
<br>
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
<br>
;; ZONE SECTION:
<br>
;test.zone. IN SOA
<br>
<br>
;; UPDATE SECTION:
<br>
petrbena.test.zone. 600 IN CNAME this.is.test.
<br>
<br>
;; TSIG PSEUDOSECTION:
<br>
server. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1585729680
300 16 xx== 48433 NOERROR 0
<br>
<br>
<br>
Reply from update query:
<br>
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:
48433
<br>
;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
<br>
;; ZONE SECTION:
<br>
;test.zone. IN SOA
<br>
<br>
;; TSIG PSEUDOSECTION:
<br>
server. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1585729680
300 16 xx== 48433 NOERROR 0
<br>
<br>
> update add petrbena.test.zone. 600 A 0.0.0.0
<br>
> send
<br>
Sending update to 10.15.12.17#53
<br>
Outgoing update query:
<br>
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:
30709
<br>
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
<br>
;; ZONE SECTION:
<br>
;test.zone. IN SOA
<br>
<br>
;; UPDATE SECTION:
<br>
petrbena.test.zone. 600 IN A 0.0.0.0
<br>
<br>
;; TSIG PSEUDOSECTION:
<br>
<br>
server. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1585729721
300 16 xx== 30709 NOERROR 0
<br>
<br>
<br>
Is there any alternative to nsupdate that can do this? Or some
newer version of nsupdate that can acomplish this?
<br>
<br>
Thanks
<br>
<br>
<br>
*1 <a class="moz-txt-link-freetext" href="https://github.com/benapetr/dnsphpadmin">https://github.com/benapetr/dnsphpadmin</a>
<br>
<br>
<br>
</blockquote>
</body>
</html>