Click the comments link on any story to see comments or add your own.
Subscribe to this blog
10 Aug 2017
Yesterday's article introduced my DNS extension language, intended to make it easier to add new DNS record types to DNS software. It described a new perl module Net::DNS::Extlang that uses the extension language to automatically create perl code to handle new RRTYPEs. Today we look at my second project, intended to let people create DNS records and zone files with new RRTYPEs.
I've long had a DNS "toaster", a web site where my users and I could manage our DNS zones. Rather than limit users to a small list of RRTYPEs, it lets users edit the text of their zone files, which works fine except when it doesn't. Every hour a daemon takes any changed zonefiles, signs them, and passes them to the DNS servers. With no syntax check in the toaster, if there's a syntax error in a zone file, the entire rebuild process fails until someone (usually me) notices and fixes it.
Since the toaster is written in python, I wrote a python library that uses the same extension language to do syntax checked zone edits, and a simple version of the toaster as a django app that people can start with. The syntax checker does two things: one is to read text strings that are supposed to be DNS master files, or single master records and check whether they're valid. The other is to create and parse HTML forms for DNS records to help people enter valid ones.
To show how this works, I put a series of screen shots in this PDF so you can follow along.
The first screen shows the site after you log in, with a few existing random domains. If you the Create tab, you get the second screen, which lets you fill in the domain name and (if you're a site admin) the name of the user who owns the site. Click Submit, and now you're on the edit page, where you can see the zone has been created with a single comment record, just so it wouldn't be empty.
There's a New Record: section where you can choose the record type you want to create, and click Add. The set of record types is created on the fly from the extension language database in the DNS that I described in the last blog post, so you can create and later edit any RRTYPE that the extension language can describe. We choose MX and click Add, which gives us a screen with a form that has all of the fields in the MX record. This form is also created on the fly by the extension language library, so for each rrtype, it will show an appropriate form with prompts for each field. Fill in the form and click Submit, and the record is added to the zone file if it's valid.
The next screen shows what happens if you get the syntax wrong, in this case an A record with an invalid IPv4 address. The extension library has a class for every field type that produces helpful error messages in case of syntax errors.
Since sometimes it's tedious to edit a record at a time, there's also a Block edit mode, shown in the next screen, where you can edit the zone as a block of text. When you submit the changes, it syntax checks the zone. The next screen shows an error message for an AAAA record with an invalid IPv6 address.
Not shown are some other odds and ends, notably a batch script that exports a list of zone names and a set of zone files that you can give you your DNS server. The django app is only about 1000 lines of python, of which about 1/3 is managing the various web pages, 1/3 is connecting the extlang library to the forms generated by django's forms class, and 1/3 is everything else.
The python library is in pypi at https://pypi.python.org/pypi/dnsextlang/, currently python3 only.
The django app is on github at https://github.com/jrlevine/editdns, written in django 1.9 and python3. It uses the dnsextlang library, of course.
comments... (Jump to the end to add your own comment)
Add your comment...
Note: all comments require an email address to send a confirmation to verify that it was posted by a person and not a spambot. The comment won't be visible until you click the link in the confirmation. Unless you check the box below, which almost nobody does, your email won't be displayed, and I won't use it for other purposes.
My other sites
A keen grasp of the obvious
Coalition Against Unsolicited Commercial E-mail
© 2005-2020 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.