cmouse / pdns-v6-autorev Goto Github PK

View Code? Open in Web Editor NEW

17.0 4.0 3.0 67 KB

PowerDNS v6 autoreverse

License: GNU General Public License v2.0

Perl 100.00%

pdns-v6-autorev's Introduction

PowerDNS Automatic Autoreverse generator for IPv6 addresses

Required software

You'll need following perl modules for this software to work

JSON::Any
JSON::XS,JSON::DWIW or JSON
DBI
DBD::mysql, DBD::sqlite or DBD::Pg

For debian users

apt-get install libjson-any-perl libjson-xs-perl libdbi-perl

MySQL

apt-get install libdbd-mysql-perl

SQLite3

apt-get install libdbd-sqlite3-perl

PostgreSQL

apt-get install libdbd-pg-perl

PowerDNS configuration

Minimum required version of PowerDNS is 3.3.

Make sure your schema has been upgraded, as this script expects your schema to conform with the one recommended for 3.3. You should have 'auth' field in records table, and domainmetadata table present. The auth field is only required to be present, if you enable DNSSEC support, otherwise the value is ignored.

Use the following configuration in powerdns config file for mysql

launch=remote,gmysql
remote-connection-string=pipe:command=/path/to/rev.pl,timeout=2000,dsn=DBI:mysql:database,username=user,password=pass
remote-dnssec=yes/no # depending on your choice

Use the following configuration in powerdns config file for sqlite

launch=remote,gsqlite3
remote-connection-string=pipe:command=/path/to/rev.pl,timeout=2000,dsn=DBI:SQLite:dbname=/path/to/db,username=user,password=pass
remote-dnssec=yes/no # depending on your choice

Use the following configuration in powerdns config file for postgresql

launch=remote,gpgsql
remote-connection-string=pipe:command=/path/to/rev.pl,timeout=2000,dsn=DBI:Pg:dbname=database;host=127.0.0.1;port=5432,username=user,password=pass
remote-dnssec=yes/no # depending on your choice

pipe backend is recommended. if you want to use unix or http, you need to do extra work. For unix connector mode it is possibly enough to use socat.

If you want to change the default prefix 'node' into something else, add prefix=something in the connection string.

Configuring zones

To enable autorev feature for zones, you'll need a reverse and forward zone. Add into domain metadata following entries

for forward zone

AUTODNS, id-of-reverse-zone

for reverse zone

AUTODNS, id-of-forward-zone

The script uses this information to pick up your forward and reverse zones and serve them via the script.

If you want to configure per-domain prefix for the value, use AUTOPRE key for this.

WARNING: Rectify-zone is not currently supported thru the script, so you need to either disable dnssec, or run rectify-zone thru gmysql (or gsqlite3/gpgsql).

DNSSEC

To enable DNSSEC you need to first run secure-zone and then set-nsec3 with narrow. Only NSEC3 narrow is supported for forward zones, you can use NSEC/NSEC3 non-narrow for reverse zones.

Support

Please file a ticket in github for any support issues.

pdns-v6-autorev's People

Contributors

Stargazers

Watchers

Forkers

lennie james-tr twikz

pdns-v6-autorev's Issues

More specific zones are not used

When I have a ::/48 ip6.arpa zone and a more specific ::/64 ip6.arpa zone the ::/48 is still used.

Is this by design and could this be altered to the above described behaviour?

Database module reported permanent error which prevented lookup (Coprocess backend sent incorrect response 'OK#011Automatic reverse generator v1.0 starting')

I fixed this by commenting line 139:

if ($use_database) {
#print "LOG\tLoading domains from database\n";
load_domaintable;
}

More specific zones are not used

When I have a ::/48 ip6.arpa zone and a more specific ::/64 ip6.arpa zone the ::/48 is still used.

Is this by design and could this be altered to the above described behaviour?

PostgreSQL pdnssec secure-zone error

nimbus powerdns # pdnssec secure-zone dal-01.v6.for-no-reason.net
Securing zone with rsasha256 algorithm with default key size
DBD::Pg::db last_insert_id failed: last_insert_id needs at least a sequence or table name at /etc/powerdns/rev.pl line 482, <> line 5.
Use of uninitialized value $kid in int at /etc/powerdns/rev.pl line 485, <> line 5.
DBD::Pg::db last_insert_id failed: last_insert_id needs at least a sequence or table name at /etc/powerdns/rev.pl line 482, <> line 8.
Use of uninitialized value $kid in int at /etc/powerdns/rev.pl line 485, <> line 8.
Zone dal-01.v6.for-no-reason.net secured
Adding NSEC ordering information

Properly secures the zone, no idea why it's throwing this error though.

Mandatory trailing dot in pdns-4.x.x breaks plugin

PowerDNS 4.x.x now adds a mandatory trailing "." to the end of every qname. I'm not sure when this first started, but I've had to make a slight adjustment to fix the database queries being performed for zone matching.

autoreverse questions

Hello,

I'm trying to make autoreverse work.

here's my pdns config :
launch=remote,gmysql
remote-connection-string=pipe:command=/usr/local/src/pdns-v6-autorev/rev.pl,timeout=2000,dsn=DBI:mysql:pdns,username=pdns,password=pdns
remote-dnssec=no # depending on your choice

In my mysql DB, I have :

mysql> select * from domainmetadata;
+----+-----------+---------+---------+
| id | domain_id | kind | content |
+----+-----------+---------+---------+
| 2 | 2 | AUTODNS | 1 |
+----+-----------+---------+---------+

mysql> select * from records where type='A';
+----+-----------+-------------------+------+---------+-------+------+-------------+----------+-----------+------+
| id | domain_id | name | type | content | ttl | prio | change_date | disabled | ordername | auth |
+----+-----------+-------------------+------+---------+-------+------+-------------+----------+-----------+------+
| 6 | 1 | test.zone-dev.fr | A | 1.2.3.4 | 86400 | 0 | 1457365376 | 0 | NULL | 1 |
+----+-----------+-------------------+------+---------+-------+------+-------------+----------+-----------+------+

testing :
[root@ipv6 pdns-v6-autorev]# dig test.zone-dev.fr @localhost +short
1.2.3.4
[root@ipv6 pdns-v6-autorev]# dig -x 1.2.3.4 @localhost +short
-> returns nothing
[root@ipv6 pdns-v6-autorev]# dig PTR 4.3.2.1.in-addr.arpa @127.0.0.1 +short
-> returns nothing

Can you help me with that please ?

regards

PS : I have warnings in pdns logfile :
Use of implicit split to @_ is deprecated at /usr/local/src/pdns-v6-autorev/rev.pl line 650.

JSON::Any vs JSON::MaybeXS

I have noticed that JSON::Any has been marked as "deprecated", and as such is eventually slated for removal (This is at least the case for Gentoo, not sure how other Distributions will handle this)

Where possible, JSON::MaybeXS can be used as a direct drop-in replacement ... I have tested this myself and haven't noticed any difference in behaviour.