tuxis-ie / nsedit Goto Github PK

This is important when you want to find the "next free IP" while having a lot of entries. Since entries can get deleted it happens that you do not have a full "sequel of IPs" - this woud help finding those.

Thank you!

I have many zones that don't get an updated SOA timestamp after changing records. However, some do. I compared the zones, nothing fancy. (ns records, a cname for the www and that's it) All my zones are native.

I just created a new zone and it uses 20150409xx and increments this number, with 2 numbers everytime. (but today is 20150415) Time/date on the server are correct.

Is something wrong on my end or can someone confirm seeing this also?

PowerAdmin does (did) this, I think it's pretty useful to default to PTR instead of A for new entries in a reverse DNS zone.

Might cook up a PR soonish for this.

Hello,

I'm using/testing nsedit for a week now and I noticed how strange the menu which consists at this time only of 3 menu entries looks like.

Wouldn't it be nicer if the three menu items could move in a horizontal bar on top of the nsedit view? Also it might be useful if this bar could be fixed during scrolling.

The other thing I noticed about nsedit: DNS entries/records should be printed in a monospace font.
The records are technical, so having a monospace font there would fit it probably better.

Is this possible to change?

Greetings,

i tried installing NSedit today, it wasnt working because of this Error:

PHP message: PHP Notice: Undefined variable: apiproto

You forgot to define in zones.php Line 14 that $apiproto must also be a Global, else it wont work ;)

Didnt know how to do a Pull Request so im just trying to help here

First of all, great product. I really enjoy it and its simplicity.

However, would it be possible to add the option to disable a record? As far as I know this would only mean we need to set "disabled: true" when sending it to the API.

The biggest problem I currently see is that we use the whole JSON as ID for the record and that might mean the ID changes when we disable it, but maybe I'm wrong in that sense?

Disabling records would make sense for us as we sometimes want to temporarily not serve some records.

If the ID thing is not a problem, I think I might even easily be able to provide a PR and am willing to do that :).

There's a trivial typo in includes/misc.inc.php .
Line 7 misses a closing bracket:

--- misc.inc.php.ORIG   2015-12-22 15:42:22.662075389 +0100
+++ misc.inc.php    2015-12-21 12:24:43.412742515 +0100
@@ -4,7 +4,7 @@

 $blocklogin = FALSE;

-if ((!isset($apipass) or empty($apipass)) or (!isset($apiip) or empty($apiip)) or (!isset($apiport) or empty($apiport)) or (!isset($apivers) or empty($apivers)) {
+if ((!isset($apipass) or empty($apipass)) or (!isset($apiip) or empty($apiip)) or (!isset($apiport) or empty($apiport)) or (!isset($apivers) or empty($apivers))) {
     $errormsg = 'You need to configure your settings for the PowerDNS API. See <a href="doc/apiconf.txt">doc/apiconf.txt</a>';
     $blocklogin = TRUE;
 }

Thank you

hi,

If I try to access my nsedit installation all my browser sends me warnings about unsecure code.
Seems that there are some hard coded http:// sources.

for example the google font's are included via http

The search should at least search for record names / ips, right-wildcard would be awesome.
Searching for zones is ok, but surely not as useful, or am i wrong? Thanks!

I can add an NS RRSet to a template which is used when creating a zone, but the pre-populated NS records from config.inc (primaryns and secondaryns) cannot be removed; attempting to do so gives an error "Require nameservers".

It would be useful to either allow clearing the two predefine NS or, even better, check if a template has NS and use only those.

Before I jump into nsedit, is there a straight forward way to migrate PowerAdmin data over?

hi

with current git I can only change the password or go to logout. All other buttons don't work. My browser don't even try to send an request.

It would be great to have the (optional..) possibility to have 2, 3 or 4 nameservers as default nameservers. (configurable via config file)

Currently this is limited to 2.

e.g.

+---------+------+-------------------------------------------------------------+
| name    | type | content                                                     |
+---------+------+-------------------------------------------------------------+
| t2.aa   | NS   | ns01.tele.aa                                                |
| t2.aa   | NS   | ns01.tele.aa                                                |
| t2.aa   | NS   | ns02.tele.aa                                                |
| t2.aa   | NS   | ns03.tele.aa                                                |
| t2.aa   | NS   | ns04.tele.aa                                                |
| t.t2.aa | TXT  | "  bla one "                                                |
| w.t2.aa | A    |   1.2.3.4                                                   |
| t2.aa   | SOA  | h.jpmens.net jp.jpmens.org 2015012213 1800 900 604800 86400 |
+---------+------+-------------------------------------------------------------+

In A and TXT records. That is one of the greatest sources of issues with, e.g. PowerAdmin and results in e.g.:

[Error] Duplicate record found in rrset: 't2.aa IN NS ns01.tele.aa'
[Warning] Parsed and original record content are not equal: w.t2.aa IN A '  1.2.3.4' (Content parsed as '1.2.3.4')
Checked 8 records of 't2.aa', 1 errors, 1 warnings.

Edit A record. Change TTL. Hit Save.

I've installed nsedit on a fresh ubuntu 16.04, but for some reason it doesn't seem to work.
The menu on the upper right corner doesn't react (just the logout button). Changing the password works - thats about it.

curl and openssl are enabled.
here is the phpinfo: http://dns.petzsch.eu/test.php

if you want to login: http://dns.petzsch.eu (user/pass: XXXXX) will change that later.

I've added a zone in the mysql db and
curl -H 'X-API-Key: XXXXXX' http://dns.petzsch.eu:8080/api/v1/servers/localhost/zones | jq .

shows the zone. (will change the apikey as well - just for debugging)

pdns 3.4 / postgresql

The current pdwn schema requires a priority parameter - it should be at least part of the request priority:0 .. otherwise an API error will stop people for create records using the ui.

Some browsers refuse to load http resources when the site is using https.

using "//hostname/path" makes sure the browser keeps using http or https for fetching resources depending on the current protocol.

fix:

perl -p -i -e 's|http://themes.googleusercontent.com|//themes.googleusercontent.com|g' $(grep -rl http://themes.googleusercontent.com .)

PowerDNS version 3.4.1
When i tried to add or modify any (A, CNAME) record, i got an error: "API Error 422: Key 'priority' not an Integer or not present".

Thanks for NSEdit!
Some small problems with HTTPS though: mixed content warnings when accessing via HTTPS.

In the theme files in jtable/lib/themes/metro//.css, references for example go to http://themes.googleusercontent.com/static/fonts/opensans/v6/DXI1ORHCpsQm3Vp6mXoaTRa1RVmPjeKy21_GQJaLlJI.woff but removing http: makes them also work on https domains.
Can you please change them to // instead of http://?

Hi installed nsedit and tried to login with admin/admin and never gets authenticated.

PHP Notice: Use of undefined constant CSRF_TOKEN - assumed 'CSRF_TOKEN' in /home/rpenugonda/nsedit/index.php on line 125

Also i am able to see the user in the DB itself
sqlite> select * from users;
1|admin|$6$41f03d9acdc52ee6$nSYlWjbZ1MXO.9j//.Mz4RJTB.uS51k4FTlVzvsE3jFTFtncxKIdCKWlZcHJdkCv4Dhuzto9e7zdSD7CFM1u20|1

Some directory needs to be writeable by the Web server: it is ../etc:

mkdir ../etc
chmod 777 ../etc

PDNS 3.4 + postgresql (8.4)

Every zone is listed 2 times. Creating a new zone using the UI als creates an 2 entriess. Deleting an entry deletes both entries - so its just a visualization bug, not really dupes in the backend

When looking at records of a zone it would be very nice to be able to detach the main zone part from the record like this:

zone: test.com

subdns1.          test.com
subdns10.         test.com
subdns100.        test.com

Instead of

zone: test.com

subdns1.test.com
subdns10.test.com
subdns100.test.com

This would give a more structural appearance to the list of records.

Hello,

I noticed that nsedit is loading some themes from google, which leads to some warnings on my browser when nsedit is accessed via https.

Would it be possible, from the standpoint of security considerations to add those themes directly to nsedit instead loding them from a 3rd-party website?

Normal (non - admin) users can edit/delete/add NS and SOA RRset.

A useful enhancement would be to have that configurable; I personally believe that these administrative records should not be mucked about with by users. :-)

When trying to log in the portal we see the following error in the log file:

[:error] [pid 5767] [client x.x.x.x:54715] PHP Fatal error: Call to a member function bindValue() on a non-object in /var/www/html/includes/misc.inc.php on line 111, referer: http://x.x.x.x/index.php

You should declare a function a a static function if you want to call it without an object.
Could you help us with this ?

Kind regards,

J.Prinse

hi,

I try to add an dkim entry with the webinterface. Seems some escaping went wrong:

default._domainkey.test descriptive text "'"v=DKIM1; k=rsa; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDndATEFTiqWfbASh5Uft8+sUDGwlSVudpng3dLwMtSkFPY7PGrOyHgidsS3NbATJaiv4tPP8m77yeatiOA67dtoAZ+2gUhhIEm7TYnJKGFIL8ByqBnO9zXLnK43LHMyN3w+9aXczIpB4uqSOmzB40ORQ0qSmjGLPI/XN+IVfkB5wIDAQAB"'"

normal itlooks like:

default._domainkey.test descriptive text "v=DKIM1; k=rsa; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDndATEFTiqWfbASh5Uft8+sUDGwlSVudpng3dLwMtSkFPY7PGrOyHgidsS3NbATJaiv4tPP8m77yeatiOA67dtoAZ+2gUhhIEm7TYnJKGFIL8ByqBnO9zXLnK43LHMyN3w+9aXczIpB4uqSOmzB40ORQ0qSmjGLPI/XN+IVfkB5wIDAQAB"

In update/delete the word "record" is used, where "zone" would be more appropriate.

When having a zone in NSEC3 mode, adding a record to it without running pdnssec rectify-zone xxx or pdnssec rectify all zones results in NXDOMAIN response.

Is there a way nsedit could run pdnssec to rectify the zone it just "edited"?

Since A and PTR records are very often paired, it would be convenient to be able to add them as a pair. Auto-detecting the PTR zone would be nifty, but not absolutely necessary.

Even cooler would be the ability to edit them as a pair, but that's rather more difficult.

When adding a domain, copying the records from an existing domain would be a nice feature.

Needed when a customer has a view webservers and mailservers and needs an extra domain but it happens not frequently enough to create a template.

I've noticed that OpenSSL module support in PHP is indeed a requirement for nsedit to work.

But it's not mentioned in the requirements. You might wanna add it, so someone else won't have to trip on that landmine that i did.

The init of the SQLite3 DB will throw a 500 the first run due to it trying to call openssl_random_pseudo_bytes(16). But it will not fail the DB transaction.

So the consequence is that the DB scheme is created but the admin/admin user is never inserted into the DB.

Maybe a try() clause or so should be implemented to have it "fail" if the admin user cannot be created. Rather than silently fail.

Cheers .

1. Click "export zone"
2. Press browser's "back" button.

I installed+configured nsedit, but got an error An error occured while communicating to the server. PHPs error-logs showed that php-curl is needed.

This should be noted in the README and checked on a test-settings page.

Scenario:

banana.sid3windr.be CNAME apple.sid3windr.be

Click edit, select A in dropdown instead of CNAME, enter 127.0.0.1

Result:

banana.sid3windr.be CNAME apple.sid3windr.be
banana.sid3windr.be A 127.0.0.1

Expected result:

banana.sid3windr.be A 127.0.0.1

Seeing the following errors after updating to latest code. Thoughts? At login screen you enter username/password and it just sits here. Below is what is in the apache error logs.

[Thu Jan 07 15:46:07.695556 2016] [:error] [pid 2093] [client 192.168.1.188:56247] PHP Notice: Undefined variable: apivers in /var/www/html/nsedit/includes/misc.inc.php on line 12
[Thu Jan 07 15:46:07.695583 2016] [:error] [pid 2093] [client 192.168.1.188:56247] PHP Notice: Undefined variable: apivers in /var/www/html/nsedit/includes/misc.inc.php on line 49
[Thu Jan 07 15:46:07.695671 2016] [:error] [pid 2093] [client 192.168.1.188:56247] PHP Notice: Undefined variable: menutype in /var/www/html/nsedit/index.php on line 29
[Thu Jan 07 15:46:41.251464 2016] [:error] [pid 17692] [client 192.168.1.188:56255] PHP Warning: include_once(includes/config.inc.php): failed to open stream: No such file or directory in /var/www/html/nsedit/index.php on line 3
[Thu Jan 07 15:46:41.251495 2016] [:error] [pid 17692] [client 192.168.1.188:56255] PHP Warning: include_once(): Failed opening 'includes/config.inc.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/html/nsedit/index.php on line 3
[Thu Jan 07 15:46:41.251671 2016] [:error] [pid 17692] [client 192.168.1.188:56255] PHP Notice: Undefined variable: apivers in /var/www/html/nsedit/includes/misc.inc.php on line 12
[Thu Jan 07 15:46:41.251719 2016] [:error] [pid 17692] [client 192.168.1.188:56255] PHP Notice: Undefined variable: apivers in /var/www/html/nsedit/includes/misc.inc.php on line 49
[Thu Jan 07 15:46:41.251814 2016] [:error] [pid 17692] [client 192.168.1.188:56255] PHP Notice: Undefined variable: menutype in /var/www/html/nsedit/index.php on line 29

Been trying to get this to work now with multiple linux distro and powerdns versions. Currently 3.4.7 but always get this message

Are there currently any issues with powerdns 3.4.7 and nsedit?

A zone should be opened when the row is clicked

Hi,

What we really are missing is an option to add an ip at zone creation. And let us use this IP adress in a template. So we can create records such as www with the specified ip.

• Rodehoed

Hello.

nsedit commit 794fcb6
mysql Server version: 5.5.44
pdns-static_3.4.8
Ubuntu 14.04.3 LTS

From web interface I can't delete domain/zone
I can delete record, but not domain.

Please find logs:

PowerDNS:

Apr  1 12:33:07 ab-dns1 pdns[10008]: Query: select domains.id, domains.name, records.content, domains.type, domains.master, domains.notified_serial, domains.last_check, domains.account from domains LEFT JOIN records ON records.domain_id=domains.id AND records.type='SOA' AND records.name=domains.name WHERE records.disabled=0 OR 1

Apr  1 12:33:07 ab-dns1 pdns[10008]: Query: select id,name,master,last_check,notified_serial,type,account from domains where name='artemit.local'

Apr  1 12:33:07 ab-dns1 pdns[10008]: Query: SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and type='SOA' and name='artemit.local'

Apr  1 12:33:07 ab-dns1 pdns[10008]: Query: select id,name,master,last_check,notified_serial,type,account from domains where name='artemit.local'

Apr  1 12:33:07 ab-dns1 pdns[10008]: Query: SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and type='SOA' and name='artemit.local'

Apr  1 12:33:07 ab-dns1 pdns[10008]: Query: delete from records where domain_id=57

Apr  1 12:33:07 ab-dns1 pdns[10008]: Query: delete from domainmetadata where domain_id=(select id from domains where name='artemit.local')

Apr  1 12:33:07 ab-dns1 pdns[10008]: Query: delete from cryptokeys where domain_id=(select id from domains where name='artemit.local')

Apr  1 12:33:07 ab-dns1 pdns[10008]: Query: DELETE FROM comments WHERE domain_id=57

Apr  1 12:33:07 ab-dns1 pdns[10008]: Query: delete from domains where name='artemit.local'

Apr  1 12:33:07 ab-dns1 pdns[10008]: Query: select domains.id, domains.name, records.content, domains.type, domains.master, domains.notified_serial, domains.last_check, domains.account from domains LEFT JOIN records ON records.domain_id=domains.id AND records.type='SOA' AND records.name=domains.name WHERE records.disabled=0 OR 1

MySQL:

1628 Connect    pdns@localhost on pdns

1628 Query  SET autocommit=0

1628 Query  SET SESSION tx_isolation='READ-COMMITTED'

1628 Query  select id,name,master,last_check,notified_serial,type,account from domains where name='artemit.local'

1628 Query  SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and type='SOA' and name='artemit.local'

1628 Query  select id,name,master,last_check,notified_serial,type,account from domains where name='artemit.local'

1628 Query  SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and type='SOA' and name='artemit.local'

1628 Query  delete from records where domain_id=57

1628 Query  delete from domainmetadata where domain_id=(select id from domains where name='artemit.local')

1628 Query  delete from cryptokeys where domain_id=(select id from domains where name='artemit.local')

1628 Query  DELETE FROM comments WHERE domain_id=57

1628 Query  delete from domains where name='artemit.local'

1628 Quit

What I see, that nsedit didn't send "commit" command. And due to mysql server has setting autocommit= off, domain was not deleted.

If I set autocommit=on, everything is fine.

Hello.

Right now only the admin can change passwords of users. It would be nice if a user could do that him/herself.

Also, it would be nice to let the user verify the entered password so the chance of locking yourself out becomes smaller.

Great work on this by the way. It's a lot nicer than the ones I've tried before.

Cheers,
Ralf

Hey All,

Is there a manual for the nsedit experimental api? I would like to use it for managing my dns from an external location, but I can't find any info how to use it.

Hi,

how can i create a star entry? like
*.example.net. A 127.0.0.1

i get a
API Error 422: Label '*.example.net.' contains unsupported characters

hi,

ich would be nice if we would have some kind of version control for the zone so that you can revoke changes and have a log who has changed the zone and what was changed.

The PowerDNS API now exposes domains.account via the API. It would be nice if nsedit would allow this to be set on Add new zone and edited on Edit zone.

At the moment you cannot sort or filter the domains view. Similar functionality as datatables would be nice, but at least data should be sorted by name.

hi,

please add groups so that more than one user can edit a domain.

I was only able to restore function with api v1 doing the following but i'm sure there is a cleaner way to get there, so this is more a note that there seem to be some issues and not a suggestion to make use of the changes below. ;-)

--- a/zones.php
+++ b/zones.php
@@ -13,7 +13,15 @@ if (!is_csrf_safe()) {
 function api_request($path, $opts = null, $type = null) {
     global $apiproto, $apisslverify, $apisid, $apiuser, $apipass, $apiip, $apiport, $authmethod, $apipath;

-    $url = "$apiproto://$apiip:$apiport${apipath}${path}";
+    syslog(LOG_INFO, "path: " . $path);
+
+    if(preg_match("/^api\/v1/", $path)) {
+       $url = "$apiproto://$apiip:$apiport/${path}";
+       syslog(LOG_INFO, "preg url: " . $url);
+    } else {
+       $url = "$apiproto://$apiip:$apiport${apipath}${path}";
+       syslog(LOG_INFO, "url: " . $url);
+    }

     if ($authmethod == "auto") {
         $ad = curl_init();
@@ -140,12 +148,12 @@ function make_record($zone, $input) {

     if ('' == $name) {
         $name = $zone['name'];
-    } elseif (string_ends_with($name, '.')) {
-        # "absolute" name, shouldn't append zone[name] - but check.
-        $name = substr($name, 0, -1);
-        if (!string_ends_with($name, $zone['name'])) {
-            jtable_respond(null, 'error', "Name $name not in zone ".$zone['name']);
-        }
+    #} elseif (string_ends_with($name, '.')) {
+    #    # "absolute" name, shouldn't append zone[name] - but check.
+    #    $name = substr($name, 0, -1);
+    #    if (!string_ends_with($name, $zone['name'])) {
+    #        jtable_respond(null, 'error', "Name $name not in zone ".$zone['name']);
+    #    }
     } else if (!string_ends_with($name, $zone['name'])) {
         $name = $name . '.' . $zone['name'];
     }