cyso / tonicdns Goto Github PK

Hi, i cant auth to tonicsdns. All times i get this:

[root@localhost usr]# curl -k -X PUT https://localhost/authenticate -d @./token.json
{"error":"Username and/or password was invalid.","detail":{"code":"AUTH_INVALID_CREDENTIALS"}:

May be i try wrong accounts? As i understand, this authenticate takes data from "users" table of powerdns data base. Right?
Or may be my problem in something else?

The extended error codes in #5 (and mentioned in #2) should be checked in the unit tests, to determine if we are getting the errors we're expecting during the tests.

Database mocking from #2 should be extended to make the CNAME uniqueness checks testable. This means that we should provide a small SQLite database with zone information, or some other resettable and queryable set of records, to check against.

Hello,

Could you please help me. I am trying to create TXT record using TonicDNS Api, when trying to create it with request body {"records":[{"name":"testtest.ru","type":"TXT","content":"hello","priority":null}]} I got error with message "Record content is not valid. A TXT record must provide a valid quoted string." after adding quotes and escaping them according to JSON escaping rules I got request body {"records":[{"name":"testtest.ru","type":"TXT","content":""hello"","priority":null}]} and response with code BODY_MALFORMED

This makes me believe, that you have some special escaping rules in your JSON parsing library. So how exactly should I form request body for TXT record type.

Thank you.

Reverse DNS records (ARPA records) are part of normal DNS operation. Currently, you can query zones with an IP address, and receive the relevant most specific ARPA zone if it can find it. But what if you only want to edit a single IP address, or don't want to retrieve an entire zone. The following features are required:

• Retrieve ARPA records for single IPs
• Retrieve ARPA records for IP subnets
• Manage ARPA records as a RESTful resource
• Proper validation on all input

Just cloned from master today, when it fails to connect to the PDO database for authentication catching exception doesn't work as it should:

[Sun Mar 31 13:06:54 2013] [error] [client ] PHP Stack trace:
[Sun Mar 31 13:06:54 2013] [error] [client ] PHP 1. {main}() /var/www/tonicdns/TonicDNS/docroot/dispatch.php:0
[Sun Mar 31 13:06:54 2013] [error] [client ] PHP 2. Request->loadResource() /var/www/tonicdns/TonicDNS/docroot/dispatch.php:26
[Sun Mar 31 13:06:54 2013] [error] [client ] PHP 3. AuthenticationResource->__construct() /var/www/tonicdns/TonicDNS/lib/tonic.php:557

if i remove ->message:
PHP Fatal error: exception 'Exception' with message 'Failed to open database connection' in /var/www/tonicdns/TonicDNS/lib/pdo_token_backend.php:71\nStack trace:\n#0 /var/www/tonicdns/TonicDNS/classes/AuthenticationResource.class.php(47): PDOTokenBackend->__construct()\n#1 /var/www/tonicdns/TonicDNS/lib/tonic.php(557): AuthenticationResource->__construct(Array)\n#2 /var/www/tonicdns/TonicDNS/docroot/dispatch.php(26): Request->loadResource()\n#3 {main} in /var/www/tonicdns/TonicDNS/classes/AuthenticationResource.class.php on line 55

Hi, in your example
{
"name": "example.org",
"type": "MASTER",
"master": null,
"templates":
[
{
"identifier": "sample1"
}
],
"records":
[
{
"name": "www.example.org",
"type": "A",
"content": "10.10.10.200",
"ttl": 86400
}
]
}

when it done, its add only in "domain" table. What need to change, for add in "zones" table too? Without it, powerdns not answered for example for "dig @192.168.1.33 example.org".
And question 2: its necessarily to create record when i create only zone?

Hi,

The validation currently allows for multiple CNAME records for the same label, for example:

CNAME   www                             www.y.com                    TTL:900
CNAME   www                             www.x.com                    TTL:900

Is valid in the current validator. This is not correct, only one CNAME may exist per label.

Hi,

following alone with the getting started doc, i get stuck where a new zone is created https://github.com/Cysource/TonicDNS/blob/master/GettingStarted.md#create-zone-

I use the sample json file (also did all the steps with success before thus have the template).
I get the following:'
{"error":"Request body was malformed. Ensure the body is in valid format.","detail":{"code":"BODY_MALFORMED"}}

Any ideas what I'm doing wrong here?

Thanks,

Florus.

The thing that requires a special treatment is the usage of Apache's REDIRECT_URL instead of request uri. Given a working nginx config with fastcgi to php, one has to add a mapping of the original path before rewrite to php. My relevant working config looks like this:

    location / {
            root    /var/www/tonicdns/TonicDNS/docroot;
            try_files $uri $uri/ /dispatch.php;
    }
    location ~ \.php {
            root    /var/www/tonicdns/TonicDNS/docroot;
            fastcgi_pass   127.0.0.1:9001;
            include fastcgi_params;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_param  REDIRECT_URL $request_uri;
    }

Hi, maybe I misunderstand the concepts here, but I assume that a user owns his/her templates, zones and records, and as such only that user can delete/update etc.

i added two users to the users tables, and if i create a template with one, the other can delete it:
[103]sloth:/dnsapi> curl -k -X PUT http://pdnsapi.dc2.dk/authenticate -d @./yeetta-token.json
{"username":"yeetta","valid_until":1357736067,"hash":"730a76740186d48f3aab028aaae0593303bb6f6c","token":"730a76740186d48f3aab028aaae0593303bb6f6c"
[104]sloth:/dnsapi> curl -s -k -H "x-authentication-token: 70c4dd0dc30e35dd507a402882e1966faa1c5c50" -X PUT http://pdnsapi.dc2.dk/template -d @'./yeetta_template.json'
true[105]sloth:/dnsapi> curl -k -X PUT http://pdnsapi.dc2.dk/authenticate -d @./token.json
{"username":"florus","valid_until":1357736097,"hash":"70c4dd0dc30e35dd507a402882e1966faa1c5c50","token":"70c4dd0dc30e35dd507a402882e1966faa1c5c50"
[106]sloth:/dnsapi> curl -s -k -H "x-authentication-token: 70c4dd0dc30e35dd507a402882e1966faa1c5c50" -X DELETE http://pdnsapi.dc2.dk/template/yeetta
true[107]sloth:~/dnsapi>

same goes for zones.

Is this expected behaviour, i.e. do i misunderstand the token/user stuff?

Thanks,

/florus

In the current design, when an error occurs, the client is presented with a message that contains an "error" -> "message" mapping, with a human readable error message detailing what is wrong.

A proposed change is that we also include a machine readable version, maybe something like:

error:
    "Human Readable message"
details:
[
    {
        code: AUTH_USERNAME_INVALID
    },
    {
        code: RECORD_BOTH_AAAA_TRAILINGDOT
        id: 5
    },
    {
        code: RECORD_LHS_CNAME_INVALID
        id: 6
    }
]

"error" still contains the normal human readable version that we use now. "details" will be an array of object (if using JSON) with an error code per error that occurred. In case of validation of record, we can also include an index of the record that failed validation, but this field is optional in most other cases because it is not relevant there (say, an invalid token during authentication).

Hi,

I develop command line tool for TonicDNS.
https://github.com/mkouhei/tonicdnscli

Please try out it.

Regards,

RFC specs tell us that when a CNAME record is in place for a certain label, lets say:

label.example.com  CNAME  real.example.com

the following becomes unacceptable:

label.example.com CNAME real.example.com
label.example.com MX mail.example.com

The best way to accept this, is to disallow this situation using validation. The RecordValidator needs to retain a list of all CNAME records it has seen up till this point, to detect new records not yet inserted, and all records present in the database at that point. If the record is unique, it is allowed, otherwise, it is not.

NS records must sometimes be created with a different TTL than normal records.