10. DNS administration

Both forward and reverse zones can be created via the web interface. Zone domains are forward zones - there can be as many forward zones as you like per customer. Each of these can be unique or they can even overlap with other customers.

Forward Zones:

To create a forward zone, select a customer and select "Add a DNS zone". The next screen will allow you to enter information for the new zone. The domain name must be entered as must at least two nameservers.

At this point you have the option of creating a new zone from scratch, cloning (copying) a zone from an already existing zone called "template.com", or importing an existing zone via a zone transfer. If you do a zone transfer, the PRIMARY or SECONDARY DNS servers must be directly contactable from the webserver on which IPplan is running. If the DNS server is not contactable an error will be returned.

If a domain is created from scratch, the domain name must be entered as must at least two upstream DNS servers. The DNS servers are automatically entered for you if the customer record (created via "Create a new customer/autonomous system") contains DNS servers. This is a good way to not have to manually add the DNS servers for each new zone created. The DNS servers can be changed and will be independent per zone created. At the bottom of the Add/Edit screen is place to enter two zone file paths. In future this can be used to determine where the zone must be saved or on what DNS server the zone must be created - currently these fields do nothing.

The next step is to add individual records to the newly created zone. Do this under the "Zone DNS records" main menu function. Select the customer, select the domain and add a host. The "Host name" refers to the left hand side of a bind zone file, then the type (A, CNAME or MX - more types in future) and the "IP/Hostname" refers to the right hand side of the zone file. In future the screen will change depending on the record type you select and more record types will be possible. The sort order determines the placement of the record in the zone and on the screen. This is a number and the default is 9999 or the end of the file. If you want to insert records between other records, work out a numbering plan.

In future this will be automatic with options to "Insert before" and "Insert after". Currently you can renumber the values retaining the order of the entries.

Reverse zones:

To create reverse zones is very much like creating a forward zone, except that there are no detail records. All that is required is to create a starting address and mask. The actual reverse records are extracted based on the start and mask from the IP records when you create a subnet and add records to the subnet. The field used is the host name field and all invalid information in this field will be ignored with a warning.

Once your forward and reverse zones are created, each time a change is made you will be required to export the zone by clicking on the "Export zone" option. The output generated is in XML and must then be parsed using and XSLT processor into a format compatible with your DNS server.

10.1. Handling exported zones

The zone files are created in the directory specified by the DNSEXPORTPATH variable in the config.php file. The files are in XML format and are created when a user hits the Export option either on the DNS page or Reverse zone page. The files have a format of zone_ or revzone_ followed by the zone name followed by a trailing unique identifier, which is operating system dependent. The file has a .xml extension.

If a template is attached to the forward zone, the template fields will also appear in the exported XML file with tag names the same as the template field names.

These files must be processed using a XML stylesheet processor into a format suitable for your DNS server, and then placed into the correct location and activated by your DNS server. This is beyond the scope of IPplan and will require custom scripts for your installation. Contributions are welcome.

Sample procedure:

You will require a script for your environment that periodically runs to check for new zone files that have been added to the output directory. You will probably use cron to do this. Once your script finds a file, you can extract the file paths saved in IPplan using a simple grep:

grep -A 1 '<primary>' /tmp/revzone_FS9mEU|grep -v '<primary>'

This gives me the primary file path. Once you have the destination path, process the file and copy the output by whatever means your environment uses to the target DNS server. I would suggest using scp with a public key on the remote server to prevent having to type in user id's and passwords during the copy process.

Processing the file:

A sample XSLT stylesheet can be found in the contrib directory to transform the forward zone XML (files starting with zone_) into a bind8 or higher compatible zone file. I use xsltproc from the libxslt package ( http://xmlsoft.org/XSLT/) which should be installed on most modern linux systems. A different stylesheet (.xsl file) will be required for each DNS server system that you use - I have no intention of writing style sheets for all the various DNS servers out there, but you are more than welcome to send me style sheets for different DNS servers to be included with IPplan.

A sample command is:

xsltproc bind9_zone.xsl zone_

For sample XML input of:

<?xml version="1.0" ?>
<zone domain="test.com">
<soa serialdate="20040626" serialnum="04" ttl="21600" retry="3600" refresh="86400" expire="604800" minimumttl="21600" email="" />
<record><NS><iphostname>ns1.example.com</iphostname></NS></record>
<record><NS><iphostname>ns2.example.com</iphostname></NS></record>
<record><NS><iphostname>ns3.example.com</iphostname></NS></record>
<record><NS><iphostname>ns4.example.com</iphostname></NS></record>
<record><A><host>myhost</host><iphostname>10.10.10.1</iphostname></A></record>
<record><CNAME><host>myhost-alias</host><iphostname>myhost</iphostname></CNAME></record>
<record><MX><host></host><iphostname>mailhost</iphostname></MX></record>
</zone>

Generating output as follows:

$ORIGIN test.com.
$TTL 86400
@       IN      SOA     test.com.       dnsadmin.test.com. (
                        2004062604 ; serial
                        21600      ; refresh
                        3600       ; retry
                        604800     ; expire
                        21600 )    ; minimum TTL
 
        IN      NS      ns1.example.com.
        IN      NS      ns2.example.com.
        IN      NS      ns3.example.com.
        IN      NS      ns4.example.com.
myhost  IN      A       10.10.10.1
myhost-alias    IN      CNAME   myhost
        IN      MX      10      mailhost

10.2. Automatic updating of zone records

IP subnet records (which equate to zone PTR records) and forward zone A records will automatically get syncronised and updated provided a number of criteria are fulfilled.

If a DNS A record is created or updated, and there is exactly one A record across all the customers zones matching one IP subnet record, then the IP record hostname field will be updated with the A record hostname field.

If an IP record hostname field is updated, then the zone A record field will be updated if there is exactly one A record matching the IP record across all the customers zones.

If an IP record hostname field is updated and a matching A record cannot be found, then an A record will automatically be created in the matching domain provided there is only one matching domain. This will only happen if the DNSAUTOCREATE setting is TRUE in config.php.

Under all the above conditions a warning message will be displayed stating that an update occured. The appropriate log entries will be made and triggers will fire.