allow overriding the second nameserver with a secondary/slave server

fixes #151 fixes #223
2014-10-05 14:53:42 +00:00 · 2014-10-05 14:53:42 +00:00 · f42a1c5a74
parent 092c842a87
commit f42a1c5a74
4 changed files with 135 additions and 12 deletions
--- a/management/daemon.py
+++ b/management/daemon.py
@ -180,6 +180,22 @@ def dns_update():
 	except Exception as e:
 		return (str(e), 500)

+@app.route('/dns/secondary-nameserver')
+@authorized_personnel_only
+def dns_get_secondary_nameserver():
+	from dns_update import get_custom_dns_config
+	return json_response({ "hostname": get_custom_dns_config(env).get("_secondary_nameserver") })
+
+@app.route('/dns/secondary-nameserver', methods=['POST'])
+@authorized_personnel_only
+def dns_set_secondary_nameserver():
+	from dns_update import set_secondary_dns
+	try:
+		return set_secondary_dns(request.form.get('hostname'), env)
+	except ValueError as e:
+		return (str(e), 400)
+
+
@app.route('/dns/set/<qname>', methods=['POST'])
@app.route('/dns/set/<qname>/<rtype>', methods=['POST'])
@app.route('/dns/set/<qname>/<rtype>/<value>', methods=['POST'])
--- a/management/dns_update.py
+++ b/management/dns_update.py
@ -7,6 +7,7 @@
 import os, os.path, urllib.parse, datetime, re, hashlib, base64
 import ipaddress
 import rtyaml
+import dns.resolver

 from mailconfig import get_mail_domains
 from utils import shell, load_env_vars_from_file, safe_domain_name, sort_domains
@ -55,6 +56,11 @@ def get_custom_dns_config(env):
 	except:
 		return { }

+def write_custom_dns_config(config, env):
+	config_yaml = rtyaml.dump(config)
+	with open(os.path.join(env['STORAGE_ROOT'], 'dns/custom.yaml'), "w") as f:
+		f.write(config_yaml)
+
 def do_dns_update(env, force=False):
 	# What domains (and their zone filenames) should we build?
 	domains = get_dns_domains(env)
@ -105,7 +111,7 @@ def do_dns_update(env, force=False):
 		zonefiles[i][1] += ".signed"

 	# Write the main nsd.conf file.
-	if write_nsd_conf(zonefiles, env):
+	if write_nsd_conf(zonefiles, additional_records, env):
 		# Make sure updated_domains contains *something* if we wrote an updated
 		# nsd.conf so that we know to restart nsd.
 		if len(updated_domains) == 0:
@ -134,12 +140,22 @@ def do_dns_update(env, force=False):
 def build_zone(domain, all_domains, additional_records, env, is_zone=True):
 	records = []

-	# For top-level zones, define ourselves as the authoritative name server.
+	# For top-level zones, define the authoritative name servers.
+	#
+	# Normally we are our own nameservers. Some TLDs require two distinct IP addresses,
+	# so we allow the user to override the second nameserver definition so that
+	# secondary DNS can be set up elsewhere.
+	#
 	# 'False' in the tuple indicates these records would not be used if the zone
 	# is managed outside of the box.
 	if is_zone:
+		# Obligatory definition of ns1.PRIMARY_HOSTNAME.
 		records.append((None,  "NS",  "ns1.%s." % env["PRIMARY_HOSTNAME"], False))
-		records.append((None,  "NS",  "ns2.%s." % env["PRIMARY_HOSTNAME"], False))
+
+		# Define ns2.PRIMARY_HOSTNAME or whatever the user overrides.
+		secondary_ns = additional_records.get("_secondary_nameserver", "ns2." + env["PRIMARY_HOSTNAME"])
+		records.append((None,  "NS", secondary_ns+'.', False))
+

 	# In PRIMARY_HOSTNAME...
 	if domain == env["PRIMARY_HOSTNAME"]:
@ -437,7 +453,7 @@ $TTL 1800           ; default time to live

 ########################################################################

-def write_nsd_conf(zonefiles, env):
+def write_nsd_conf(zonefiles, additional_records, env):
 	# Basic header.
 	nsdconf = """
 server:
@ -465,6 +481,19 @@ zone:
 	name: %s
 	zonefile: %s
 """ % (domain, zonefile)
+	
+		# If a custom secondary nameserver has been set, allow zone transfers
+		# and notifies to that nameserver.
+		if additional_records.get("_secondary_nameserver"):
+			# Get the IP address of the nameserver by resolving it.
+			hostname = additional_records.get("_secondary_nameserver")
+			resolver = dns.resolver.get_default_resolver()
+			response = dns.resolver.query(hostname, "A")
+			ipaddr = str(response[0])
+			nsdconf += """\tnotify: %s NOKEY
+	provide-xfr: %s NOKEY
+""" % (ipaddr, ipaddr)
+

 	# Check if the nsd.conf is changing. If it isn't changing,
 	# return False to flag that no change was made.
@ -688,14 +717,38 @@ def set_custom_dns_record(qname, rtype, value, env):
 				config[qname][rtype] = value

 	# serialize & save
-	config_yaml = rtyaml.dump(config)
-	with open(os.path.join(env['STORAGE_ROOT'], 'dns/custom.yaml'), "w") as f:
-		f.write(config_yaml)
+	write_custom_dns_config(config, env)

 	return True

 ########################################################################

+def set_secondary_dns(hostname, env):
+	config = get_custom_dns_config(env)
+		
+	if hostname in (None, ""):
+		# Clear.
+		if "_secondary_nameserver" in config:
+			del config["_secondary_nameserver"]
+	else:
+		# Validate.
+		hostname = hostname.strip().lower()
+		resolver = dns.resolver.get_default_resolver()
+		try:
+			response = dns.resolver.query(hostname, "A")
+		except (dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
+			raise ValueError("Could not resolve the IP address of %s." % hostname)
+
+		# Set.
+		config["_secondary_nameserver"] = hostname
+
+	# Save and apply.
+	write_custom_dns_config(config, env)
+	return do_dns_update(env)
+
+
+########################################################################
+
 def justtestingdotemail(domain, records):
 	# If the domain is a subdomain of justtesting.email, which we own,
 	# automatically populate the zone where it is set up on dns4e.com.
--- a/management/templates/custom-dns.html
+++ b/management/templates/custom-dns.html
@ -1,16 +1,45 @@
 <style>
 </style>

-<h2>Custom DNS (Advanced)</h2>
+<h2>Custom DNS</h2>

-<p>It is possible to set custom DNS records on domains hosted here. For instance, you can create your own dynamic DNS service. To do so, you will need to call your box&rsquo;s DNS API.</p>
+<p class="text-warning">This is an advanced configuration page.</p>

-<h4>The HTTP POST request</h4>
+<p>It is possible to set custom DNS records on domains hosted here.</p>
+
+<h3>Using a Secondary Nameserver</h3>
+
+<p>If your TLD requires you to have two separate nameservers, you can either set up a secondary (aka &ldquo;slave&rdquo;) nameserver or, alternatively, set up <a href="#" onclick="return show_panel('external_dns')">external DNS</a> and ignore the DNS server on this box. If you choose to use a seconday/slave nameserver, you must find a seconday/slave nameserver service provider. Your domain name registrar or virtual cloud provider may provide this service for you. Once you set up the seconday/slave nameserver service, enter the hostname of <em>their</em> secondary nameserver:</p>
+
+<form class="form-horizontal" role="form" onsubmit="do_set_secondary_dns(); return false;">
+  <div class="form-group">
+    <label for="secondarydnsHostname" class="col-sm-1 control-label">Hostname</label>
+    <div class="col-sm-10">
+      <input type="text" class="form-control" id="secondarydnsHostname" placeholder="ns1.cloudprovider.com">
+    </div>
+  </div>
+  <div class="form-group">
+    <div class="col-sm-offset-1 col-sm-11">
+      <button type="submit" class="btn btn-primary">Update</button>
+    </div>
+  </div>
+  <div class="form-group">
+    <div class="col-sm-offset-1 col-sm-11">
+      <p class="small">Clear the box to use the box itself as secondary DNS, which is the default/normal setup.</p>
+    </div>
+  </div>
+</form>
+
+<h3>Custom DNS API</h3>
+
+<p>Use your box&rsquo;s DNS API to set custom DNS records on domains hosted here. For instance, you can create your own dynamic DNS service.</p>

 <p>Send a POST request like this:</p>

 <pre>curl -d "" --user {email}:{password} https://{{hostname}}/admin/dns/set/<b>qname</b>[/<b>rtype</b>[/<b>value</b>]]</pre>

+<h4>HTTP POST parameters</h4>
+
 <table class="table">
 <thead><th>Parameter</th> <th>Value</th></thead>
 <tr><td>email</td> <td>The email address of any administrative user here.</td></tr>
@ -41,5 +70,28 @@ curl -d "value=something%20here" --user me@mydomain.com:###### https://{{hostnam

 <script>
 function show_custom_dns() {
+ api(
+    "/dns/secondary-nameserver",
+    "GET",
+    { },
+    function(data) {
+      $('#secondarydnsHostname').val(data.hostname ? data.hostname : '');
+    });
+}
+
+function do_set_secondary_dns() {
+ api(
+    "/dns/secondary-nameserver",
+    "POST",
+    {
+      hostname: $('#secondarydnsHostname').val()
+    },
+    function(data) {
+      if (data == "") return; // nothing updated
+      show_modal_error("Secondary DNS", $("<pre/>").text(data));
+    },
+    function(err) {
+      show_modal_error("Secondary DNS", $("<pre/>").text(err));
+    });
 }
 </script>
--- a/management/templates/external-dns.html
+++ b/management/templates/external-dns.html
@ -25,9 +25,11 @@
 }
 </style>

-<h2>External DNS (Advanced)</h2>
+<h2>External DNS</h2>

-<p>Although your box is configured to serve its own DNS, it is possible to host your DNS elsewhere by copying the DNS zone information shown in the table below.</p>
+<p class="text-warning">This is an advanced configuration page.</p>
+
+<p>Although your box is configured to serve its own DNS, it is possible to host your DNS elsewhere &mdash; such as in the DNS control panel provided by your domain name registrar or virtual cloud provider &mdash; by copying the DNS zone information shown in the table below into your external DNS server&rsquo;s control panel.</p>

 <p>If you do so, you are responsible for keeping your DNS entries up to date! If you previously enabled DNSSEC on your domain name by setting a DS record at your registrar, you will likely have to turn it off before changing nameservers.</p>