Sauron: User Guide
Sauron: User Guide
User Guide
Timo Kokkonen
tjko@iki.
Sauron: User Guide by Timo Kokkonen Published 2003-03-05 Copyright 2003 by Timo Kokkonen This manual describes Sauron, a free DNS & DHCP management system.
Revision History Revision 0.6 2003-03-05 Revised by: tjko Updated to cover new features in Sauron 0.6.x Revision 0.5 2003-02-21 Revised by: tjko First draft
Table of Contents
Preface .........................................................................................................................................................i 1. Introduction............................................................................................................................................1 1.1. History of Sauron ........................................................................................................................1 1.2. System Overview ........................................................................................................................1 1.2.1. Features...........................................................................................................................3 1.3. Sauron Home Page......................................................................................................................3 1.4. Software Distribution Sites .........................................................................................................3 1.5. Mailing lists.................................................................................................................................3 1.6. Acknowledgements .....................................................................................................................4 1.7. Copyright Notice.........................................................................................................................4 2. Installation..............................................................................................................................................5 2.1. System Requirements..................................................................................................................5 2.1.1. Required Programs .........................................................................................................5 2.1.2. Related Programs............................................................................................................5 2.2. Installing Sauron .........................................................................................................................5 2.2.1. Installing from the sources .............................................................................................6 2.2.2. Installing from the RPM.................................................................................................6 2.3. Sauron Conguration ..................................................................................................................6 2.4. Database Conguration...............................................................................................................8 2.4.1. Creating database for Sauron..........................................................................................8 2.4.2. Initializing Database.......................................................................................................8 2.4.3. Initializing Global Tables ...............................................................................................9 2.5. WWW Server Conguration.......................................................................................................9 3. Getting Started.....................................................................................................................................11 3.1. Creating Administrator Account ...............................................................................................11 3.2. Creating New Server .................................................................................................................11 3.2.1. Using Web Interface .....................................................................................................12 3.2.2. Using Existing DNS/DHCP Conguration ..................................................................13 3.2.3. Using Demonstration Database ....................................................................................13 3.3. Generating DNS & DHCP Congurations ...............................................................................14 4. Account Management..........................................................................................................................16 4.1. Managing User Accounts..........................................................................................................16 4.1.1. Creating User................................................................................................................16 4.1.2. Setting Privileges ..........................................................................................................17 4.1.3. Removing User .............................................................................................................19 4.1.4. Disabling User Temporarily .........................................................................................19 4.1.5. Listing Users.................................................................................................................19 4.2. Managing User Groups .............................................................................................................19 4.2.1. Creating Group .............................................................................................................20 4.2.2. Setting Group Privileges...............................................................................................20 4.2.3. Removing Group ..........................................................................................................21 4.3. External User Authentication....................................................................................................21
iii
5. Web Interface .......................................................................................................................................22 5.1. Servers Menu ............................................................................................................................22 5.1.1. Show Current................................................................................................................22 5.1.2. Select ............................................................................................................................22 5.1.3. Add ...............................................................................................................................22 5.1.4. Delete............................................................................................................................23 5.1.5. Edit ...............................................................................................................................23 5.2. Zones Menu...............................................................................................................................27 5.2.1. Show Current................................................................................................................27 5.2.2. Show Pending ...............................................................................................................27 5.2.3. Select ............................................................................................................................27 5.2.4. Add ...............................................................................................................................27 5.2.5. Add Default Zones .......................................................................................................28 5.2.6. Copy .............................................................................................................................28 5.2.7. Delete............................................................................................................................28 5.2.8. Edit ...............................................................................................................................28 5.3. Hosts Menu ...............................................................................................................................30 5.3.1. Search ...........................................................................................................................30 5.3.2. Last Search ...................................................................................................................31 5.3.3. Add host........................................................................................................................31 5.3.4. Edit (button)..................................................................................................................32 5.3.5. Delete (button)..............................................................................................................34 5.3.6. Copy (button)................................................................................................................34 5.3.7. Move (button) ...............................................................................................................34 5.3.8. Alias (button)................................................................................................................34 5.3.9. Add alias.......................................................................................................................34 5.3.10. Add MX entry.............................................................................................................34 5.3.11. Add delegation............................................................................................................34 5.3.12. Add glue rec. ..............................................................................................................34 5.3.13. Add DHCP entry ........................................................................................................35 5.3.14. Add SRV rec...............................................................................................................35 5.3.15. Add reservation...........................................................................................................35 5.3.16. Network Settings (button) ..........................................................................................35 5.3.17. History (button) ..........................................................................................................35 5.3.18. Ping (button) ...............................................................................................................35 5.3.19. Traceroute (button) .....................................................................................................35 5.4. Templates Menu ........................................................................................................................36 5.4.1. Show MX......................................................................................................................36 5.4.2. Show WKS ...................................................................................................................36 5.4.3. Show HINFO................................................................................................................36 5.4.4. Add MX........................................................................................................................36 5.4.5. Add WKS .....................................................................................................................36 5.4.6. Add HINFO ..................................................................................................................36 5.5. Groups Menu.............................................................................................................................37 5.5.1. Show Groups ................................................................................................................37 5.5.2. Add ...............................................................................................................................37 5.6. Nets Menu .................................................................................................................................38 5.6.1. Networks.......................................................................................................................38
iv
5.6.2. Add net .........................................................................................................................38 5.6.3. Add subnet....................................................................................................................38 5.6.4. Edit (button)..................................................................................................................38 5.6.5. VLANs .........................................................................................................................39 5.6.6. Add vlan .......................................................................................................................39 5.7. Login Menu...............................................................................................................................39 5.7.1. User Info.......................................................................................................................39 5.7.2. Who ..............................................................................................................................40 5.7.3. News (motd) .................................................................................................................40 5.7.4. Login.............................................................................................................................40 5.7.5. Logout...........................................................................................................................40 5.7.6. Change password..........................................................................................................40 5.7.7. Edit settings ..................................................................................................................40 5.7.8. Save settings .................................................................................................................40 5.7.9. Frames ON/OFF ...........................................................................................................40 5.7.10. Lastlog ........................................................................................................................41 5.7.11. Session Info ................................................................................................................41 5.7.12. Add news msg ............................................................................................................41 6. Command Reference ...........................................................................................................................42 6.1. addgroup....................................................................................................................................42 6.2. addhosts.....................................................................................................................................42 6.3. adduser ......................................................................................................................................43 6.4. check-pending ...........................................................................................................................43 6.5. delgroup ....................................................................................................................................43 6.6. deluser .......................................................................................................................................43 6.7. expire-hosts ...............................................................................................................................44 6.8. export-networks.........................................................................................................................44 6.9. generatehosts .............................................................................................................................44 6.10. import ......................................................................................................................................45 6.11. import-dhcp .............................................................................................................................46 6.12. import-ethers ...........................................................................................................................46 6.13. import-roots.............................................................................................................................46 6.14. import-zone .............................................................................................................................47 6.15. last ...........................................................................................................................................47 6.16. modgroup ................................................................................................................................47 6.17. modhosts .................................................................................................................................48 6.18. moduser ...................................................................................................................................49 6.19. runsql.......................................................................................................................................50 6.20. sauron ......................................................................................................................................50 6.21. status........................................................................................................................................50 6.22. update-dhcp-info .....................................................................................................................51 A. Technical Details .................................................................................................................................52 A.1. Sauron: SQL table descriptions................................................................................................53 A.1.1. Table Descriptions .......................................................................................................55 A.1.1.1. common_elds ................................................................................................55 A.1.1.2. settings ............................................................................................................55 A.1.1.3. servers .............................................................................................................55
A.1.1.4. zones................................................................................................................57 A.1.1.5. hosts ................................................................................................................59 A.1.1.6. groups..............................................................................................................60 A.1.1.7. nets ..................................................................................................................60 A.1.1.8. cidr_entries......................................................................................................61 A.1.1.9. dhcp_entries ....................................................................................................61 A.1.1.10. ether_info ......................................................................................................62 A.1.1.11. mx_entries.....................................................................................................62 A.1.1.12. mx_templates ................................................................................................62 A.1.1.13. ns_entries ......................................................................................................63 A.1.1.14. printer_classes...............................................................................................63 A.1.1.15. printer_entries ...............................................................................................63 A.1.1.16. a_entries ........................................................................................................64 A.1.1.17. txt_entries......................................................................................................64 A.1.1.18. srv_entries .....................................................................................................64 A.1.1.19. users ..............................................................................................................65 A.1.1.20. user_rights.....................................................................................................66 A.1.1.21. user_groups ...................................................................................................66 A.1.1.22. wks_entries....................................................................................................66 A.1.1.23. wks_templates...............................................................................................67 A.1.1.24. utmp ..............................................................................................................67 A.1.1.25. hinfo_templates.............................................................................................68 A.1.1.26. arec_entries ...................................................................................................68 A.1.1.27. root_servers...................................................................................................68 A.1.1.28. history............................................................................................................68 A.1.1.29. lastlog ............................................................................................................69 A.1.1.30. news ..............................................................................................................69 A.1.1.31. vlans ..............................................................................................................69 B. Software License .................................................................................................................................71
vi
List of Tables
3-1. Demo Database Accounts ..................................................................................................................14 4-1. Account/Group Privileges ..................................................................................................................17 5-1. New Server Dialog .............................................................................................................................23 5-2. Edit Server Dialog ..............................................................................................................................23 5-3. New Zone Dialog ...............................................................................................................................27 5-4. Edit Zone Dialog ................................................................................................................................28 5-5. Search Hosts Dialog ...........................................................................................................................30 5-6. Add Host Dialog.................................................................................................................................31 5-7. Edit Host Dialog.................................................................................................................................33 5-8. Edit Net Dialog...................................................................................................................................38
List of Figures
1-1. System Overview..................................................................................................................................1 A-1. Table Relations ..................................................................................................................................52
vii
Preface
This manual is designed to address users questions about installing and using Sauron, free DNS & DHCP management software. Listed below are the topics covered in this User Guide.
Chapter 1: introduction to Sauron, and pointers to additional information about Sauron. Chapter 2: explains how to install and congure Sauron. Chapter 3: provides an overview of how to start using Sauron. Chapter 4: explains how to manage user accounts. Chapter 5: reference for Sauron web-based user interface. Chapter 6: reference for Sauron command-line utilities.
Chapter 1. Introduction
Sauron is a scalable system for management of DNS and DHCP services. Sauron can dynamically generate complete DNS and DHCP congurations from a central SQL-database. Automatic generation of DNS reverse zones (with support for smaller than C-class reverse delegations) is supported. Sauron comes with web interface and command-line interface. The web interface comes with user/group based access controls for distributed management.
administrator
user
WWWinterface (Perl/CGI)
Sauron (Perl)
Chapter 1. Introduction
1.2.1. Features
Some of the main features of Sauron include:
Generates complete BIND (DNS) conguration le set for each server Generates complete dhcpd (ISCs DHCP) conguration le set for each server Automatically generates DNS reverse zones Supports smaller than class-C reverse zone delegations Dynamic host aliases (both CNAME and A record) Support for dynamic DHCP address pools with access controls (requires DHCP v3) DHCP fail-over support (requires DHCP v3) MX and WKS record templates for hosts Groups; hosts may be assigned into a group that denes common attributes for it Support for most of the standard DNS RRs (resource records) Support for automatic validation of generated DNS and DHCP conguration le sets
Chapter 1. Introduction
<[email protected]> - general discussion and help forum <[email protected]> - development and bug tracking
To subscribe any of these mailing lists, send an empty e-mail to <list-name>[email protected]. address with subject line subscribe (where <list-name> is the name of the list you want to subscribe). For example, to subscribe <[email protected]> you would need to send following empty e-mail:
To: [email protected] Subject: subscribe
1.6. Acknowledgements
Special thanks for following people, who have been very helpful to the development of Sauron: Teemu Lhteenmki <[email protected]> Riku Meskanen <[email protected]> Otto J. Mkel <[email protected]>
Chapter 2. Installation
This chapter covers the general installation process for Sauron. This includes software installation and initial system conguration. Make sure you have all the required programs installed, before starting to install Sauron.
PostgreSQL v7.x or later (7.2.3 or newer recommended) Perl 5 or later (at least 5.6 recommended) Perl modules (these can be found from CPAN):
CGI v2.752 or later (older versions should work ne too) Digest::MD5 v2.16 or later Net::DNS v0.26 or later Net::Netmask v1.9002 or later Pg v1.9.0 or later (PostgreSQL interface)
Apache or any other WWW server that supports CGI (for WWW interface)
BIND 8.2.x or later (9.2.x or newer recommended) DHCP v2 or later (3.x or newer strongly recommended)
Chapter 2. Installation
Next step is to install Sauron from the sources. By default Sauron program les will be installed under
/usr/local/sauron, and conguration les under /usr/local/etc/sauron. If you want to install
Sauron under some other directories you need to specify --prefix and --sysconfdir arguments when invoking congure script. To install Sauron under default directories issue following commands:
./configure make make docs make install
Chapter 2. Installation settings that you need to set before using Sauron. For more advanced settings, see the conguration le where all the advanced conguration options are documented.
Table 2-1. Database Connection String Parameters Parameter host port dbname user password Default value localhost 5432 current user-id current user-id Description Hostname of the database server. Port to connect on database server. Database name to connect. Database username. Password.
PROG_DIR Base directory for Sauron installation. This should be set to the directory where program les where installed. Usually this is either /usr/local/sauron or /opt/sauron (if installed from RPM). LOG_DIR Directory for log les. Currently only the web interface (sauron.cgi) uses this directory to write to sauron.log le in this directory. Remember to make sure that the saurno.cgi has permissions to write into this le. SERVER_ID Unique identier for this Sauron installation. This identier is used by the web interface to generate unique cookies names, so you can access several different Sauron web interfaces simultaneously from your browser. This identier is also displayed by the web interface; to help you to identify which Sauron web interface youre currently connected to.
Chapter 2. Installation
After creating the database, you may either restore existing Sauron database dump or start from scratch and create necessary tables for Sauron as described in following Sections.
This command will create all the necessary tables needed by Sauron. You can check that everything worked by issuing the following command:
./status
This should produce output similar to following showing that the database connection works:
Sauron v0.5.0 status Database connection: Database version: CGI interface: OK 1.0 Enabled
Chapter 2. Installation It is also recommended to check that the Perl modules in use meet the requirements (see Section 2.1). This can be done by running status command with --versions option:
./status --versions
You may also want to download IEEEs up to date public list of OUIs from IEEEs web site (http://standards.ieee.org/regauth/oui/index.shtml), and install it as follows:
./import-ethers oui.txt
You should also add default root servers into root_servers table. This can be done as follows:
./import-roots default contrib/named.root
Chapter 2. Installation Sauron web interface uses several icons and images that are by default installed under the top-level Sauron directory. You need to make these available through your web server via /sauron/icons/ directory (unless youre installing from the RPM which does this automatically for you). To do this you can create that directory under your WWW server root and then either make symbolic links or copy all the image les from <sauron top-level directory>/icons/ into this directory.
10
Normal users accounts can be added interactively by starting adduser without any arguments. Difference between superuser accounts and normal user accounts is that normal accounts need to be granted permission to access/modify desired servers/zones/hosts. See Chapter 4 for more information about managing user accounts and privileges.
11
Chapter 3. Getting Started servers that use another server as a master server, and inherit its all master zones (as slave zones), and optionally slave server can also inherit master servers access controls (for DNS server). There are two ways to create a new server in Sauron. One is to import existing DNS & DHCP conguration into Sauron, for easier migration into use of Sauron. Another way is to start from scratch and create new server and zones interactively using Saurons web interface. Following sections show example how to do this both ways (there is also section showing how to use the included demo database to take a quick look how Sauron works; Section 3.2.3).
After creating a server, its time to add networks into Networks table in Nets menu. Generate net for each network that has been delegated for your use (and youre generating reverse zones for). You should also generate subnets within these networks that describe your network topology. If your network is split up into VLANs / Layer-2 Networks (or Shared Networks as DHCP calls them), add you necessary VLANs using Add vlan before, and assign each subnet into appropriate VLAN. It is also possible to create virtual subnets that are used only for access control purposes by setting DHCP setting for these subnets to false. Next step is to add the default zones (localhost and reverse zones for 0.0.0.0/8, 127.0.0.0/8, and 255.0.0.0/8) into the server. This can be done from Zones menu using Add Default Zones, which should produce following output:
Adding Adding Adding Adding zone: zone: zone: zone: localhost...OK (id=1) 127.in-addr.arpa...OK (id=2) 0.in-addr.arpa...OK (id=3) 255.in-addr.arpa...OK (id=4)
Now its time to add your zone(s) into the server. This can be done from Zones using the Add command. See Table 5-3 for description of the elds used in this dialog. After creating a zone, edit the zone by
12
Chapter 3. Getting Started selecting Edit from Zones menu, and add Name server (NS) entries and other needed entries for the zone. See Table 5-4 for description of the elds used in this dialog. Finally after creating the zone(s) you want. You may start adding hosts into your zones. Before adding hosts make sure youve selected correct server and zone (Note, you can save your current zone and server selection as defaults from Login menu using the Save Settings command). To add a new host simply select Add host from Hosts menu. If you want to make a copy of existing host, rst select the host and press Copy button. This will ll out the new host dialog with information from the current host. See Table 5-6 for description of the elds used in this dialog. There are also templates and groups that you may dene and use when adding/modifying hosts. To makes it easier to dene or change certain settings for large groups of hosts, by just modifying the related template or group. More information about these can be found in Section 5.4.
Where import will read your BIND conguration from named.conf. Import will read also master zone-les from directories specied in named.conf. Use --dir=<directory> to specify alternate location for zone-le if theyre not located in the directories specied in named.conf. Since BIND conguration does not contain information about your network topology nor the hardware (Ethernet) addresses of hosts, you should also import your existing DHCP conguration le dhcpd.conf using import-dhcp. This can be done as follows:
./import-dhcp --global ns1 /etc/dhcpd.conf
This will update hosts in the server ns1 with information from dhcpd conguration le. Option --global causes global dhcp settings to be imported into the server record.
13
Chapter 3. Getting Started After creating the database you need to set DB_CONNECT variable in config le to connect to this database. This demonstration database has three user accounts already setup: Table 3-1. Demo Database Accounts account admin user1 user2 password admin user1 user2 description sample administrator account user with minimal rights user with more rights
This will create conguration les for server ns1. Option --updateserial forces the update of zone SOA serial numbers. Normally Sauron tries to detect if zone serial number update is necessary and update it only when needed, but this detection routine may sometimes fail, so for now its recommended to use --updateserial option. Sauron should always generate valid conguration les for BIND and dhcpd, but to be sure and automatically validate generated les, there is --check option that causes sauron command to check generated les. For this to work you need to set specify the locations of dhcpd, named-checkconf, and named-checkzone programs in Sauron conguration le. Heres an example for enabling --check option to work in a RedHat Linux:
# set to enable dhcpd.conf validation from sauron $SAURON_DHCP_CHK_PROG = /usr/sbin/dhcpd; $SAURON_DHCP_CHK_ARGS = -q -t -cf; # set to enable named.conf validation from sauron $SAURON_NAMED_CHK_PROG = /usr/sbin/named-checkconf; $SAURON_NAMED_CHK_ARGS = ; # set to enable zone file validation from sauron $SAURON_ZONE_CHK_PROG = /usr/sbin/named-checkzone;
14
It is also possible to tell sauron to send e-mail notications to users whose changes are in effect after new conguration les are put into use using the --mail option. For this option to work you need to congure a mailer program for Sauron to use in conguration le. Heres example how to do this in a RedHat Linux:
# mailer configuration (set to enable email notifications) $SAURON_MAILER = /usr/sbin/sendmail; $SAURON_MAILER_ARGS = -t; $SAURON_MAIL_FROM = [email protected];
This congures Sauron to use Sendmail for sending e-mail notications, and messages will appear to come from <[email protected]>. You can automate BIND & dhcpd conguration les generation using for example a simple shell script that is run periodically from cron. But you should use --check option when doing this to make sure you always end up with valid conguration les.
15
When started without any arguments (or without --user and --passwd option), interactive mode is started. Below is an example session how to add an account:
Enter Enter Enter Enter Enter Enter Enter username: pippin group name (empty for none): hobbits user description (full name): Peregrin Took user email address: [email protected] optional user info: account expiration date (dd-mm-yyyy, +<n>d, +<n>y) [none]: password [UtH4RCda]: Username: pippin Group: hobbits (GID=1) Longname: Peregrin Took email: [email protected] comment: expiration: <none> superuser: false
16
When creating account and not setting group for that account, adduser will remind that some privileges should be set for the user, before account can be used. This is not the case when assigning user to a group, since its assumed that group contains necessary privileges for the account. See Section 4.1.2 for more information about user privileges and how to modify them.
Controls the access to a R=read access, server and all zones inside RW=read/write access, the server. RWX=read/write access (with less restrictions) Controls the access to a zone. R=read access, RW=read/write access, RWX=read/write access (with less restrictions)
Zone
zone ID
Net
net ID
Limits users ability to use only IP addresses within auto assign ranges of the networks/subnets listed by the Net rules. Limits users ability to use IP-mask (for example: only IP addresses to those 192.168.1-10.* matching the IP-mask Limits user to be able to regular expression (for modify only hosts with example: ^\.math$) domainname matching any of Hostname mask rules.
IP mask
Hostname mask
17
Denes users authorization level authorization level. This (0-999, 0=default) can be used to control users access into templates/groups, and also to control how much information about networks is displayed to the user. If dened, user can only expiration limit (in days) create host entries that expire in n days or sooner. Default Department eld Department Name value for new hosts.
Default Department
In addition to modifying the user account itself, moduser utility can also be used to modify user privileges. To add privileges interactively for given account, just invoke moduser with --add option. For example:
./moduser pippin --add
After adding privileges to a user, moduser utility can be also used to display users current privileges by giving only a username as argument. For example:
./moduser pippin
This should produce output similar to below displaying account details and privileges.
Username: longname: email: info: superuser: group: passwd status: last login: account expiration: account created: last modified: pippin (id=2) Peregrin Took [email protected] No hobbits (gid=1) valid (CRYPT) <never> Sat Feb 15 00:18:40 2003 by tjko <never>
ID Type Ref. Mode ------ -------- ------------------------- -------------------------------[User privileges] 3 hostname \.shire$ (hostname constraint) [Group (hobbits) privileges] 1 server test
18
19
Chapter 4. Account Management group she belongs to. User can still have user specic privileges dened, even if user belongs to a group. Users actual privileges are combination of user specic and group based privileges.
After creating a new group, it should be assigned some privileges as described in Section 4.2.2.
After adding desired privileges to the group, modgroup utility can also be used to display groups privileges by starting it with only the group name as argument.
./modgroup hobbits
20
Authentication program should then authenticate the user using the given username and password, and return with exit code 0 (zero) if authentication was successful. Otherwise a non-zero exit code should be used.
21
5.1.2. Select
Select command displays list of available servers for selecting active server. For normal users this list will include only the servers user has at least read access to.
5.1.3. Add
Add command is used to create a new server. This option is available only for administrator. See Table
22
Chapter 5. Web Interface 5-1 for descriptions of the elds used in the command dialog. Table 5-1. New Server Dialog Field Name Description Short name of the server (this handle can contain only letters, numbers, and hyphens) Domainname of the server (FQDN) IP address of the server Example ns1
ns1.middle.earth. 192.168.1.1
Default hostmaster email address hostmaster.middle.earth. for all zones in the server (replace @ in the email address with .) Base directory for BIND conguration les
/var/named
Option that allows to select a None master server for this server (making it a slave). Slave server will automatically inherit all the master zones of its master as slave zones. Slave server can also optionally inherit DNS server access controls from the master server. Long description of the server (optional) primary name server
Comment
5.1.4. Delete
Delete command allows removal of a server. This command should be used with caution, since it will remove the entire server from the database. This command is available only for administrator.
5.1.5. Edit
Edit command is used to edit existing server. This option is available only for administrator. See Table 5-2 for descriptions of the elds used in the command dialog. Table 5-2. Edit Server Dialog Field Description Example
23
Chapter 5. Web Interface Field Server Name Description Short name of the server (this handle can contain only letters, numbers, and hyphens) Domainname of the server (FQDN) IP address of the server Example ns1
ns1.middle.earth. 192.168.1.1
Option for selecting wheter to Generate full named.conf generate full named.conf or named.zones le that contains only zones (to be included in your static named.conf). Optional eld reserved for comments Default hostmaster email address hostmaster.middle.earth. for all zones in the server (replace @ in the email address with .) Zone SOA record default refresh 43200 value Zone SOA record default retry 3600 value Zone SOA record default expire 2419200 value 86400
Comments Hostmaster
Minimum (negative caching TTL) Zone SOA record default minimum value Default TTL Default zone TXT
Default TTL for records in zones 86400 for this server TXT records that get automatically included for each zone in this server Base directory for BIND conguration les Pathname relative to conguration directory for storing master zone les Pathname relative to conguration NS2/ directory for storing slave zone les lename for root server (zone) le.named.ca pathname for pid-le (BIND option) pathname for dump-le (BIND option)
/var/named
24
Chapter 5. Web Interface Field statistics-le path memstatistics-le path named-xfer path Forward (mode) Forwarders Transfer source IP Query source IP Description pathname for statistics-le (BIND option) pathname for memstatistics-le (BIND option) pathname for named-xfer (BIND option) BIND forward setting; default, only, rst BIND forwarders setting (list of server IPs to forward queries to) Source IP address for zone transfers (for multi-homed hosts) Source IP address for DNS queries sent by server (for multi-homed hosts) Source port for DNS queries sent by server Port that the server listens for DNS queries (allows setting non-standard port) BIND listen-on setting; list of IPs (interfaces) server should listen for queries BIND allow-transfer setting; list of CIDRs from where to allow zone transfers. BIND allow-query setting; list of CIDRs from where to allow DNS queries. BIND allow-recursion setting; list of CIDRs from where to allow recusive DNS queries (causes recursion to be disabled from anywhere else). BIND blackhole setting; list of CIDRs from where any requests are to be ignored by the server. Controls whether to omit HINFO No records from the generated zone les or not. Controls whether to omit WKS records from the generated zone les or not. No default Example
Listen-on
Allow-transfer
Allow-query
Allow-recursion
Blackhole
25
Chapter 5. Web Interface Field Notify Auth-nxdomain Recursion Dialup mode Allow multiple CNAMEs RFC2308 Type 1 mode Check-names (Masters) Check-names (Slaves) Check-names (Responses) Version string Description Example
BIND notify setting; default, yes, Default no BIND auth-nxdomain setting; default, yes, no BIND recursion setting; default, yes, no Default Default
BIND dialup setting; default, yes, Default no BIND multiple_cnames setting; default, yes, no BIND rfc2308_type1 setting; default, yes, no Default Default
BIND check-names master setting; Default default, fail, ignore, fail BIND check-names slave setting; Default default, fail, ignore, fail BIND check-names response setting; default, fail, ignore, fail If this is set then this string is that BIND will report as its version (instead of the real version) List of BIND logging options (these are placed inside logging section in named.conf) Controls wheter to automatically No generate correct domain-name option for each host in dhcpd.conf. List of global DHCP settings. These lines are include in the global scope of dhcpd.conf. Any valid global DHCP option can be used here (lines should not end with ;). Controls wheter DHCP failover protocol is enabled. No Default
Logging options
auto-domainnames
Enable failover protocol Port number Max Response Delay Max Unacked Updates
Port to be used by DHCP failover 519 protocol Max Response Delay for DHCP failover protocol 60
26
Chapter 5. Web Interface Field MCLT Description Maximum Client Lead Time (MCLT) for DHCP failover protocol Load balance max (seconds) for DHCP failover protocol Example 3600
5.2.3. Select
Select command displays list of available zones in current server for selecting active zone.
5.2.4. Add
Add command is used to create a new zone. This command is only available for administrator. See Table 5-3 for descriptions of the elds used in the command dialog. Table 5-3. New Zone Dialog Field Description Example
27
Chapter 5. Web Interface Field Zone name Type Reverse Description Example
Zone name (without the dot in the middle.earth end) Zone type; Master=master zone, Slave=slave zone Reverse zone ag; Yes=reverse zone, No=normal zone Master No
5.2.6. Copy
Copy command copies entire zone (including all the hosts in a master zone) under new name. This option can be used to use existing zone as a template when creating new zones. This command is available only for administrator.
5.2.7. Delete
Delete command allows removal of a zone. This command should be used with caution, since it will remove the entire zone from the database. This command is available only for administrator.
5.2.8. Edit
Edit command is used to edit existing zone. This command is only available for administrator. See Table 5-4 for descriptions of the elds used in the command dialog. Table 5-4. Edit Zone Dialog Field Zone name Description Example
28
Info TXT record auto generation Flag that controls the automatic Yes generation of descriptive TXT records for each host from the host info elds (User,Dept,Location,Info) Dummy zone Flag when set, causes this zone to No be treated as a dummy zone that only appears in the named.conf but the zone le will not be generated by Sauron. Zone class; IN (Internet), CHAOS, IN HESIOD, HS Zone specic hostmasters email address. If empty hostmasters email address from server record is used. BINDs check-names option; default, fail, ignore, warn BINDs notify option; default, yes, no SOA record refresh value. If empy, value from the server record is used instead SOA record retry value. If empy, value from the server record is used instead SOA record expire value. If empy, value from the server record is used instead default default
Class Hostmaster
Retry
Expire
Minimum (negative caching TTL) SOA record minimun value. If empy, value from the server record is used instead Default TTL Default TTL for RRs in this zone. If empy, value from the server record is used instead Zone A record(s). Zone NS records (there should always be at least two name servers dened for a zone) 192.168.1.1 ns1.middle.earth ns2.middle.earth
29
Chapter 5. Web Interface Field Mail exchanges (MX) Description Zone MX records Example 10 mail1 10 mail2 20 mailbackup Info (TXT) Allow dynamic updates Allow queries from Allow zone-transfers from [Stealth] Servers to notify Zone specic DHCP entries Zone TXT records. BIND allow-update option BIND allow-query option BIND allow-transfer option BIND also-notify option dhcpd options for all hosts in this zone
5.3.1. Search
Search command is the default command when entering into Hosts menu. This command provides powerful search engine for hosts within current zone. See Table 5-5 for descriptions of the elds used in the command dialog. Table 5-5. Search Hosts Dialog Field Record type Description Example
Limits search to specic record Host type; <Any Type>, Host, Host reservation, Delegation, Plain MX, Alias, AREC Alias, Glue record, DHCP only Search only hosts within specied network
Subnet
30
Lmit search to given CIDR block 192.168.1.128/25 or IP address (NOTE! this eld supersedes the subnet eld) Limit search scope to hosts that have domainname that matches regular expression given in this eld. Sort search result by IP or hostname Number of hosts to display per page Denes the eld that is searched for pattern dened in next eld (Pattern). Search hosts records for this regular expression in the eld dened in Search eld eld. \.sales$
by IP 256 Ether
Pattern (regexp)
Hostname (without the zonename ws001 part of the hosts FQDN) Select Manual IP for manually <Manual IP> specifying hosts IP number, or select desired network for automatically selecting next available IP number from within that networks auto assign range.
31
Chapter 5. Web Interface Field IP Router (priority) Description Hosts IP number (only if Manual IP selected in subnet eld). This eld should be zero for hosts. 0 For router interfaces, this should be set to positive priority value (1=highest priority). Priority is used for choosing "best" router interface when generating DHCP cong for each subnet. Group which this host belongs to. None MX template to use for this host. None WKS template to use for this host. None primary user/use for this host (informational) department this host belongs to (informational) current location of the host (informational) extra information about the host (informational) Host hardware description Host software (OS) description Host NIC hardware (MAC) address (this must be unique within zone) This eld is reserved for organizational asset ID tag (this must be unique within server) Host model information (informational) Host serial number (informational) miscellaneous information about the host (informational) Host will automatically disappear from DNS & DHCP congurations after it has expired (sauron can automatically clean expired hosts from database when run with --clean option) PC MS-WINDOWS-2000 00:00:01:23:45:66 Gandalf the White Mages Guild White Tower Example
Group MX template WKS template User Dept. Location Info HINFO hardware HINFO software Ethernet address
Asset ID
32
Hostname (without the zonename ws001 part of the hosts FQDN) Hosts IP address. primary user/use for this host (informational) department this host belongs to (informational) current location of the host (informational) extra information about the host (informational) Host hardware description Host software (OS) description Host NIC hardware (MAC) address (this must be unique within zone) This eld is reserved for organizational asset ID tag (this must be unique within server) Host model information (informational) Host serial number (informational) miscellaneous information about the host (informational) Group which this host belongs to. None MX template to use for this host. None WKS template to use for this host. None Host will automatically disappear from DNS & DHCP congurations after it has expired (sauron can automatically clean expired hosts from database when run with --clean option) PC MS-WINDOWS-2000 00:00:01:23:45:66 192.168.1.100 Gandalf the White Mages Guild White Tower
Asset ID
Model Serial no. Misc. Group MX template WKS template Expiration date
33
34
35
5.4.1. Show MX
Show MX command displays list of MX templates dened for this zone. To view specic MX template click on its name. To edit or delete a MX template use Edit or Delete buttons from the bottom of the screen when viewing a template.
5.4.4. Add MX
Add MX command is used to create a new MX template for selected zone. This command is only available for administrator.
36
Group Types
Normal Normal group is used to specify common DHCP and PRINTER entries for hosts. DHCP class This group is like normal group, but in DHCP conguration a class named after this group will be created and all hosts in this group will be subclassed into that class. This class can be used for example to allow only hosts in this group to use certain dynamic address pool. Dynamic Address Pool This group is used only for hosts (IPs) that belong to a certain IP address pool for a DHCP server. For each dynamic address pool for DHCP server, group of host entries that belong to this group should be created (IP addresses of these hosts dont necessarily have to be successive, but for each group a separate pool statement will be created in dhcpd.conf). When generating DHCP conguration, dynamic address pools are automatically generated for each group of this type. DHCP entries set for this group are put inside pool declaration in dhcpd.conf (these can be used to deny/allow certain classes of hosts to use this pool).
5.5.2. Add
Add command is used to create new (host) group for currently active server. This command is only available for administrator.
37
5.6.1. Networks
Networks command lists all the networks that are dened for active server. To view details of a network, just click on the network. To edit or delete selected network use Edit or Delete buttons. For information about selected network use Net Info button that displays technical information about given network and map of IPs currently in use.
Description
38
Chapter 5. Web Interface Field Net (CIDR) VLAN Authorization level Private (hide from browser) Comment Range start Description Network dened as CIDR block VLAN (Layer-2 network) this network belongs to Authorization level required for user to see this network Private network (hide from browser.cgi) Optional comments aobut this network Auto assign address range start 192.168.1.1 (Sauron will automatically assign new IP addresses from a network that are inside the auto assign range). Auto assign address range end. 192.168.1.254 DHCP enabled ag; this network Enabled is visible to DHCP server only if this is enabled DHCP conguration options lines specic to this network (dont use semicolon at the end of these lines). Example 192.168.1.0/24 None 0 No
5.6.5. VLANs
VLANs command lists all VLANs (Layer-2 networks) that are dened for active server. To view details of a VLAN, just click on the network. To edit or delete selected network use Edit or Delete buttons. This command is only available for users with sufciently high authorization level.
39
5.7.2. Who
Who command displays list of currently logged on users. This list includes username, users full name, host where user coming from, when user logged in, and how long user has been idle.
5.7.4. Login
Login command allows user to login again using different user account.
5.7.5. Logout
Login command allows user to logout from the system. This will also try to erase session cookie from users browser by issuing new cookie dummy cookie with expiration time set to now.
40
5.7.10. Lastlog
Lastlog command displays list or resent user sessions (with links to session infos). This command is only available for administrator.
41
6.1. addgroup
This command is used to add a new user group. User groups can be used to simplify user privilege management by assigning privileges to a group and then assigning users to that group. addgroup [--help] [--group=name] [--name=longname] This command can be used interactively when run without any arguments, or in patch mode by specifying both --group and --name arguments on command-line.
6.2. addhosts
This command can be used to add host entries into existing zone in Sauron from a text le that is standard zone-le format. addhosts [--help] {server } {zone} {file} [OPTIONS ]
option
--name=regexp --newonly --noreverse --outofzone --verbose --group=name --info=user :dept:location:info --force=type --commit
description Host name lter. Only add hosts if domainname matches to given regular expression. Add only hosts that do not already exist in Sauron database. Do not add reverse records. Allow out of zone records. Produce more verbose output. Assign new hosts into given group. Set info elds for all imported host to these values. Force host record in Sauron to be this type: dhcp-only Commit changes (without this no changes are made into database).
42
Chapter 6. Command Reference By default this program will not make any changes to Sauron database, it will only display what would be made. Use --commit to make changes into Sauron database.
6.3. adduser
This command is used to add a new user for Sauron web user interface. adduser [--help] [--user=username] [--passwd=password ] [--group=name] [--name=users-full-name] [--email=email-address] [--comment=comments] [--superuser] [--expiration=dd-mm-yyyy ] This command can be used interactively when run without any arguments, or in patch mode by specifying at least --user and --passwd options on command-line.
6.4. check-pending
Program to be run from cron that check for pending changes in Sauron database and sends notication of pending changes to address given on command-line. check-pending [--help] {servername} {emailaddress} To use this program SAURON_MAILER (and related settings) have to be congured in Sauron conguration le.
6.5. delgroup
This command removes user group permanently. delgroup [--help] [--group=groupname] [--newgroup=groupname] When run without any arguments this program runs in interactive mode prompting for group to be deleted. Groups can also be removed non-interactively by specifying --group option on command-line. Normally users that were in the deleted group are left without a group. If --newgroup is specied then any users that were in the deleted group are assigned to this group.
6.6. deluser
This command removes user account permanently. Account can also be locked using moduser program (see Section 6.18). deluser [--help] [--user=username]
43
Chapter 6. Command Reference When run without any arguments this program runs in interactive mode prompting for user to be deleted. Users can also be removed non-interactively by specifying --user option on command-line.
6.7. expire-hosts
This is a utility for expiring unused (hosts that havent been issued a DHCP lease within given time-frame) host entries. expire-hosts [--help] {server } [OPTIONS ]
option
--cidr=CIDR --name=regexp --netname=regexp
description Select only hosts within this CIDR block. Select only hostnames matching the regular expression. Select only hosts in the networks matching the regular expression (selects only hosts within auto assign ranges in these networks). Expire hosts with no DHCP activity in last <days> days (default: 90 days). Expire only hosts wit no recorded DHCP activity. Set hosts to expire on this date (default: now). Make program to display more verbose output. Commit changes (without this no changes are made into database).
By default this program will not make any changes to Sauron database, it will only display what would be made. Use --commit to make changes into Sauron database.
6.8. export-networks
This utility generates *nix /etc/networks format le of networks dened for given server. export-networks [--help] [--verbose] [--comments] [--all] {servername} This program sends generated le into standard output. Normally only networks that have DHCP setting set to true are included in the listing. To force listing of all networks dened for this server use --all option. Network names from Sauron are not included as comments into output unless --comments option is used.
44
6.9. generatehosts
This is a utility for generating number of similar host entries into Sauron database with one command. generatehosts [--help] {server } {zone} {hostname} {starting-IP } {count} [OPTIONS ]
option
--noreverse --outofzone --verbose --seqstart=n --group=name --info=user :dept:location:info --commit
description Do not add reverse records. Allow out of zone records. Produce more verbose output. Start sequence numbering from n. Assign new hosts to this group. Set info elds for all hosts to these values. Commit changes (without this no changes are made into database).
By default this program will not make any changes to Sauron database, it will only display what would be made. Use --commit to make changes into Sauron database. Hostname argument serves as a template for hostname of generated hosts. Following tags can be used in hostname: :N: :IP1: :IP2: :IP3: :IP4: current sequence number rst octet of current IP-number second octet of current IP-number third octet of current IP-number fourth octet of current IP-number
6.10. import
Utility for importing complete BIND conguration le set into Sauron. This program parses BIND conguration les and generates new server and related zones into Sauron. See also Section 3.2.2. import [--help] [OPTIONS ] {servername} {named.conf file}
option
--orphans=zonename --notransaction --dir=directory
description Zone for orphan PTR record hosts. Do not use transactions when updating database (potentially dangerous, but speeds up things). Directory where conguration les are located (if not in the directory specied in named.conf).
45
By default import expects to nd zone-les in the locations specied in the named.conf, but --dir option can be used to explicitly specify location for zone-les. After importing server from existing BIND conguration, related DHCP conguration should be imported using import-dhcp command.
6.11. import-dhcp
This utility can be used after importing existing DNS conguration using import utility to add information (Ethernet addresses and network map) from DHCP conguration into a server. import-dhcp [--help] [OPTIONS ] {servername} {dhcpd.conf file}
option
--dir=directory --chaosnet=name --global --verbose
description Directory where included les are located (if not in the directory specied in dhcpd.conf). Treat this shared-network as default VLAN (default is CHAOS). Import "global" entries into server DHCP settings. Make program to display more verbose output.
When using this program after importing existing DNS conguration using import, --global should be used to import global DHCP settings into the server DHCP settings.
6.12. import-ethers
Utility for assigning OUI (Ethernet card manufacturer) information into global table ether_info. This table enables Sauron to recognize and display Network card (NIC) manufacturer information. import-ethers [--help] [--force] {file} This program currently understands OUI information in old Ethernet.txt format and in the IEEEs OUI list format (oui.txt). Normally this utility only adds new OUIs into database, but using --force option allows updating all OUIs.
6.13. import-roots
Utility for importing root server hints into Sauron. Sauron has global table for root servers. But it is also possible to import server specic root servers which override global root servers table. import-roots [--help] [--update] [servername | default] {file}
46
Chapter 6. Command Reference This program imports standard root server (hint) zone-le. To import global root servers use default as the server name.
6.14. import-zone
This a utility for importing DNS zones into existing server. Zones can be read either from a zone le or fetched directly from DNS using zone transfer. import-zone [--help] [OPTIONS ] {servername} {zone} [zone file]
option
--nameserver=server --zone=name --group=name --verbose
description Use this nameserver for zone transder (argument must be either IP number or domainname). Insert hosts into this parent zone, instead of generating new zone. Assign new hosts into this group. Make program to display more verbose output.
Normally import-zone command generates a new zone in Sauron, but with --zone option it is possible to import only the hosts from a zone into that zones parent zone (which must already exist in Sauron).
6.15. last
Utility for listing lastlog information about Sauron WWW-interface users. This command is similar to *nix last command. last [-h] [-num] [username] Option -num can be used to limit how many entries to display. To list only lastlog entries of a specic user enter that user name as the last argument.
6.16. modgroup
This is utility for modifying user groups. This utility can also be used to list all user groups. User groups can be assigned all the same privileges as a user, but assigning privileges to groups and then users make privilege management more manageable with large number of users. See also Section 4.1.2. modgroup [--help] {groupname} [OPTIONS ]
option
--list
47
description Add interactively privileges to given group. Add server privilege (mode=R|RW|RWX). Add zone privilege (mode=R|RW|RWX). Add net (IP-range) restriction. Add hostname mask (restriction). Add IP-mask restriction. Add privilege level. Add host expiration limit. Add default department for adding hosts. Delete privilege by its ID number. Delete all privileges.
This program can be used to list all available groups by specifying only --list. Privileges can be added either interactively by specifying short form of --add or non-interactively by using long form.
6.17. modhosts
Simple utility for modifying or deleting several hosts at a time. modhosts [--help] {server } {zone} [OPTIONS ]
option
--cidr=CIDR --name=regexp --info=regexp --type=type --ether=regexp --etherempty --delete --move=CIDR,IP --rename=regexp --setedate=days --setgroup=groupname
description Select only hosts within this CIDR block. Select only hostnames matching the regular expression. Select only hosts with matching info (this looks for pattern in User, Dept, Location, and Info elds). Select only hosts of this type (available types: host, cname, arc, srv). Select only hosts with matching Ethernet (MAC) address. Select only hosts without Ethernet (MAC) address. Delete matching hosts. Move host into given network (starting from IP within that network). Rename hosts using given substitution regular expression. Set host expiration dates to: today+days. Assign hosts to this group.
48
By default this program will not make any changes to Sauron database, it will only display what would be made. Use --commit to make changes into Sauron database.
6.18. moduser
This is utility for modifying user accounts. This utility can also be used to list all users. This utility can also be used to modify user account privileges, but its recommended to use user groups rather than assigning privileges directly to user accounts. For more information about user privileges see Section 4.1.2. moduser [--help] {username} [OPTIONS ]
option
--name="users name" --email=address --comment=text --expiration=dd-mm-yyyy | NONE --superuser=yes | no --passwd --passwd=password --group=groupname | NONE --list --lock --unlock --add --add=server,servername,mode --add=zone,servername:zonename,mode --add=net,servername:net --add=host,regexp --add=ipmask,ipmask --add=level,level --add=elimit,days --add=def_dept,string --del=id --delall
description Set users full name. Set users email address. Set user comments. Set account expiration date. Toggle superuser ag for user. Set user password interactively. Set user password. Set users group. List all users and exit. Lock user account. Unlock user account. Add interactively privileges to given group. Add server privilege (mode=R|RW|RWX). Add zone privilege (mode=R|RW|RWX). Add net (IP-range) restriction. Add hostname mask (restriction). Add IP-mask restriction. Add privilege level. Add host expiration limit. Add default department for adding hosts. Delete privilege by its ID number. Delete all privileges.
This program can be used to list all users by specifying only --list. Privileges can be added either
49
Chapter 6. Command Reference interactively by specifying short form of --add or non-interactively by using the long form.
6.19. runsql
Utility for sunning SQL code from a le into Sauron database. This utility is used by createtables to initialize Sauron database. runsql [--help] [--separate] filename... Normally all les given as arguments are processed inside on transaction. To process each le as a separate transaction use --separate option.
6.20. sauron
This is the program for generating DNS and DHCP conguration les from Sauron database for given server. sauron [--help] [OPTIONS ] {servername} [target directory ]
option
--all --bind --dhcp --printer --clean
description Generate all (DNS & DHCP) conguration les. Generate BIND (named) conguration les. Generate DHCP (dhcpd) conguration les. Generate PRINTER (lpd) conguration les (not yet implemented). Cleanup expired host records from the server. By default host records that have been expired over 30 days are removed, but this can be controlled using conguration le option SAURON_REMOVE_EXPIRED_DELAY. force SOA serial number update on master zones. Check validity of generated DNS & DHCP conguration les. (see Section 3.3). Enable DHCP v2 compatibility mode. Enable email notication sending.
Option --updateserial forces the update of zone SOA serial numbers for master zones. Normally Sauron tries to detect if zone serial number update is necessary and update it only when needed, but this detection routine may sometimes fail, so for now its recommended to use --updateserial option.
50
6.21. status
Utility for listing database connection status and the WWW user interface status information including currently logged in users. status [--help] [OPTIONS ]
option
--pending --pending=servername --cgi-disable=message
description Display number of host changes pending for each server. Display pending host changes for given server. Disable WWW interface and set message to be displayed when users try to access the WWW interface. Enable WWW interface. Display less verbose output. Display module version numbers.
This command can be easily used from shell scripts to test for pending changes for a server by using
--pending=servername (and optionally --quiet option) which returns exit code 2 if there are
6.22. update-dhcp-info
Utility designed to be run from cron that parses logs generated by dhcpd and updates Last lease issued by DHCP server elds for hosts. update-dhcp-info [--help] [--verbose] [--year=yyyy ] {servername} logfile Since normal syslog logles have timestamps without year information, option --year can be used to specify the year to be used if parsing logles from previous year. Normally update-dhcp-info assumes that the logle is from current year.
51
servers
root_servers
nets
zones
wks_templates
groups
cidr_entries
mx_templates
hosts
arec_entries
ns_entries
mx_entries
a_entries
wks_entries
dhcp_entries
printer_entries
settings user_rights
hinfo_templates
ether_info
52
dhcp_entries(dhcp_entries.ref -> hosts.id) mx_entries(mx_entries.ref -> hosts.id) ns_entries(ns_entries.ref -> hosts.id) printer_entries(printer_entries.ref -> hosts.id) a_entries(a_entries.host -> hosts.id) txt_entries(txt_entries.ref -> hosts.id) srv_entries(srv_entries.ref -> hosts.id) wks_entries(wks_entries.ref -> hosts.id) arec_entries(arec_entries.host -> hosts.id) arec_entries(arec_entries.arec -> hosts.id)
cidr_entries(cidr_entries.ref -> zones.id) dhcp_entries(dhcp_entries.ref -> zones.id) mx_entries(mx_entries.ref -> zones.id) mx_templates(mx_templates.zone -> zones.id)
53
cidr_entries(cidr_entries.ref -> servers.id) dhcp_entries(dhcp_entries.ref -> servers.id) txt_entries(txt_entries.ref -> servers.id) wks_templates(wks_templates.server -> servers.id)
ether_info printer_classes
users
user_groups
54
A.1.1.2. settings
global settings table eld key value ivalue CONSTRAINT type TEXT NOT NULL CHECK(key <> ) TEXT INT4 comments name os setting tuple string value of setting interger value of setting global_key PRIMARY KEY (key)
A.1.1.3. servers
This table contains servers that are managed with this system. For each server named/dhcpd/printer conguration les can be automagically generated from the database. eld id name zones_only type SERIAL PRIMARY KEY comments unique ID
TEXT NOT NULL CHECK(name server name <> ) BOOL DEFAULT false if true, generate named.zones le otherwise generate complete named.conf if true, no root server (hint)zone entry is generated
no_roots
55
Appendix A. Technical Details eld dhcp_mode dhcp_ags type INT DEFAULT 1 INT DEFAULT 0 comments DHCP subnet map creation mode: 0 = use VLANs,1 = use networks DHCP option ags: 0x01 = auto-generate domainnames0x02 = enable failover protocol named option ags: 0x01 = access control from master (slave only) 0x02 = include also slave zones from master (slave only) 0x04 = do NOT generate HINFO records0x08 = do NOT generate WKS records dynamically add slave zonesfor all zones in master server named.conf options...more to be added as needed... version directory pid_le dump_le named_xfer stats_le memstats_le named_ca pzone_path szone_path query_src_ip query_src_port listen_on_port transfer_source forward TEXT TEXT TEXT TEXT TEXT TEXT TEXT TEXT DEFAULT named.ca TEXT DEFAULT TEXT DEFAULT NS2/ TEXT TEXT TEXT INET CHAR(1) DEFAULT D version string to display (optional) base directory for named (optional) pid-le pathname (optional) dump-le pathname (optiona) named-xfer pathname (optional) statistics-le pathname (optional) memstatistics-le pathname (optional) root servers lename relative path for masterzone les relative path for slave zone les query source ip (optional) (ip | *) query source port (optional) (port | *) listen on port (optional) transfer-source (optional) forward: D=defaultO=only, F=rst check-names: D=default, W=warn, F=fail, I=ignore checknames_m checknames_s CHAR(1) DEFAULT D CHAR(1) DEFAULT D check-names master check-names slave
named_ags
INT DEFAULT 0
masterserver
INT DEFAULT -1
56
Appendix A. Technical Details eld checknames_r type CHAR(1) DEFAULT D comments check-names response boolean ags: D=default, Y=yes, N=no nnotify recursion authnxdomain dialup multiple_cnames rfc2308_type1 ttl refresh retry expire minimum CHAR(1) DEFAULT D CHAR(1) DEFAULT D CHAR(1) DEFAULT D CHAR(1) DEFAULT D CHAR(1) DEFAULT D CHAR(1) DEFAULT D INT4 DEFAULT 86400 INT4 DEFAULT 43200 INT4 DEFAULT 3600 INT4 DEFAULT 2419200 INT4 DEFAULT 86400 notify recursion auth-nxdomain dialup multiple-cnames rfc2308-type1 default TTLs default TTL for RR records default SOA refresh default SOA retry default SOA expire default SOA minimum (negative caching ttl) IPv6 ipv6 df_port df_max_delay df_max_uupdates df_mclt df_split df_loadbalmax hostname hostaddr hostmaster comment CONSTRAINT TEXT INT DEFAULT 519 INT DEFAULT 60 INT DEFAULT 10 INT DEFAULT 3600 INT DEFAULT 128 INT DEFAULT 3 TEXT INET TEXT TEXT servers_name_key UNIQUE(name) reserved DHCP failover listen port max-response-delay max-unacked-updates mlct split load balance max seconds defaults to use in zones primary servername for sibling zone SOAs primary server IP address hostmaster name for sibling zone SOAsunless overided in zone
A.1.1.4. zones
This table contains zone denitions of a server. eld id type SERIAL comments unique ID
57
Appendix A. Technical Details eld server active type INT4 NOT NULL BOOL DEFAULT true comments ptr to a record in servers table-->servers.id zone active ag (only active zones are included innamed conguration) dummy zone ag zone type: (H)int, (M)aster, (S)lave, (F)orward true for reverse (arpa) zones if true, zone not used in reversemap generation zone option ags: 0x01 = generate TXT records fromuser,dept,location,info elds forward: D=default, O=only, F=rst notify: D=default, Y=yes, N=no check-names: D=default, W=warn, F=fail,I=ignore zone class (IN) zone name hostmaster (email) (optional; if not dened value from server tableis used instead) zone serial number(automagically updated) zone serial last update date zone SOA refresh time zone SOA retry time zone SOA expire time zone SOA minimum (negative caching) time default TTL for RRs in this zone (if not dened, value from servers record isused instead) unused contains CIDR of the reverse zone(if applicaple) unused zones_key PRIMARY KEY (name,server)
BOOL DEFAULT false CHAR(1) NOT NULL BOOL DEFAULT false BOOL DEFAULT false INT DEFAULT 0
CHAR(1) DEFAULT D CHAR(1) DEFAULT D CHAR(1) DEFAULT D CHAR(2) DEFAULT in TEXT NOT NULL CHECK (name <> ) TEXT
CHAR(10) DEFAULT 1999123001 INT4 DEFAULT 0 INT4 INT4 INT4 INT4 INT4
58
A.1.1.5. hosts
This table contains host entries for a zone. eld id zone type type SERIAL PRIMARY KEY INT4 NOT NULL INT4 DEFAULT 0 comments unique ID ptr to a zone table record-->zones.id host type: 0=misc, 1=host, 2=subdomain (delegation), 3=mx entry, 4=alias (cname), 5=printer, 6=glue record, 7=alias (arec), 8=srv entry, 9=dhcp only, 10=zone, 101=host reservation host domain name TTL for host records, default if NULL class (IN) ptr to group-->groups.id ptr to another host record(for CNAME alias) CNAME value for out-of-zone alias HINFO hardware HINFO software LOC record value ptr to wks_templates table entry-->wks_templates.id ptr to mx_templates table entry-->mx_templates.id RP mbox RP txt router if > 0, also router priority(1 being highest priority) true for virtual printer entries reserved Ethernet address (MAC) ptr to another host record(for ETHER address) last time host requested IP reserved
domain ttl class grp alias cname_txt hinfo_hw hinfo_sw loc wks mx rp_mbox rp_txt router prn ags ether ether_alias dhcp_date dhcp_info
TEXT NOT NULL CHECK(domain <> ) INT4 CHAR(2) DEFAULT IN INT4 DEFAULT -1 INT4 DEFAULT -1 TEXT TEXT TEXT TEXT INT4 DEFAULT -1 INT4 DEFAULT -1 TEXT DEFAULT . TEXT DEFAULT . INT4 DEFAULT 0 BOOL DEFAULT false INT4 DEFAULT 0 CHAR(12) INT4 DEFAULT -1 INT4 TEXT
59
Appendix A. Technical Details eld info location dept huser model serial misc asset_id comment CONSTRAINT CONSTRAINT CONSTRAINT type TEXT TEXT TEXT TEXT TEXT TEXT TEXT TEXT TEXT comments Host info (appears as TXT record) Host location info Department name User info host model info serial number misc info asset ID comment hostname_key UNIQUE (domain,zone), ether_key UNIQUE(ether,zone), asset_key UNIQUE(asset_id,zone)
A.1.1.6. groups
Group descriptions, linked to server record. Hosts can "belong" to one group and get DHCP/printer/etc denitions from that group. eld id server name type type SERIAL PRIMARY KEY INT4 NOT NULL comments unique ID ptr to a servers table record-->servers.id
TEXT NOT NULL CHECK(name group name <> ) INT NOT NULL group type: 1 = normal group, 2 = dynamic address pool,3 = DHCP client class required authorization level
groups_key UNIQUE(name,server)
A.1.1.7. nets
Net/subnet descriptions, linked to server record. Used mainly for generating subnet map for DHCP and access control/user friendliness in front-ends. eld id type SERIAL comments unique ID
60
Appendix A. Technical Details eld server netname name net subnet vlan alevel type ipv6 rp_mbox rp_txt no_dhcp range_start range_end comment CONSTRAINT type INT4 NOT NULL TEXT TEXT CIDR NOT NULL BOOL DEFAULT true INT4 DEFAULT -1 INT4 DEFAULT 0 INT4 DEFAULT 0 TEXT TEXT DEFAULT . TEXT DEFAULT . BOOL DEFAULT false INET INET TEXT comments ptr to a servers table record-->servers.id (sub)net name descriptive name of the (sub)net net CIDR subnet ag ptr to vlans table record-->vlans.id required authorization level network type/option ags:0x01 = private (hidden from browser) reserved RP mbox RP txt no-DHCP ag auto assign address range start auto assign address range end comment nets_key PRIMARY KEY (net,server)
A.1.1.8. cidr_entries
This table contains CIDRs used in server various contexts. eld id type type SERIAL PRIMARY KEY INT4 NOT NULL comments unique ID type: 1=server (allow-transfer) 2=zone (allow-update) 3=zone (masters) 4=zone (allow-query) 5=zone (allow-transfer) 6=zone (also-notify) 7=server (allow-query) 8=server (allow-recursion) 9=server (blackhole) 10=server (listen-on) 11=server (forwarders)12=zone (forwarders) ptr to table specieed by type eld -->servers.id-->zones.id CIDR value
ref ip comment
61
A.1.1.9. dhcp_entries
This table contains DHCP options user in various contexts. eld id type type SERIAL PRIMARY KEY INT4 NOT NULL comments unique ID type: 1=server, 2=zone, 3=host, 4=net, 5=group6=vlan (shared-network) ptr to table specieed by type eld -->servers.id -->zones.id -->hosts.id -->nets.id-->groups.id DHCP entry value (without trailing ;)
ref
dhcp comment
TEXT TEXT
A.1.1.10. ether_info
This table contains Ethernet adapter manufacturer codes. eld ea info type CHAR(6) PRIMARY KEY TEXT comments manufacturer code (6 bytes in hex) manufacturer name & info
A.1.1.11. mx_entries
This table contains MX record entries. eld id type ref type SERIAL PRIMARY KEY INT4 NOT NULL INT4 NOT NULL comments unique ID type: 1=zone (not used anymore!), 2=host,3=mx_templates ptr to table specieed by type eld -->zones.id -->hosts.id-->mx_templates MX priority MX domain (FQDN)
pri mx comment
62
A.1.1.12. mx_templates
MX entry templates, hosts may link to one entry in this table. Entries are zone specic. eld id zone alevel name comment type SERIAL PRIMARY KEY INT4 NOT NULL INT4 DEFAULT 0 TEXT TEXT comments unique ID ptr to a zone table record-->zones.id required authorization level template name
A.1.1.13. ns_entries
This table contains NS resource record denitions. eld id type ref ns comment type SERIAL PRIMARY KEY INT4 NOT NULL INT4 NOT NULL TEXT TEXT comments unique ID type: 1=zone (not used anymore!),2=host ptr to table specieed by type eld -->zones.id-->hosts.id value of NS record (FQDN)
A.1.1.14. printer_classes
Global table to store printer classes (printcap stuff) these classess maybe referred to in PRINTER elds in other tables. eld id name comment type SERIAL PRIMARY KEY TEXT UNIQUE NOT NULL CHECK(name <> ) TEXT comments unique ID class name
A.1.1.15. printer_entries
This table contains printer denition entries. eld id type SERIAL PRIMARY KEY comments unique ID
63
Appendix A. Technical Details eld type ref type INT4 NOT NULL INT4 NOT NULL comments type: 1=group, 2=host,3=printer_class ptr to table specieed by type eld -->groups.id -->hosts.id-->printer_classes.id printcap entry
printer comment
TEXT TEXT
A.1.1.16. a_entries
Addresses (A records) for hosts, linked to a host record. eld id host ip ipv6 type reverse forward comment type SERIAL PRIMARY KEY INT4 NOT NULL INET TEXT INT4 DEFAULT 0 BOOL DEFAULT true BOOL DEFAULT true CHAR(20) comments unique ID ptr to hosts table id-->hosts.id IP number reserved reserved generate reverse (PTR) record ag generate (A) record ag
A.1.1.17. txt_entries
This table contains TXT record entries and miscellaneous text entries. eld id type type SERIAL PRIMARY KEY INT4 NOT NULL comments unique ID type: 1=zone (not used anymore!), 2=host, 3=server10=server (BIND logging entry) ptr to table specieed by type eld -->zones.id -->hosts.id-->servers.id value of TXT record comments
ref
txt comment
TEXT TEXT
64
A.1.1.18. srv_entries
This table contains MX record entries. eld id type ref pri weight port target comment type SERIAL PRIMARY KEY INT4 NOT NULL INT4 NOT NULL INT4 NOT NULL CHECK (pri >= 0) INT4 NOT NULL CHECK (weight >= 0) INT4 NOT NULL CHECK (port >= 0) TEXT comments unique ID type:1=host ptr to table specieed by type eld-->hosts.id priority weight port
A.1.1.19. users
This table contains (user interface) user account information. eld id gid username password name email superuser server zone last last_pwd last_from search_opts ags comment type SERIAL PRIMARY KEY INT4 DEFAULT -1 TEXT NOT NULL CHECK(username <> ) TEXT TEXT TEXT BOOL DEFAULT false INT4 DEFAULT -1 INT4 DEFAULT -1 INT4 DEFAULT 0 INT4 DEFAULT 0 TEXT TEXT INT4 DEFAULT 0 TEXT comments unique ID ptr to user group -->user_groups.id login name encrypted password (MD5 or Crypt) long user name user email address superuser ag default server id default zone id last login time last password change time last login host default search options user account asgs:0x01 = email notications on
65
A.1.1.20. user_rights
This table contains record dening user rights. eld id type ref rtype type SERIAL PRIMARY KEY INT NOT NULL INT NOT NULL INT NOT NULL comments unique ID type: 1=user_group2=users ptr to users table specied by type -->user_groups.id-->users.id type: 1=server, 2=zone, 3=net, 4=hostnamemask 5=IP mask 6=authorization level 7=host expiration limit (days)8=default for dept ptr to table specied by type eld R,RW,RWS or regexp
rref rule
A.1.1.21. user_groups
This table contains records dening user groups. eld id name comment CONSTRAINT type SERIAL PRIMARY KEY TEXT NOT NULL CHECK (name <> ) TEXT comments unique ID group name comments user_groups_name_key UNIQUE(name)
A.1.1.22. wks_entries
This table contains WKS record entries. eld id type ref proto type SERIAL PRIMARY KEY INT4 NOT NULL INT4 NOT NULL CHAR(10) comments unique ID type: 1=host,2=wks_template ptr to table specieed by type eld -->hosts.id-->wks_templates.id protocol (tcp,udp)
66
Appendix A. Technical Details eld services comment type TEXT TEXT comments services (ftp,telnet,smtp,http,...)
A.1.1.23. wks_templates
WKS entry templates, hosts may link to one entry in this table. Entries are server specic. eld id server alevel name comment type SERIAL PRIMARY KEY INT4 NOT NULL INT4 DEFAULT 0 TEXT TEXT comments unique ID ptr to a server table record-->servers.id required authorization level template name
A.1.1.24. utmp
This table contains "utmp" data of currently logged in www-interface users. eld cookie uid gid sid uname addr superuser auth mode w serverid server zoneid zone login last searchopts type CHAR(32) PRIMARY KEY INT4 INT4 INT4 TEXT CIDR BOOL DEFAULT false BOOL DEFAULT false INT4 TEXT INT4 DEFAULT -1 TEXT INT4 DEFAULT -1 TEXT INT4 DEFAULT 0 INT4 DEFAULT 0 TEXT comments session id cookie (MD5) ptr to users table record-->users.id ptr to user_groups table record-->user_groups.id session ID username users IP address superuser ag user authenticated ag current status of user last command user excecuted current server id current server name current zone id current zone name login time last activity time current search options
67
Appendix A. Technical Details eld searchdomain searchpattern type TEXT TEXT comments current search domain current search pattern
A.1.1.25. hinfo_templates
HINFO templates table contains list of default values for HINFO records. eld id hinfo type pri type SERIAL PRIMARY KEY comments unique ID
TEXT NOT NULL CHECK(hinfo HINFO value <> ) UNIQUE INT4 DEFAULT 0 INT4 DEFAULT 100 type: 0=hardware, 1=software priority (denes the order in whichentries are displayed in user interfaces)
A.1.1.26. arec_entries
pointers to A record aliased hosts, linked to a host record. eld id host arec type SERIAL PRIMARY KEY INT4 NOT NULL INT4 NOT NULL comments unique ID ptr to hosts table id-->hosts.id ptr to aliased host id -->hosts.id
A.1.1.27. root_servers
This table contains root server denitions. eld id server ttl domain type value type SERIAL PRIMARY KEY INT4 NOT NULL INT4 DEFAULT 3600000 TEXT NOT NULL TEXT NOT NULL TEXT NOT NULL domainname A,NS,... value comments unique ID ptr to server table id-->servers.id
68
A.1.1.28. history
history table contains "log" data of modications done to the databse eld id sid uid date type type SERIAL PRIMARY KEY INT NOT NULL INT NOT NULL INT NOT NULL INT NOT NULL comments unique ID session ID user ID date of record record type: 1=hosts table modication, 2=zones 3=servers 4=nets5=users optional reference operation performed extra info
A.1.1.29. lastlog
lastlog table contains "lastlog" data of database users eld id sid uid date state type SERIAL PRIMARY KEY INT NOT NULL INT NOT NULL INT NOT NULL INT NOT NULL comments unique ID session ID user ID date of record record type: 1=logged in 2=logged out 3=idle timeout4=reconnect logout date remote IP remote host
ldate ip host
A.1.1.30. news
This table contains motd/news to be displayed when user logs in... eld id server info type SERIAL PRIMARY KEY INT DEFAULT -1 TEXT NOT NULL comments unique ID ptr to server or -1 for globalnews messages news/motd message
69
A.1.1.31. vlans
"VLAN" (Layer-2 networks/shared networks) descriptions, linked to server record. Used mainly for generating of shared-network map for DHCP. eld id server name description comment CONSTRAINT type SERIAL INT4 NOT NULL comments unique ID ptr to a servers table record-->servers.id
TEXT NOT NULL CHECK(name name of vlan <> ) TEXT TEXT long name comments vlans_key PRIMARY KEY (name,server)
70
71
72
73
74
If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
75
<one line to give the programs name and a brief idea of what it does.> Copyright (C) 19yy <name of author> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode:
76
77