-
Notifications
You must be signed in to change notification settings - Fork 3
Home
Welcome to the dnsphpadmin wiki!
DNS PHP admin is a very simple GUI utility that helps sysadmins manage their DNS records and also provides easy to use interface for end users, which is more idiot friendly than low level command line tools that are typically used to manage BIND9 servers.
It also makes it possible to centralize management of multiple separate DNS servers, so that you can edit multiple zones on multiple different DNS servers.
This tool is only a wrapper for Linux commands dig
and nsupdate
, it will download all records in a zone via AXFR (zone transfer) and it will change the records via nsupdate commands.
Checkout the repository into any folder which is configured a http root of some web server with PHP installed, (for example into /var/www/dns).
cd /var/www/html
git clone --recursive https://github.com/benapetr/dnsphpadmin
cd dnsphpadmin
# Now copy the default config file
cp config.default.php config.php
# Edit in your favorite editor
vi config.php
IMPORTANT: DNS tool doesn't use any authentication by default so everyone with access to web server will have access to DNS tool. If this is just a simple setup for 1 or 2 admins who should have unlimited access to everything, you should setup login via htaccess or similar see https://httpd.apache.org/docs/2.4/howto/auth.html for apache. If have LDAP (active directory is also LDAP), you can configure this tool to use LDAP authentication as well.
Now update $g_domains
so that it contains information about zones you want to manage. Web server must have nsupdate and dig Linux commands installed in paths that are in config.php and it also needs to have firewall access to perform zone transfer and to perform nsupdate updates.
Because of the nature how this tool works - it doesn't contain any database with records for all zones, it's directly communicating with DNS servers and performs zone transfer to get a list of all records in a zone, which is somewhat expensive operation on DNS server level.
In order to support search, it would be necessary to perform zone transfer of every single zone, which in massive setups with hundreds zones would equal DDoS attack on DNS servers (many DNS servers actually have rate-limits so they would simply ban dns tool from running more queries).