Web and Perl admin tool - SUMMARY

Web and Perl admin tool - SUMMARY

Post by Christopher J. Wargas » Thu, 15 May 1997 04:00:00


As promised, I have the summary from my search for a Web & Perl based DNS
administration tool.

Here is the original posting:

Quote:>    I am working on a project to offload the assignment of IP
> addresses from the network engineering staff to our Help Desk.  I want
> to accomplish this by giving the Help Desk analysts the ability to
> assign addresses through a an HTML form with a cgi back end talking to
> BIND. I am interested to see if there is any such animal already around.

>    We do not use DHCP to aid our troubleshooting--each FQDN is
> built with the building name, room number, and sometimes the
> department name, with contact name in comments.

>    If this were Eutopia, the Help Desk analyst would bring up the
> HTML form, fill in the necessary information. (Only specified stations
> could access this form, of course, and there is some type of
> challenge-response built in to the front end.) Once the form is
> submitted, the Perl looks for an address, and using SCCS for revision
> control, creates the necessary records.

>    I am not opposed to buying some tool to do this, just as long
> as it does everything I want, and uses BIND 4.9.5.  (Oh, yes, and can
> make my coffee with just the right amount of cream. ;-)

>                                    cjw

Here is the summary of the replies that I received:

o       A tool called WebDNS, written by Matthew D. Stock of SUNY Buffalo.  
        Unfortunately, he isn't developing it anymore, and it is not 100%
        complete. However, the design is good.

        Writes the author, "The ftp link should be available on one of the
        pages, but it's in perdix.acsu.buffalo.edu:/pub somewhere."


        DNS Boss 1.01" is a software tool for maintaining a Domain Name
        System (DNS) primary, or secondary.  The product is written in Java
        and it is currently ported to the SUN SPARC Solaris 2.5 (or
        greater) platform.  DNS Boss 1.01 has a very easy to use Graphical
        User Interface (GUI), and it was designed to be used by users who
        are not UNIX, or DNS experts.  The tool was specifically designed
        to be easy to install and use so that if you have a need to run
        your own DNS primary or secondary for your Internet site, you can
        get the job done in a very short amount of time.

        feature implementation of the tool:

        " In order to accomplish your task, you have to run a privileged
        process.  Running your HTTP server as root is too bad, as you
        surely know. Running your script suid is almost as bad. If it is
        ever compromised... I think I have a better solution.

        I wrote several similar Perl scripts for common sysadmin tasks
        (create/delete user, change user password, etc.). The work is split
        into two independent stages.

        1. CGI script is used to authenticate a privileged user and receive
        from him all necessary information. The script writes this
        information (request) to predefined directory. That is all. No
        actual work is done, so the script does not need any priviliges.

        2. Another script (non-CGI!) runs once an hour as root under
        cron. It checks whether there are new requests and fulfills
        them. It then mails the results to the manager, and writes logs."

o       A tool I found which is being sold called NameSurfer, by a company
        of the same name. My concerns are that it incorporates a version of
        BIND into the program, instead of interfacing with an already
        installed version.

        "It includes a copy of BIND [4.9.5-REL] which has been modified to
        support primary name servers that listen on TCP/UDP ports other
        than the standard DNS port (53), and to enable the NOTIFY protocol
        (RFC1996).  Apart from these two simple modifications, it is a
        standard BIND.  NameSurfer itself runs as a separate process.

        We usually update the BIND a few times a year.

        We still consider BIND 8 to be sufficiently new and unproven that
        we probably will use BIND 4.9.5-P1 for the next release."

My decision to not use anything I found already in place was difficult to
make, but it boiled down to only few reasons:

        I want to be able to update BIND on my own. I like keeping up with
        the most recent security patches. This rules out all of the
        corporate packages.

        My primary server runs on SunOS 4.1.4, and I am not interested in
        upgrading it to Solaris 2.5 yet, so that rules out DNSBOSS.

        I do not have the time to hack any took to pieces to make it work,
        so this rules out Matt's tool. (Plus, it was not quite finished).


Rush-Presbyterian-St. Luke's Medical Center -- Chicago, Illinois


Web and Perl admin tool - SUMMARY

Post by Greg A. Woo » Fri, 16 May 1997 04:00:00

Quote:> Subject: Web and Perl admin tool - SUMMARY

> My decision to not use anything I found already in place was difficult to
> make, but it boiled down to only few reasons:

Thanks for your review!

I'd reached the same conclusions through a more intuitive process.

I suspect the best solution must still be very site specific as it
(should) depends highly on other administrative tools, such as
configuration management systems, etc.

If I were to design an entire system from scratch I'd probably use some
form of dbms of a semi-custom nature (though perhaps based on a decent
sql compliant subsystem) with a quite traditional character-based forms
user interface.

Fancy GUIs and WWW interfaces don't necessarily get the job done and no
matter what a total novice is not going to to be able to manage DNS no
matter how simple the UI.  GUIs and WWW interfaces are also more
difficult to secure, and security is critical in DNS management and
paramount in other systems and configuration management activities.

If the underlying management information system that one builds for
these purposes is sufficiently flexible or features the appropriate
hooks, then perhaps a GUI in a suitable environment, or a WWW interface
in a sufficiently secure internal network may be the most effective
mechanism to create a UI, but these things should not be #1

                                                        Greg A. Woods

+1 416 443-1734                 VE3TCP                  robohack!woods


1. eigrp summary->distance admin 5

two#show ip route
D is a SUMMARY, 00:06:48, Null0


one#show ip route
D [90/11023872] via, 00:00:36, Serial0

the distance administrative for the SUMMARY route is

- "90" (see router "one")

...instead of "5", "5" being the default administrative distance for eigrp
summary route.

does it mean that a "standard" summary route (means with distance "5"):
- is a summary of pure internal routes (the example above is a summarization
of both external and internal routes)?
- means something else...

thanks for your comments

2. TC 1 available?

3. Book Review: "Web Client Programming with Perl" by Wong

4. Does any company make *QUALITY* true (diamond) silver/silver discs?

5. Web server perl bug!

6. Text mode Screen Attributes

7. Novell Web Server 3 / Perl 5 question:

8. Even I Was Amazed !

9. Perl on NetWare web server

10. NW-Web Server, PERL, how to...

11. Web and Perl front end to BIND?

12. CiscoSecure ACS admin tools

13. Switchview and Meridian Admin Tool