[Pdns-users] new pdns mysql web interface

Timo Witte timo.witte at googlemail.com
Fri Sep 30 18:29:55 UTC 2011


> Timo Witte wrote:
> 
> [http://code.google.com/p/powerdns-webinterface/]
> 
>>>> It looks nice, but i noticed that the created users can freely
>>>> create domains, it would be nice if users can be assigned domains
>>>> they can modify , but not necessarily create new ones.
>>>
>>> Yes, that would be nice.
>>> But that's a whole new story - powerdns is only delivering the
>>> DNS-content from the backend, SQL-backend is merely a way to
>>> store the records, and the webfrontend is merely a webfrontend
>>> so a user doesn't need to manually enter SQL syntax. And the
>>> user administration is a mere way to ensure that not just anybody
>>> can change data, and that no password needs to be shared between
>>> administrators and urgently changed when an administrator leaves.
>>>
>>> What you are asking for is a full-blown DNS provisioning platform
>>> with rights delegation and multi-client capabilities.´
> 
>> actually i took a step in that direction and coded the requested
>> feature. It is already in the git repository:
>> http://code.google.com/p/powerdns-
>> webinterface/source/detail?r=b8417de89b912225f91d9900d2eb1b6fd8f203f2
>>
>> I want to push this project to a full-blown DNS Webplatfom, but i think
>> it´s one step at a time.. The next step would be, to introduce a finer
>> grained permission system in the backend, to allow "reseller" users and
>> so on.
> 
> Real "reseller"-capability is the most difficult thing I'd say. 
> 
> Why?
> 
> Having two completeley independent resellers on one DNS platform
> brings the possibility that you may have to move one domain from
> one reseller to another one.
> But therefore, you most likely need two independent sets of 
> authoritative nameservers: The one with the content from the 
> current domain owner, and another set already delivering the 
> new domain holders' contents - because how could an automated 
> system possibly know without superuser-interaction (this can't
> be done by one of the resellers for ovious reasons), which of 
> the resellers' version of the domain is to be delivered right now.
Yes, you are right,
currently the system is build to run from just one database with one dns
server.
If you want to manage multiple different dns servers, we have to implement

1. the user/right management sepperated from the records / domains (easy)
2. a management for the different (remote) dns servers (would take a
little time but would be easy)
3. a relation between the domains and the corresponding dns/mysql server
they should be changed on. (easy)

So if they have different DNS Servers the version delivered is the one
the registry points to, because the other dns server is never asked by
any user.

But, if both resellers use the same DNS Server, it would get a little
complicated, because you can´t tell when the domain should be moved. I
solution for this would be a "active" flag for the domain. So only 1
user can have there domian configuration "active" at a time. If the
second user tries to "activate" the domain he has to ask the old owner
to deactivate it first.
The changes for this solution are minimal, because it´s just 1 flag and
a little code + allow the second user to create the same domain in their
interface in a deactivated state. (Domain are unique for a User not
System unique, but only one user can have the "activated" flag)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20110930/722782db/attachment-0001.sig>


More information about the Pdns-users mailing list