Skip to content
/ zonewatch Public

Increment the serial number in a DNS zone file if something changes

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Luflosi/zonewatch

BranchesTags

Repository files navigation

zonewatch

Increment the serial number in a DNS zone file if something changes

Generate a minimal zone file consisting only of an $ORIGIN and a $TTL directive, a SOA record and a number of $INCLUDE directives. When any of the included files change, the serial number is incremented and the DNS server reloaded.

This is useful if you want to have a zone file with some static parts (e.g. autogenerated or hand-written) and dynamic parts (e.g. dynamic DNS). Use dyndnsd with zonegen if you want DNS names for dynamic IP addresses.

Setup on NixOS

Take a look at nix/tests/NixOS-integration-test.nix for an example. You need to import the module and overlay provided by this flake.

I use this service only on NixOS but it should just work on other Linux distributions as well.

Manual installation and usage instructions (Non-NixOS) (probably incomplete)

  • Install a rust compiler
  • Compile the program from source with cargo build
  • Copy the binary into a sensible location like /usr/local/bin
  • Copy the systemd unit from systemd/zonewatch.service to /etc/systemd/system/zonewatch.service and adapt it to your needs
  • Copy the example configuration file to /etc/zonewatch/config.toml
  • Modify or add zones and includes in the configuration file
  • Enable and start the systemd unit
  • Set up a DNS server like BIND to read the generated zone file

zonewatch does not parse the existing zone file before overwriting it. Since reading zone files would require more effort and not provide the same consistency guarantees, all state is stored in an SQLite database and the files are recreated from scratch every time.

Important

This is one of my first Rust projects so the code will not look very idiomatic. If you have any suggestions for improvements, please do not hesitate to create an issue or even a PR! 🖤

If you would like to see any of the following TODO items implemented, please file an issue so I know that it is important to someone.

TODO

  • Add code to revert database migrations if the application is downgraded (e.g. after a NixOS rollback). The reversible migrations of SQLx seem to not work at all for this use-case
  • Set Read-Only file permissions for created zone files
  • Handle huge zone files by not reading each file into RAM to then pass it into the hash function but instead stream the file to the hash function
  • Test with DNS servers other than BIND
  • Log warning when a zone file $INCLUDEs another zone file as that file will not be monitored for changes
  • Log warning when a zone file is a symbolic link as that file will not be monitored for changes

License

The license is the GNU GPLv3 (GPL-3.0-only).

About

Increment the serial number in a DNS zone file if something changes

Topics

dns zone bind9 zonegen dyndnsd

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 Latest
Jun 8, 2024

Contributors 2

  •  
  •  

Languages