-
Notifications
You must be signed in to change notification settings - Fork 8
GettingStarted
This document assumes you have some experience using REST APIs. All examples assume you use TonicDNS on a Linux machine, and use MySQL as your backend database. Examples will use cURL, you can find this tool in probably all repositories.
Most of the other documentation is in the source files themselves. Look around in classes/*Resource.class.php. This document is by no means a complete reference on how to use TonicDNS, but it should provide enough examples to get you started and show you where to look for all possible methods.
- Install TonicDNS
- Setting config files
- Create TonicDNS user
- Request token
- Zone Templates
- Zones
- Records
- Arpa (reverse DNS)
- Error messages
See the install guide in Readme.md.
After copying the config files, change the DB_DSN, DB_USER and DB_PASS variables in database.conf.php to match the user and database you created for TonicDNS.
<?php
(snip)
const DB_DSN = "mysql:dbname=powerdns;host=localhost";
const DB_USER = "pdnsdbusername";
const DB_PASS = "pdnsdbpassword";
(snip)
const TOKEN_SECRET = "randomstrings";
(snip)
?>Also set TOKEN_SECRET to something random.
$ head -c 30 /dev/urandom | xxd -p
6397a8d8ee707726a837d04af94590752a49c24b07e979b5fe8ec460999bYou can create separate users to access TonicDNS.
You can create a TonicDNS user by inserting a row in the users table. First you need a MD5 hash of the password.
$ echo -n "mypassword" | md5sum
34819d7beeabb9260a5c854bc85b3e44 -Then execute this INSERT statement.
mysql> INSERT INTO users VALUES (NULL, 'sampleuser', '34819d7beeabb9260a5c854bc85b3e44','Sample full name','[email protected]','comment',0,0);
Query OK, 1 row affected (0.00 sec)Tokens are required for all REST requests that retrieve or modify. A token is created using the username and password of an existing TonicDNS user, which you prepared earlier.
Prepare a JSON file to request a token.
{
"username": "sampleuser",
"password": "samplepw"
}Send this request to /authenticate to request a token.
$ curl -k -X PUT https://localhost/authenticate -d @./token.json
{"username":"sampleuser","valid_until":1327146727,"hash":"efb9fc406a15bf9bdc60f52b36c14bcc6a1fd041","token":"efb9fc406a15bf9bdc60f52b36c14bcc6a1fd041"}This token will be valid until "1327146727", which equals to "2012-01-21 20:52:07". After the token has expired, request a new one using the same method. Tokens expire by default after 60 seconds. Every request that is executed with a given token refreshes that token, resetting its expiration to 60 seconds.
For exact request and response message formats and error codes, see AuthenticationResource.
The token must be passed as the x-authentication-token HTTP Header, to all resources that require it. Example usage with curl command,
$ curl -k -H "x-authentication-token:efb9fc406a15bf9bdc60f52b36c14bcc6a1fd041" \
-X GET https://localhost/someapi/:identifierZone templates are used to define the structure of a zone. When creating a zone, you can specify one or more templates to apply to it. This copies the records from the template to the new zone, and resolves any variables in the template. Currently, the only supported variable is "[ZONE]", which will be resolved to the name of the zone that is being created.
For exact request and response message formats and error codes, see TemplationResource.
- /template/:identifier
Prepare a JSON file (template.json).
{
"identifier": "sample1",
"description": "sample template",
"entries":
[
{
"name": "[ZONE]",
"type": "SOA",
"content": "ns.example.org hostmaster.example.org 2012020501 3600 900 86400 3600",
"ttl": 86400
},
{
"name": "[ZONE]",
"type": "NS",
"content": "ns.example.org",
"ttl": 86400
},
{
"name": "[ZONE]",
"type": "A",
"content": "10.0.0.100",
"ttl": 86400
},
{
"name": "[ZONE]",
"type": "MX",
"content": "mx.example.org",
"ttl": 86400,
"priority": 10
},
{
"name": "mx.[ZONE]",
"type": "A",
"content": "10.0.0.101",
"ttl": 86400
}
]
}Send template.json to URI "/template", using the HTTP PUT method.
$ curl -s -k -H "x-authentication-token: efb9fc406a15bf9bdc60f52b36c14bcc6a1fd041" \
-X PUT https://localhost/template \
-d @'./template.json'
trueRetrieves all existing zone templates or a specific existing zone template.
-
/template
- retrieving all existing DNS templates.
-
/template/:identifier
- retrieving a specific DNS template.
$ curl -s -k -H "x-authentication-token: efb9fc406a15bf9bdc60f52b36c14bcc6a1fd041" \
-X GET https://localhost/template
[
{"identifier":"sample1","entries":[
{"name":"example.org","type":"SOA","content":"ns.example.org hostmaster.example.org 2012020501 3600 900 86400 3600","ttl":"86400","priority":null},
{"name":"example.org","type":"NS","content":"ns.example.org","ttl":"86400","priority":null},
{"name":"ns.example.org","type":"A","content":"10.0.0.100","ttl":"86400","priority":null},
{"name":"example.org","type":"MX","content":"mx.example.org","ttl":"86400","priority":"10"},
{"name":"mx.example.org","type":"A","content":"10.0.0.101","ttl":"86400","priority":null}],"description":"sample template"},
{"identifier":"sample2","entries":[
{"name":"example.com","type":"SOA","content":"","ttl":"86400","priority":null},
{"name":"example.com","type":"NS","content":"ns.example.com","ttl":"86400","priority":null},
{"name":"example.com","type":"A","content":"192.168.0.100","ttl":"86400","priority":null}],"description":"sample2 template"}]$ curl -s -k -H "x-authentication-token: efb9fc406a15bf9bdc60f52b36c14bcc6a1fd041" \
-X GET https://localhost/template/sample1
{"identifier":"sample1","entries":[
{"name":"example.org","type":"SOA","content":"ns.example.org hostmaster.example.org 2012020501 3600 900 86400 3600","ttl":"86400","priority":null},
{"name":"example.org","type":"NS","content":"ns.example.org","ttl":"86400","priority":null},
{"name":"ns.example.org","type":"A","content":"10.0.0.100","ttl":"86400","priority":null},
{"name":"example.org","type":"MX","content":"mx.example.org","ttl":"86400","priority":"10"},
{"name":"mx.example.org","type":"A","content":"10.0.0.101","ttl":"86400","priority":null}],"description":"sample template"}Updating an existing DNS template. This method will overwrite the entire template.
- /template/:identifier
sample2-template.json
{
"identifier": "sample2",
"description": "sample2 template",
"entries":
[
{
"name": "[ZONE]",
"type": "SOA",
"content": "ns.example.com hostmaster.example.com 2012020501 3600 900 86400 3600",
"ttl": 86400
},
{
"name": "[ZONE]",
"type": "MX",
"content": "mx.[ZONE]",
"ttl": 86400,
"priority": 20
},
{
"name": "mx.[ZONE]",
"type": "A",
"content": "192.168.0.101",
"ttl": 86400
}
]
}Update specific template.
$ curl -s -k -H "x-authentication-token: efb9fc406a15bf9bdc60f52b36c14bcc6a1fd041" \
-X POST https://localhost/template/sample2 -d @./sample2-template.json
true- /template/:identifier
$ curl -s -k -H "x-authentication-token: efb9fc406a15bf9bdc60f52b36c14bcc6a1fd041" \
-X DELETE https://localhost/template/sample2
trueFor exact request and response message formats and error codes, see ZoneResource.
- /zone
Prepare a JSON file (zone.json).
{
"name": "example.org",
"type": "MASTER",
"master: null,
"templates":
[
{
"identifier": "sample1"
}
]
"records":
[
{
"name": "www.example.org",
"type": "A",
"content": "10.10.10.200",
"ttl": 86400
}
]
}$ curl -s -k -H "x-authentication-token: efb9fc406a15bf9bdc60f52b36c14bcc6a1fd041" \
-X PUT https://localhost/zone/ -d@./zone.json
true- /zone
$ curl -s -k -H "x-authentication-token: efb9fc406a15bf9bdc60f52b36c14bcc6a1fd041" \
-X GET https://localhost/zone
[
{"name":"example.net","type":"MASTER","master":null,"last_check":null,"notified_serial":2012020601},
{"name":"example.org","type":"MASTER","master":null,"last_check":null,"notified_serial":2012020501}
]- /zone/:identifier
$ curl -s -k -H "x-authentication-token: efb9fc406a15bf9bdc60f52b36c14bcc6a1fd041" \
-X DELETE https://localhost/zone/example.net
trueRecords are added and deleted using the Zone Resource. For exact request and response message formats and error codes, see ZoneResource. The Record Resource can be used to validate record messages, see RecordResource.
Insert records into an existing DNS zone.
- /zone/:identifier
Prepare a JSON file (records.json).
{
"records":
[
{
"name": "mx2.example.org",
"type": "A",
"content": "10.10.10.102"
},
{
"name": "example.org",
"type": "MX",
"content": "mx2.example.org",
"priority": 20
}
]
}$ curl -s -k -H "x-authentication-token: efb9fc406a15bf9bdc60f52b36c14bcc6a1fd041" \
-X PUT https://localhost/zone/example.org -d@./records.json
true- /zone/:identifier
$ curl -s -k -H "x-authentication-token: efb9fc406a15bf9bdc60f52b36c14bcc6a1fd041" \
-X GET https://localhost/zone/example.org
{"name":"example.org","type":"MASTER","records":[
{"name":"example.org","type":"SOA","content":"ns.example.org hostmaster.example.org 2012020501 3600 900 86400 3600","ttl":"86400","priority":null,"change_date":"1328449038"},
{"name":"example.org","type":"NS","content":"ns.example.org","ttl":"86400","priority":null,"change_date":"1328449038"},
{"name":"example.org","type":"MX","content":"mx.example.org","ttl":"86400","priority":"10","change_date":"1328449038"},
{"name":"example.org","type":"MX","content":"mx2.example.org","ttl":"86400","priority":"20","change_date":"1328449038"},
{"name":"mx.example.org","type":"A","content":"10.0.0.101","ttl":"86400","priority":null,"change_date":"1328449038"},
{"name":"mx2.example.org","type":"A","content":"10.10.0.102","ttl":"86400","priority":null,"change_date":"1328449038"},
{"name":"ns.example.org","type":"A","content":"10.0.0.100","ttl":"86400","priority":null,"change_date":"1328449038"},
{"name":"www.example.org","type":"A","content":"172.16.0.1","ttl":"86400","priority":null,"change_date":"1328449038"}]} Records cannot be updated. To achieve the same result, you must first delete a record, and then recreate it with the desired values.
Delete records from the zone.
- /zone/:identifier
{
"name": "example.org",
"records":
[
{
"name": "www.example.org",
"type": "A",
"content": "172.16.0.1"
}
]
}$ curl -s -k -H "x-authentication-token: efb9fc406a15bf9bdc60f52b36c14bcc6a1fd041" \
-X DELETE https://localhost/zone/ -d @./record.json
trueThe Arpa Resource can be used to conveniently manage reverse DNS. For exact request and response message formats and error codes, see ArpaResource.
You can retrieve single Arpa records by supplying its identifier (IP address), or query all Arpa records by providing a comma separated string of single IPs or IP ranges in CIDR notation: "1.2.3.4,2.3.4.0/24".
- /arpa/?query=1.2.3.4/24
- /arpa/:identifier
$ curl -s -k -H "x-authentication-token: efb9fc406a15bf9bdc60f52b36c14bcc6a1fd041" \
-X GET https://localhost/arpa/1.2.3.4
{"name":"4.3.2.1.in-addr.arpa","ip":"1.2.3.4","reverse_dns":"example.com","arpa_zone":"3.2.1.in-addr.arpa"}- /arpa/:identifier
Prepare a JSON file (arpa.json)
{
"reverse_dns": "example.org"
}$ curl -s -k -H "x-authentication-token: efb9fc406a15bf9bdc60f52b36c14bcc6a1fd041" \
-X PUT https://localhost/arpa/1.2.3.4 -d@./records.json
trueAs with Zone Records, to modify an Arpa record, delete and recreate it.
Delete an Arpa record.
- /arpa/:identifier
$ curl -s -k -H "x-authentication-token: efb9fc406a15bf9bdc60f52b36c14bcc6a1fd041" \
-X DELETE https://localhost/arpa/1.2.3.4
trueWhen an error occurs while executing any function, this will be reflected in the returned HTTP status code. The body of the response will also contain a JSON object containing a human readable error message, and a detailed array containing error codes.
{
"error": "Human Readable message",
"details":
[
{
"code": [ "AUTH_USERNAME_INVALID" ]
},
{
"code": [ "RECORD_BOTH_AAAA_TRAILINGDOT" ]
"id": 5
},
{
"code": [ "RECORD_LHS_CNAME_INVALID" ]
"id": 6
}
]
}The "id" property is only set by the Record validator in the case that a request is validated which contains multiple records. The id is zero based, and signifies for which record the given code(s) are relevant.
For all available codes, see codes.txt.