bind-cli
v0.1.9
Published
CLI interface for BIND DNS
Downloads
18
Maintainers
Readme
bind-cli
bind-cli
is a CLI client used to interact with a BIND DNS server.
It provides an interface for programmatic query, creation and deletion of DNS records and their zones.
It is intended to be stupidly simple.
Ideal for lab purposes.
Install
bind-cli
can be installed natively via NPM or consumed using a pre-built docker image.bind-cli
via NPM assumes that BIND is installed and configured on the local server (see BIND Installation).
Note: Usage via Docker pre-built image has BIND already configured and you can skip BIND Installation.
via NPM
bind-cli
requires that BIND - along with RNDC and NSUPDATE subsystems are configured on your system.
Once installed, bind-cli
can be leveraged directly via the bind-cli
shell command - see Usage below
npm install bind-cli --global
BIND Installation
Here is an example of a working BIND configuration (on Centos).
RNDC access is configured to be restricted to localhost.
BIND will also forward to 8.8.8.8
and 8.8.8.4
for dns queries without a local zone.
yum install bind bind-utils
Create /var/bind directory with correct permissions
mkdir -p /var/bind
chown named:named /var/bind
chmod 777 /var/bind
System conf files are crafted as follows;
/etc/named.conf
This is the base BIND server configuration, including upstream forwarders.
options {
directory "/var/bind";
session-keyfile "/var/bind/session.key";
allow-query { 0.0.0.0/0; };
allow-transfer { 0.0.0.0/0; };
allow-new-zones yes;
recursion yes;
forwarders {
8.8.8.4;
8.8.8.8;
};
dnssec-enable yes;
dnssec-validation yes;
};
include "/var/bind/named.conf.local";
/var/bind/named.conf.local
This configures additional BIND logging options, and specifies the RNDC key and scope (local only).
logging {
channel "default_syslog" {
file "/var/log/named.log" versions 3 size 5m;
severity debug;
};
category default { default_syslog; };
category general { default_syslog; };
category config { default_syslog; };
category security { default_syslog; };
category resolver { default_syslog; };
category xfer-in { default_syslog; };
category xfer-out { default_syslog; };
category notify { default_syslog; };
category client { default_syslog; };
category network { default_syslog; };
category update { default_syslog; };
category queries { default_syslog; };
category lame-servers { default_syslog; };
};
controls {
inet 127.0.0.1 allow { localhost; }
keys { dnsctl; };
};
key "dnsctl" {
algorithm hmac-md5;
secret "S9agqVPtjiI=";
};
/etc/rndc.conf
This configures a local shared-secret key for the RNDC client to interact with BIND.
The key name and secret must match those configured in /var/bind/named.conf.local
options {
default-server localhost;
default-key "dnsctl";
};
key "dnsctl" {
algorithm hmac-md5;
secret "S9agqVPtjiI=";
};
/var/bind/zonedb.json
This creates a blank database file used by bind-cli
to track zones and records.
{}
via Docker
exec (launch + persist)
This is where we start the container using docker run
with the required parameters set.
Subsequent commands are then issued using docker exec
commands.
Start the container in background attached to host network:
docker run -id --net host --name dns apnex/bind-cli
Then issue one or more docker exec
commands:
docker exec -t dns bind-cli <cmd>
Where:
<cmd>
is one of the available commands (see Usage)
Clean up docker container when done:
docker rm -f dns
See Usage for examples
bind-cli
is intended to be stupid simple with only a few <cmd>
.
One just needs to configure records - zone creation and deletion are handled automatically by the system.
<cmd>
record.create
record.delete
zone.list
record.import
record.export
Usage
bind-cli record.create
This command creates a new A
record and PTR
record for a given fqdn:addr
pair.
Forward and reverse zones will automatically be created if required.
command usage: record.create <name> <addr>
Where:
<name>
is the FQDN<addr>
is the ip-address used for the A and PTR records
Example:
bind-cli record.delete
This command deletes an A
record and PTR
record for a given fqdn
.
Forward and reverse zones will automatically be deleted if this results in an empty zone.
command usage: record.delete <name>
Where:
<name>
is the FQDN
Example:
bind-cli zone.list
zone.list
displays all configured zones and their records.
command usage: zone.list [ <filter> ]
Where:
<filter>
is the standard filter syntax
See Examples for additional informations.
Example:
Examples
Search and filter records
Display all zones and records
$ bind-cli zone.list
zone key ttl view type value
---------------------- --------------------------- ----- ---- ---- ---------------------------------------------
0.16.172.in-addr.arpa 0.16.172.in-addr.arpa. 86400 IN SOA ns1.lab. mail.lab. 102 3600 1800 604800 86400
0.16.172.in-addr.arpa 0.16.172.in-addr.arpa. 86400 IN NS ns1.lab.
0.16.172.in-addr.arpa 11.0.16.172.in-addr.arpa. 86400 IN PTR sddc.lab.
0.16.172.in-addr.arpa 13.0.16.172.in-addr.arpa. 86400 IN PTR vcsa.lab.
0.16.172.in-addr.arpa ns1.0.16.172.in-addr.arpa. 86400 IN A 172.17.0.1
10.16.172.in-addr.arpa 10.16.172.in-addr.arpa. 86400 IN SOA ns1.lab. mail.lab. 101 3600 1800 604800 86400
10.16.172.in-addr.arpa 10.16.172.in-addr.arpa. 86400 IN NS ns1.lab.
10.16.172.in-addr.arpa 15.10.16.172.in-addr.arpa. 86400 IN PTR nsxm.lab.
10.16.172.in-addr.arpa ns1.10.16.172.in-addr.arpa. 86400 IN A 172.17.0.1
lab lab. 86400 IN SOA ns1.lab. mail.lab. 103 3600 1800 604800 86400
lab lab. 86400 IN NS ns1.lab.
lab ns1.lab. 86400 IN A 172.17.0.1
lab nsxm.lab. 86400 IN A 172.16.10.15
lab sddc.lab. 86400 IN A 172.16.0.11
lab vcsa.lab. 86400 IN A 172.16.0.13
[ 15/15 ] entries - filter [ key: ]
Display all records within zone lab
Note: <filter>
defaults to key if no column specified
$ bind-cli zone.list lab
zone key ttl view type value
---- --------- ----- ---- ---- ---------------------------------------------
lab lab. 86400 IN SOA ns1.lab. mail.lab. 103 3600 1800 604800 86400
lab lab. 86400 IN NS ns1.lab.
lab ns1.lab. 86400 IN A 172.17.0.1
lab nsxm.lab. 86400 IN A 172.16.10.15
lab sddc.lab. 86400 IN A 172.16.0.11
lab vcsa.lab. 86400 IN A 172.16.0.13
[ 6/15 ] entries - filter [ key:lab ]
Display all records that contain lab
as part of key
Same output as above, but explicitly defining the column key
$ bind-cli zone.list key:lab
zone key ttl view type value
---- --------- ----- ---- ---- ---------------------------------------------
lab lab. 86400 IN SOA ns1.lab. mail.lab. 103 3600 1800 604800 86400
lab lab. 86400 IN NS ns1.lab.
lab ns1.lab. 86400 IN A 172.17.0.1
lab nsxm.lab. 86400 IN A 172.16.10.15
lab sddc.lab. 86400 IN A 172.16.0.11
lab vcsa.lab. 86400 IN A 172.16.0.13
[ 6/15 ] entries - filter [ zone:lab ]
Filter and display any records in zone:lab
that (regex) match the key string nsx
$ bind-cli zone.list zone:lab,key:nsx
zone key ttl view type value
---- --------- ----- ---- ---- ------------
lab nsxm.lab. 86400 IN A 172.16.10.15
[ 1/15 ] entries - filter [ zone:lab,key:nsx ]
$
License
MIT © Andrew Obersnel