flo/nsupdate.info
1
0
Fork 0
Code Issues 1 Pull Requests 2 Packages Releases Activity
nsupdate.info/nsupdate/main/templates/main/generate_ns_secret.html
Thomas Waldmann 5fe8f13015 rename some model attributes, add migration 
Domain.domain to Domain.name
Host.subdomain to Host.name
BlacklistedDomain.domain to BlacklistedDomain.name_re
2014-09-21 22:31:26 +02:00

83 lines
3.7 KiB
HTML
Raw Blame History

{% extends "base.html" %}
{% load i18n %}{% load bootstrap %}
{% block content %}
<div class="row">
<div class="col-lg-12">
<div class="well">
<h3>{% trans "Nameserver Shared Secret Generated" %}</h3>
<p>{% trans "New nameserver shared secret generated for you. Everytime you visit this page a new secret will be generated and the old one becomes invalid." %}</p>
<p>{% trans "Algorithm:" %} <b>{{ object.get_bind9_algorithm }}</b></p>
<p>{% trans "Secret:" %} <b>{{ shared_secret }}</b></p>
</div>
</div>
</div>
<div class="row">
<div class="col-lg-12">
<div class="well">
<h3>{% trans "How to configure your bind9 nameserver to accept dynamic DNS updates?" %}</h3>
<pre>
// configuration snippet for bind 9 nameserver (put it into /etc/bind9/named.conf )
key "{{ object.name }}." {
// everyone who has this key may update this zone:
// must be same algorithm as in the Domain record of the nsupdate.info based service
algorithm {{ object.get_bind9_algorithm }};
// the secret is just a shared secret in base64-encoding, you don't need
// to use a special tool to create it. Some random in base64 encoding should
// be OK. must be same secret as in the Domain database record of the nsupdate.info based service
secret "{{ shared_secret }}";
};
zone {{ object.name }} {
type master;
// bind9 needs write permissions into that directory and into that file:
file "/etc/bind/zones/{{ object.name }}";
update-policy {
// these "deny" entries are needed for the service domain,
// if you add another domain, you may want to check the need
// for other "deny" entries if the zone is not fully available.
// we don't allow updates to the infrastructure hosts:
deny {{ object.name }}. name {{ object.name }};
deny {{ object.name }}. name www.{{ object.name }};
deny {{ object.name }}. name ipv4.{{ object.name }};
deny {{ object.name }}. name ipv6.{{ object.name }};
// but we allow updates to any other host:
grant {{ object.name }}. subdomain {{ object.name }};
};
};
</pre>
</div>
<div class="well">
<h3>How to setup the initial zone file?</h3>
<pre>
$ORIGIN .
$TTL 3600 ; 1 hour
; note: please fix SOA, NS, A, AAAA, MX as needed:
{{ object.name }} IN SOA ns1.{{ object.name }}. root.{{ object.name }}. (
2013123101 ; serial YYYYMMDDNN
7200 ; refresh (2 hours)
1800 ; retry (30 minutes)
604800 ; expire (1 week)
60 ; minimum (1 minute)
)
NS ns1.{{ object.name }}.
NS ns2.{{ object.name }}.
A 1.2.3.4
AAAA ::
MX 10 mail.{{ object.name }}.
$ORIGIN {{ object.name }}.
$TTL 3600 ; 1 hour
; note: the www, ipv4, ipv6 host entries are ONLY needed if you run the
; nsupdate.info service on these hosts. if you just want to add another
; domain that can be updated from an existing nsupdate.info service, you
; won't need these host records:
www A 1.2.3.4
AAAA ::1
ipv4 A 1.2.3.4
ipv6 AAAA ::1
</pre>
</div>
</div>
{% endblock %}
Reference in New Issue View Git Blame Copy Permalink