From b8625db0349a33164907fb61cf03ed8744134715 Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Mon, 25 Dec 2023 08:56:13 +0200 Subject: [PATCH] Various Christmas changes - Fixed missing dummy new registrar data preventing registrar update in panel. - Made database import to create audit table. - Updated status in readme. - Added a way to setup the hidden DNS master in the manual. --- README.md | 2 - automation/write-zone.php | 10 ++-- database/registry.mariadb.sql | 19 +++++++- database/registry.postgres.sql | 16 ++++++- docs/install.md | 84 ++++++++++++++++++++++++++++++++-- 5 files changed, 118 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 4072a2b..908b37b 100644 --- a/README.md +++ b/README.md @@ -15,8 +15,6 @@ We're on a mission to make **Namingo** the best it can be, and we need your expe We've completed the core development of Namingo, including WHOIS, DAS, EPP, RDAP servers, and control panel. The system handles 150,000 domains efficiently (on a VPS with 2 cores, 4GB of RAM, and a 100GB SSD) and has passed basic QA and security tests. -Our current focus is on implementing the launch phase extension as outlined in RFC8334. - We're currently in the phase of external testing and are aware that there might be bugs or incomplete features in the project. If you're able to identify and fix any issues, we encourage you to submit a pull request. If you're not sure how to fix an issue, please don't hesitate to report it to us, and we'll work on addressing it. Your contributions and feedback are valuable in helping us improve Namingo. For any inquiries or suggestions, feel free to reach out. ## Features diff --git a/automation/write-zone.php b/automation/write-zone.php index 1f70fc7..47da7d0 100644 --- a/automation/write-zone.php +++ b/automation/write-zone.php @@ -154,12 +154,12 @@ Coroutine::create(function () use ($pool, $log, $c) { } if ($c['dns_server'] == 'bind') { - exec("rndc reload .{$cleanedTld}", $output, $return_var); + exec("rndc reload {$cleanedTld}.", $output, $return_var); if ($return_var != 0) { $log->error('Failed to reload BIND. ' . $return_var); } - exec("rndc notify .{$cleanedTld}", $output, $return_var); + exec("rndc notify {$cleanedTld}.", $output, $return_var); if ($return_var != 0) { $log->error('Failed to notify secondary servers. ' . $return_var); } @@ -174,18 +174,18 @@ Coroutine::create(function () use ($pool, $log, $c) { $log->error('Failed to reload Knot DNS. ' . $return_var); } - exec("knotc zone-notify .{$cleanedTld}", $output, $return_var); + exec("knotc zone-notify {$cleanedTld}.", $output, $return_var); if ($return_var != 0) { $log->error('Failed to notify secondary servers. ' . $return_var); } } else { // Default - exec("rndc reload .{$cleanedTld}", $output, $return_var); + exec("rndc reload {$cleanedTld}.", $output, $return_var); if ($return_var != 0) { $log->error('Failed to reload BIND. ' . $return_var); } - exec("rndc notify .{$cleanedTld}", $output, $return_var); + exec("rndc notify {$cleanedTld}.", $output, $return_var); if ($return_var != 0) { $log->error('Failed to notify secondary servers. ' . $return_var); } diff --git a/database/registry.mariadb.sql b/database/registry.mariadb.sql index a5942fc..fbda5d5 100644 --- a/database/registry.mariadb.sql +++ b/database/registry.mariadb.sql @@ -821,7 +821,20 @@ INSERT INTO `registry`.`domain_restore_price` VALUES('2','2','50.00'); INSERT INTO `registry`.`registrar` (`name`,`clid`,`pw`,`prefix`,`email`,`whois_server`,`rdap_server`,`url`,`abuse_email`,`abuse_phone`,`accountBalance`,`creditLimit`,`creditThreshold`,`thresholdType`,`crdate`,`lastupdate`) VALUES('LeoNet LLC','leonet','$argon2id$v=19$m=131072,t=6,p=4$M0ViOHhzTWFtQW5YSGZ2MA$g2pKb+PEYtfs4QwLmf2iUtPM4+7evuqYQFp6yqGZmQg','LN','info@leonet.test','whois.leonet.test','rdap.leonet.test','https://www.leonet.test','abuse@leonet.test','+380.325050','100000.00','100000.00','500.00','fixed',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP); INSERT INTO `registry`.`registrar` (`name`,`clid`,`pw`,`prefix`,`email`,`whois_server`,`rdap_server`,`url`,`abuse_email`,`abuse_phone`,`accountBalance`,`creditLimit`,`creditThreshold`,`thresholdType`,`crdate`,`lastupdate`) VALUES('Nord Registrar AB','nordregistrar','$argon2id$v=19$m=131072,t=6,p=4$MU9Eei5UMjA0M2cxYjd3bg$2yBHTWVVY4xQlMGhnhol9MRbVyVQg8qkcZ6cpdeID1U','NR','info@nordregistrar.test','whois.nordregistrar.test','rdap.nordregistrar.test','https://www.nordregistrar.test','abuse@nordregistrar.test','+46.80203','100000.00','100000.00','500.00','fixed',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP); -INSERT INTO `registry`.`ticket_categories` (name, description) VALUES +INSERT INTO `registry`.`registrar_whitelist` (`registrar_id`, `addr`) VALUES +(1, '1.2.3.4'); +INSERT INTO `registry`.`registrar_whitelist` (`registrar_id`, `addr`) VALUES +(2, '5.6.7.8'); + +INSERT INTO `registry`.`registrar_contact` (`id`, `registrar_id`, `type`, `title`, `first_name`, `middle_name`, `last_name`, `org`, `street1`, `street2`, `street3`, `city`, `sp`, `pc`, `cc`, `voice`, `fax`, `email`) VALUES +(1, 1, 'owner', NULL, 'Test', NULL, 'Name', '', '', NULL, NULL, 'Lviv', '', '', 'ua', '', NULL, 'test@namingo.org'), +(2, 1, 'billing', NULL, 'Test', NULL, 'Name', '', '', NULL, NULL, 'Lviv', '', '', 'ua', '', NULL, 'test@namingo.org'), +(3, 1, 'abuse', NULL, 'Test', NULL, 'Name', '', '', NULL, NULL, 'Lviv', '', '', 'ua', '', NULL, 'test@namingo.org'), +(1, 2, 'owner', NULL, 'Test', NULL, 'Name', '', '', NULL, NULL, 'Lviv', '', '', 'ua', '', NULL, 'test@namingo.org'), +(2, 2, 'billing', NULL, 'Test', NULL, 'Name', '', '', NULL, NULL, 'Lviv', '', '', 'ua', '', NULL, 'test@namingo.org'), +(3, 2, 'abuse', NULL, 'Test', NULL, 'Name', '', '', NULL, NULL, 'Lviv', '', '', 'ua', '', NULL, 'test@namingo.org'); + +INSERT INTO `registry`.`ticket_categories` (`name`, `description`) VALUES ('Domain Transfer', 'Issues related to domain transfers between registrars'), ('Registration Errors', 'Errors or issues encountered during domain registration'), ('Billing & Payments', 'Questions or issues related to invoicing, payments, or account balances'), @@ -877,4 +890,6 @@ CREATE TABLE IF NOT EXISTS `registryTransaction`.`transaction_identifier` ( UNIQUE KEY `clTRID` (`clTRID`), UNIQUE KEY `svTRID` (`svTRID`), CONSTRAINT `transaction_identifier_ibfk_1` FOREIGN KEY (`registrar_id`) REFERENCES `registry`.`registrar` (`id`) ON DELETE RESTRICT -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci COMMENT='transaction identifier'; \ No newline at end of file +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci COMMENT='transaction identifier'; + +CREATE DATABASE IF NOT EXISTS `registryAudit`; diff --git a/database/registry.postgres.sql b/database/registry.postgres.sql index ff440d6..5b6bafb 100644 --- a/database/registry.postgres.sql +++ b/database/registry.postgres.sql @@ -1,7 +1,8 @@ CREATE SCHEMA registry; CREATE SCHEMA registryTransaction; +CREATE SCHEMA registryAudit; -SET search_path TO registry, registryTransaction, public; +SET search_path TO registry, registryTransaction, registryAudit, public; CREATE TABLE registry.launch_phases ( "id" SERIAL PRIMARY KEY, @@ -793,6 +794,19 @@ INSERT INTO registry.domain_restore_price VALUES (E'2',E'2',E'50.00'); INSERT INTO registry.registrar ("name", "clid", "pw", "prefix", "email", "whois_server", "rdap_server", "url", "abuse_email", "abuse_phone", "accountbalance", "creditlimit", "creditthreshold", "thresholdtype", "crdate", "lastupdate") VALUES (E'LeoNet LLC',E'leonet',E'$argon2id$v=19$m=131072,t=6,p=4$M0ViOHhzTWFtQW5YSGZ2MA$g2pKb+PEYtfs4QwLmf2iUtPM4+7evuqYQFp6yqGZmQg',E'LN',E'info@leonet.test',E'whois.leonet.test',E'rdap.leonet.test',E'https://www.leonet.test',E'abuse@leonet.test',E'+380.325050',E'100000.00',E'100000.00',E'500.00',E'fixed',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP); INSERT INTO registry.registrar ("name", "clid", "pw", "prefix", "email", "whois_server", "rdap_server", "url", "abuse_email", "abuse_phone", "accountbalance", "creditlimit", "creditthreshold", "thresholdtype", "crdate", "lastupdate") VALUES (E'Nord Registrar AB',E'nordregistrar',E'$argon2id$v=19$m=131072,t=6,p=4$MU9Eei5UMjA0M2cxYjd3bg$2yBHTWVVY4xQlMGhnhol9MRbVyVQg8qkcZ6cpdeID1U',E'NR',E'info@nordregistrar.test',E'whois.nordregistrar.test',E'rdap.nordregistrar.test',E'https://www.nordregistrar.test',E'abuse@nordregistrar.test',E'+46.80203',E'100000.00',E'100000.00',E'500.00',E'fixed',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP); +INSERT INTO registry.registrar_whitelist ("registrar_id", "addr") VALUES +('1', '1.2.3.4'); +INSERT INTO registry.registrar_whitelist ("registrar_id", "addr") VALUES +('2', '5.6.7.8'); + +INSERT INTO registry.registrar_contact (id, registrar_id, type, title, first_name, middle_name, last_name, org, street1, street2, street3, city, sp, pc, cc, voice, fax, email) VALUES +('1', '1', 'owner', NULL, 'Test', NULL, 'Name', '', '', NULL, NULL, 'Lviv', '', '', 'ua', '', NULL, 'test@namingo.org'), +('2', '1', 'billing', NULL, 'Test', NULL, 'Name', '', '', NULL, NULL, 'Lviv', '', '', 'ua', '', NULL, 'test@namingo.org'), +('3', '1', 'abuse', NULL, 'Test', NULL, 'Name', '', '', NULL, NULL, 'Lviv', '', '', 'ua', '', NULL, 'test@namingo.org'), +('1', '2', 'owner', NULL, 'Test', NULL, 'Name', '', '', NULL, NULL, 'Lviv', '', '', 'ua', '', NULL, 'test@namingo.org'), +('2', '2', 'billing', NULL, 'Test', NULL, 'Name', '', '', NULL, NULL, 'Lviv', '', '', 'ua', '', NULL, 'test@namingo.org'), +('3', '2', 'abuse', NULL, 'Test', NULL, 'Name', '', '', NULL, NULL, 'Lviv', '', '', 'ua', '', NULL, 'test@namingo.org'); + INSERT INTO registry.ticket_categories (name, description) VALUES ('Domain Transfer', 'Issues related to domain transfers between registrars'), ('Registration Errors', 'Errors or issues encountered during domain registration'), diff --git a/docs/install.md b/docs/install.md index 0363831..ecf0715 100644 --- a/docs/install.md +++ b/docs/install.md @@ -256,8 +256,6 @@ systemctl restart caddy **And now is the right time to import the provided database file for your database type using Adminer.** -**After that, please create a database called registryAudit.** - ## 7. Control Panel Setup: Use a file management tool or command line to copy the entire ```registry/cp/``` directory and place it into the web server's root directory, typically ```/var/www/```. The target path should be ```/var/www/cp/```. @@ -508,6 +506,86 @@ systemctl enable das.service After that you can manage DAS via systemctl as any other service. -## 14. Setup Monitoring: +## 14. Setup Hidden Master DNS with BIND: + +Although Namingo is equipped with BIND by default for this purpose, you can opt for NSD, or Knot DNS if you are more comfortable with those systems. + +### Install BIND9 and its utilities with: + +```bash +apt install bind9 bind9-utils bind9-doc +``` + +### Create Zone Directory: + +```bash +mkdir /etc/bind/zones +``` + +### Generate a TSIG key: + +Generate a TSIG key which will be used to authenticate DNS updates between the master and slave servers. + +```bash +cd /etc/bind +tsig-keygen -a HMAC-SHA256 test.key +``` + +The output will be in the format that can be directly included in your BIND configuration files. It looks something like this: + +```bash +key "test.key" { + algorithm hmac-sha256; + secret "base64-encoded-secret=="; +}; +``` + +Copy this output for use in the configuration files of both the master and slave DNS servers. (```/etc/bind/named.conf.local```) + +### Configure the Named Configuration File: + +Edit the named.conf.local file: + +```bash +nano /etc/bind/named.conf.local +``` + +Add the following zone definition: + +```bash +zone "test." { + type master; + file "/etc/bind/zones/test.zone"; + allow-transfer { key "test.key"; }; + also-notify { ; }; +}; +``` + +Replace `````` with the actual IP address of your slave server. + +Configure and start the ```write-zone.php``` automation script. + +### Check BIND9 Configuration: + +```bash +named-checkconf +named-checkzone test /etc/bind/zones/test.zone +``` + +### Restart BIND9 Service: + +```bash +systemctl restart bind9 +``` + +### Verify Zone Loading: + +Check the BIND9 logs to ensure that the .test zone is loaded without errors: + +```bash +grep named /var/log/syslog +``` + +## 15. Setup Monitoring: For effective monitoring of your registry system, we highly recommend utilizing either Zabbix or Prometheus. These powerful monitoring tools offer robust capabilities to ensure comprehensive oversight of your infrastructure. Zabbix is renowned for its versatility and extensive feature set, enabling detailed monitoring of numerous metrics across diverse environments. Alternatively, Prometheus stands out for its exceptional handling of time-series data, making it ideal for tracking rapidly changing metrics. Both tools offer customizable alerting systems, user-friendly interfaces, and are well-supported by extensive communities. Depending on your specific needs and the complexity of your setup, either Zabbix or Prometheus can be an excellent choice to maintain optimal performance and reliability of your systems. \ No newline at end of file