What you need:

• Bind 8 (or possibly 9); bind 4 is not supported. I understand it's possible to install bind without an "ndc" program, but I don't know why you'd do that; DynaBind requires the existence of "ndc".
• An Apache web server with PHP (as a module or CGI binary) installed. (Apache version immaterial; PHP must be at least v4.0)
• Perl (version 5.whatever or better).

To install it:

1. BACK UP ALL YOUR ZONE FILES! I cannot stress this enough. DynaBind has been rigorously tested, but the remote possibility of it screwing something up exists, and you can't be too careful. It doesn't write to anything BUT zone files, so they're all you have to worry about.

2. Move this directory (the one that tar created) to somewhere under your web server's DocumentRoot.

3. Rename the directory to whatever you like.

4. Move the files "zonechange.pl", "cookies", "users", and "zones" to a more secure directory. They shouldn't be put under DocumentRoot or be available via any URL. Just remember where you put them so you can tell config.phtml where to find them. Examples might be "/opt/dynabind/" or "/home/httpd/dynabind/".

5. Make sure that "zonechange.pl" is SUID root (as root, do "chown root.root zonechange.pl; chmod 4755 zonechange.pl").

6. Make sure that "cookies", "users", and "zones" are owned & writable by your web server user and aren't world-readable (as root, do "chown nobody.nogroup cookies users zones; chmod 600 cookies users zones").

7. Edit config.phtml and set the values accordingly. They're self-explanatory.

8. Make sure ".phtml" is registered as a PHP file extension in your web server configuration.

9. Make sure your named.conf and zone files are world-readable (as root, do "chmod -R +r (named.conf file) (zone files directory)").

10. If you want, you can add another layer of authentication with the usual Apache method (a ".htaccess" file in the dynabind installation directory). I mean, this is a pretty sensitive program you don't want some 13-year-old script kiddie cracking his way into... not that it's possible. :)

11. Open the dynabind directory in your web browser and start administering. DynaBind comes with a pre-installed "admin" user (username: "admin" pass: "change") so you can log in as "admin" and set up users. Don't forget to change the administrator password! :) You might even want to add your own username as an administrator and then delete the "admin" user.

12. If you ever lose/forget the admin password, you can manually change the old line in, or add a new one to, the "users" file with a line like:

          (username):(encrypted password)
    

    and then put a line in "zones" like:

          (username):admin
    

    Be sure not to put any space before the username in either file.

13. Any line in the "zones" file that ends in ":admin" will make the username on that line an administrator.

14. Usernames are not permitted to have anything but letters, numbers, periods, and underscores in them.

What it does for users:

1. Reads the named.conf file to get a list of all valid zones.

2. Removes zones from the list that the user isn't allowed to edit.

3. Presents this list to the user.

4. When user selects a zone, all "A", "CNAME", and "PTR" records are read from its zone file and listed.

5. User selects whether to add a record or edit/delete an existing record and submits the form.

6. The program verifies the entry is valid for the given RR type.

7. The program changes the zone file accordingly, including incrementing the serial number, and sends it to the "zonechange.pl" script, which then replaces the existing zone file with it (this is one of the things suid is needed for). Note that serial numbers are always created using the ever-popular "YYYYMMDDXX" format (so 100 zone changes can be done per day) UNLESS that would mean creating a serial number less than the original one; in that case, the original serial is just incremented by one and used as the new one.

8. "zonechange.pl" then does an "ndc reload" command (this is the other thing suid is needed for).

9. User is returned to the zone modification screen and the zone file is re-read and displayed.

10. Repeat as necessary.

What it does for admins:

1. A link will appear on the main index.phtml page (if you have admin rights) to the admin page.

2. Either select an existing user or enter a new username in the lower form field and submit the form.

3. If you enter a new username and that username already exists, they won't be added as new; you'll just be editing the record for the pre-existing user.

4. In the multiple select box, choose all the zones you want this user to be able to access. If you want them to access them all but NOT be an administrator, just select all zones in the box. If you want them to be an administrator, turn on the checkbox labeled "Click here to make this user a full-fledged Administrator." If you want to change the user's password, enter it in both of the password fields; if you don't want to change it, just leave both password fields blank. Then, submit the form and the new user information will be saved.

5. There is no #5.

What it doesn't do:

• Absolutly NO error-checking is done on the resource records entered! This means you could put in a "CNAME" record with an IP in it or a "PTR" record that points the wrong way or any of a thousand other things that'll screw up your zone file. Use With Care. I'm sure I'll have to add such checking into it sooner or later, so I'll start working on it now... :)

• You can only change/add/delete one resource record at a time, and the name server is reloaded after every change ("ndc reload"). I can probably change this too, but it'll require a lot of reprogramming.

Contact Information

• Author's email: phee@isthisthingon.org
  (alternate if above isn't working: brett@fnord.org
  
• Homepage: http://www.isthisthingon.org/dynabind/
• ICQ #: 13130273