10
0
Fork 0
mirror of https://github.com/ZeusWPI/ZNS.git synced 2024-11-21 21:41:10 +01:00

add zns-cli instruction

This commit is contained in:
Topvennie 2024-08-21 22:21:10 +02:00
parent 6ed4de8b44
commit 320c6892cb
No known key found for this signature in database

View file

@ -6,18 +6,18 @@ It gives all users who have a [Zauth](https://zauth.zeus.gent) account an own do
## General Information ## General Information
Creating/Updating your DNS records is only possible using dynamic DNS updating (DDNS, rfc2136). Creating/Updating your DNS records is only possible using dynamic DNS updating (DDNS, rfc2136).
It's an extension of DNS that lets you update your DNS records using the DNS protocol. It's an extension of DNS that lets you update your DNS records using the DNS protocol.
ZNS authenticates these update requests using SIG(0) (rfc2931). ZNS authenticates these update requests using SIG(0) (rfc2931).
This is another extension of DNS that defines a signature record. It is appended to the query and contains the signature of the original query and This is another extension of DNS that defines a signature record. It is appended to the query and contains the signature of the original query and
some other information like expiration time to prevent replay attacks. some other information like expiration time to prevent replay attacks.
The signature is created with the private key of the signer and validated on the server with the corresponding public key. The signature is created with the private key of the signer and validated on the server with the corresponding public key.
ZNS has 2 methods of validating the signature: ZNS has 2 methods of validating the signature:
- Using your SSH Keys in [Zauth](https://zauth.zeus.gent)
- Using a [DNSKEY record](https://datatracker.ietf.org/doc/html/rfc4034#section-2)
- Using your SSH Keys in [Zauth](https://zauth.zeus.gent)
- Using a [DNSKEY record](https://datatracker.ietf.org/doc/html/rfc4034#section-2)
## User Guide ## User Guide
@ -28,6 +28,11 @@ How to add an `A` record to `<your zauth username>.users.zeus.gent`.
Create an SSH key pair (or use an existing one). Currently, only ED25519 and RSA SSH key types are supported. Create an SSH key pair (or use an existing one). Currently, only ED25519 and RSA SSH key types are supported.
Add the public key to your Zauth account. Add the public key to your Zauth account.
### Step 1.5
Install `zns-cli`.
For exmaple for ubuntu `sudo apt-get install zns-cli`
### Step 2 ### Step 2
The (most) painless way for sending DNS update queries is using the `nsupdate` program. The (most) painless way for sending DNS update queries is using the `nsupdate` program.
@ -35,7 +40,7 @@ With `nsupdate -k keys`, you can pass it your keys. But `nsupdate` expects your
That's why there is a CLI (`zns-cli`) available that converts the OPENSSH private key format and creates `.key` and `.private` files corresponding with your public and private keys. That's why there is a CLI (`zns-cli`) available that converts the OPENSSH private key format and creates `.key` and `.private` files corresponding with your public and private keys.
And with some more info like the update ZONE (`username.users.zeus.gent`), the signing algorithm (ED25519 or RSA), ... And with some more info like the update ZONE (`username.users.zeus.gent`), the signing algorithm (ED25519 or RSA), ...
Execute: Execute :
```sh ```sh
zns-cli --key <path to private ssh key> --username <zauth username> zns-cli --key <path to private ssh key> --username <zauth username>
@ -49,7 +54,7 @@ Now you can run `nsupdate -k Kdns.private`.
> send > send
``` ```
This will add an A record to `username.users.zeus.gent`. This will add an A record to `username.users.zeus.gent`.
The message will be signed with the private key, and the server will try to validate by trying to find a valid public SSH key from your Zauth account. Matching the `username` given in the zone. The message will be signed with the private key, and the server will try to validate by trying to find a valid public SSH key from your Zauth account. Matching the `username` given in the zone.
The default expiration time with `nsupdate` is 5 minutes. The default expiration time with `nsupdate` is 5 minutes.
@ -57,7 +62,7 @@ That's it... not that hard, is it?
### Step 3 (Optional) ### Step 3 (Optional)
It is also possible to put your public key in a DNSKEY record instead of Zauth. In the previous step, `zns-cli` also generated a `.key` file. It is also possible to put your public key in a DNSKEY record instead of Zauth. In the previous step, `zns-cli` also generated a `.key` file.
This contains a DNSKEY resource record you can add to your zone using `nsupdate`. Now the signature can be validated directly using this record. This contains a DNSKEY resource record you can add to your zone using `nsupdate`. Now the signature can be validated directly using this record.
It's also possible to directly generate a DNSKEY record key pair using `dnssec-keygen`. It's also possible to directly generate a DNSKEY record key pair using `dnssec-keygen`.
@ -70,6 +75,7 @@ There are three crates available at the root of the repo.
`zns-daemon` is the server that handles DNS queries. `zns-daemon` is the server that handles DNS queries.
The following environment variables should be set (or stored in a `.env` file): The following environment variables should be set (or stored in a `.env` file):
``` ```
DATABASE_URL=postgres://zns@localhost/zns DATABASE_URL=postgres://zns@localhost/zns
ZAUTH_URL="https://zauth.zeus.gent" ZAUTH_URL="https://zauth.zeus.gent"