mirror of
https://github.com/ZeusWPI/ZNS.git
synced 2024-11-21 21:41:10 +01:00
add zns-cli instruction
This commit is contained in:
parent
6ed4de8b44
commit
320c6892cb
1 changed files with 14 additions and 8 deletions
22
README.md
22
README.md
|
@ -6,18 +6,18 @@ It gives all users who have a [Zauth](https://zauth.zeus.gent) account an own do
|
||||||
|
|
||||||
## General Information
|
## General Information
|
||||||
|
|
||||||
Creating/Updating your DNS records is only possible using dynamic DNS updating (DDNS, rfc2136).
|
Creating/Updating your DNS records is only possible using dynamic DNS updating (DDNS, rfc2136).
|
||||||
It's an extension of DNS that lets you update your DNS records using the DNS protocol.
|
It's an extension of DNS that lets you update your DNS records using the DNS protocol.
|
||||||
|
|
||||||
ZNS authenticates these update requests using SIG(0) (rfc2931).
|
ZNS authenticates these update requests using SIG(0) (rfc2931).
|
||||||
This is another extension of DNS that defines a signature record. It is appended to the query and contains the signature of the original query and
|
This is another extension of DNS that defines a signature record. It is appended to the query and contains the signature of the original query and
|
||||||
some other information like expiration time to prevent replay attacks.
|
some other information like expiration time to prevent replay attacks.
|
||||||
|
|
||||||
The signature is created with the private key of the signer and validated on the server with the corresponding public key.
|
The signature is created with the private key of the signer and validated on the server with the corresponding public key.
|
||||||
ZNS has 2 methods of validating the signature:
|
ZNS has 2 methods of validating the signature:
|
||||||
- Using your SSH Keys in [Zauth](https://zauth.zeus.gent)
|
|
||||||
- Using a [DNSKEY record](https://datatracker.ietf.org/doc/html/rfc4034#section-2)
|
|
||||||
|
|
||||||
|
- Using your SSH Keys in [Zauth](https://zauth.zeus.gent)
|
||||||
|
- Using a [DNSKEY record](https://datatracker.ietf.org/doc/html/rfc4034#section-2)
|
||||||
|
|
||||||
## User Guide
|
## User Guide
|
||||||
|
|
||||||
|
@ -28,6 +28,11 @@ How to add an `A` record to `<your zauth username>.users.zeus.gent`.
|
||||||
Create an SSH key pair (or use an existing one). Currently, only ED25519 and RSA SSH key types are supported.
|
Create an SSH key pair (or use an existing one). Currently, only ED25519 and RSA SSH key types are supported.
|
||||||
Add the public key to your Zauth account.
|
Add the public key to your Zauth account.
|
||||||
|
|
||||||
|
### Step 1.5
|
||||||
|
|
||||||
|
Install `zns-cli`.
|
||||||
|
For exmaple for ubuntu `sudo apt-get install zns-cli`
|
||||||
|
|
||||||
### Step 2
|
### Step 2
|
||||||
|
|
||||||
The (most) painless way for sending DNS update queries is using the `nsupdate` program.
|
The (most) painless way for sending DNS update queries is using the `nsupdate` program.
|
||||||
|
@ -35,7 +40,7 @@ With `nsupdate -k keys`, you can pass it your keys. But `nsupdate` expects your
|
||||||
That's why there is a CLI (`zns-cli`) available that converts the OPENSSH private key format and creates `.key` and `.private` files corresponding with your public and private keys.
|
That's why there is a CLI (`zns-cli`) available that converts the OPENSSH private key format and creates `.key` and `.private` files corresponding with your public and private keys.
|
||||||
And with some more info like the update ZONE (`username.users.zeus.gent`), the signing algorithm (ED25519 or RSA), ...
|
And with some more info like the update ZONE (`username.users.zeus.gent`), the signing algorithm (ED25519 or RSA), ...
|
||||||
|
|
||||||
Execute:
|
Execute :
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
zns-cli --key <path to private ssh key> --username <zauth username>
|
zns-cli --key <path to private ssh key> --username <zauth username>
|
||||||
|
@ -49,7 +54,7 @@ Now you can run `nsupdate -k Kdns.private`.
|
||||||
> send
|
> send
|
||||||
```
|
```
|
||||||
|
|
||||||
This will add an A record to `username.users.zeus.gent`.
|
This will add an A record to `username.users.zeus.gent`.
|
||||||
The message will be signed with the private key, and the server will try to validate by trying to find a valid public SSH key from your Zauth account. Matching the `username` given in the zone.
|
The message will be signed with the private key, and the server will try to validate by trying to find a valid public SSH key from your Zauth account. Matching the `username` given in the zone.
|
||||||
The default expiration time with `nsupdate` is 5 minutes.
|
The default expiration time with `nsupdate` is 5 minutes.
|
||||||
|
|
||||||
|
@ -57,7 +62,7 @@ That's it... not that hard, is it?
|
||||||
|
|
||||||
### Step 3 (Optional)
|
### Step 3 (Optional)
|
||||||
|
|
||||||
It is also possible to put your public key in a DNSKEY record instead of Zauth. In the previous step, `zns-cli` also generated a `.key` file.
|
It is also possible to put your public key in a DNSKEY record instead of Zauth. In the previous step, `zns-cli` also generated a `.key` file.
|
||||||
This contains a DNSKEY resource record you can add to your zone using `nsupdate`. Now the signature can be validated directly using this record.
|
This contains a DNSKEY resource record you can add to your zone using `nsupdate`. Now the signature can be validated directly using this record.
|
||||||
|
|
||||||
It's also possible to directly generate a DNSKEY record key pair using `dnssec-keygen`.
|
It's also possible to directly generate a DNSKEY record key pair using `dnssec-keygen`.
|
||||||
|
@ -70,6 +75,7 @@ There are three crates available at the root of the repo.
|
||||||
`zns-daemon` is the server that handles DNS queries.
|
`zns-daemon` is the server that handles DNS queries.
|
||||||
|
|
||||||
The following environment variables should be set (or stored in a `.env` file):
|
The following environment variables should be set (or stored in a `.env` file):
|
||||||
|
|
||||||
```
|
```
|
||||||
DATABASE_URL=postgres://zns@localhost/zns
|
DATABASE_URL=postgres://zns@localhost/zns
|
||||||
ZAUTH_URL="https://zauth.zeus.gent"
|
ZAUTH_URL="https://zauth.zeus.gent"
|
||||||
|
|
Loading…
Reference in a new issue