CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Advanced:
Remote DNS Management

 



mrcactu5
Novice

Jan 14, 2009, 11:16 AM

Post #1 of 8 (1463 views)
Remote DNS Management Can't Post

I wanted to know if there are standard ways of remotely managing dns zones. Perhaps it is possible to enter resource records through an online form using a Perl script embedded in the cgi-bin folder.

Attempts in this vein have been successful except for some permissions issues. We wrote one script listing all the Name server's properties - it works fine in the command line, but DNS hides certain information if we access it through the web. More than likely, there are permissions issues in running a server-side perl script from the web. We just don't know which permissions issues.

Are there other approaches?


FishMonger
Veteran / Moderator

Jan 14, 2009, 12:44 PM

Post #2 of 8 (1461 views)
Re: [mrcactu5] Remote DNS Management [In reply to] Can't Post

I have not used it myself, but you might want to look at Provision::Unix::DNS
http://search.cpan.org/~msimerson/Provision-Unix-0.35/lib/Provision/Unix/DNS.pm


mrcactu5
Novice

Jan 15, 2009, 6:42 AM

Post #3 of 8 (1453 views)
Re: [FishMonger] Remote DNS Management [In reply to] Can't Post

Yeah, too bad I'm using Windows 2003.

If I store a perl script ("code.pl") in the cgi-bin folder on my server, I can run it on the command prompt on the server itself. Or I can go on another computer and enter

Code
"http://192.168.0.123/cgi-bin/code.pl"

and in the browser. In this case, the output will be restricted in some ways.

So on command line, if I ask the name of my DNS Server it says

Code
 Name 
Value => Server

so the name is "Server", but via the web it just says

Code
 Name 
Value =>

So, DNS is hiding information when I try to access via the web. What's going on here? I know it's some kind of permissions issue.


FishMonger
Veteran / Moderator

Jan 15, 2009, 6:58 AM

Post #4 of 8 (1452 views)
Re: [mrcactu5] Remote DNS Management [In reply to] Can't Post

Please post your code.


mrcactu5
Novice

Jan 15, 2009, 7:26 AM

Post #5 of 8 (1448 views)
Re: [FishMonger] Remote DNS Management [In reply to] Can't Post

Exhibit A, the Perl/WMI script which returns DNS properties (it's adapted from a book):

Code
print "content-type: text\n\n"; 

use Win32::OLE 'in';
$Win32::OLE::Warn = 3;

# ------ SCRIPT CONFIGURATION ------
$strServer = '192.168.0.123'; # e.g. dns1.rallencorp.com
# ------ END CONFIGURATION ---------

# Instantiate a WMI object for the target server
$objLocator = Win32::OLE->new("WbemScripting.SWbemLocator");
$objDNS = $objLocator->ConnectServer($strServer, 'root\\MicrosoftDNS' );
# Get an instance of the MicrosoftDNS_Server class
$objDNSServer = $objDNS->Get('MicrosoftDNS_Server.Name="."');

# Iterate over each property using Properties_
print $objDNSServer->Properties_->Item('Name')->Value . ':', "\n";
foreach my $objProp (in $objDNSServer->Properties_) {
print $objProp->Name, "\n";
for my $k (keys %{$objProp}) {
print "\t", "$k => ${$objProp}{$k}", "\n";
}
}

The output if I run it on command line is:

Code
E:\blah>perl dnsProperties.pl 

Name
Value => server
Name => Name
IsLocal => 1
Origin => CIM_ManagedSystemElement
CIMType => 8
Qualifiers_ => Win32::OLE=HASH(0x1bbc2ac)
IsArray => 0

Now let's run the same code on another computer in the LAN, but DNS now hides the value of "Name":

Code
http://mysite.com/cgi-bin/dnsProperties.pl 

Name
Value =>
Name => Name
IsLocal => 0
Origin => CIM_ManagedSystemElement
CIMType => 8
Qualifiers_ => Win32::OLE=HASH(0x193dfac)
IsArray => 0

In all cases, names have been changed to protect the innocent. :-)


FishMonger
Veteran / Moderator

Jan 16, 2009, 5:23 AM

Post #6 of 8 (1442 views)
Re: [mrcactu5] Remote DNS Management [In reply to] Can't Post

I don't have a Windows DNS server to test your code against, so I need a little more info.

What would be the expected value of
Value =>

Would it be '192.168.0.123' or 'dns1.rallencorp.com'?

How does that differ from the value of Name => Name

This may be a permissions issue as you suspect, so with that in mind, have you compared the permissions of the web server account against yours?


mrcactu5
Novice

Jan 16, 2009, 5:46 AM

Post #7 of 8 (1439 views)
Re: [FishMonger] Remote DNS Management [In reply to] Can't Post

"value =>" should be equal to "server". Anything after the # is just comments. I can show you an example without DNS.

How about a more basic question first. How does cgi-bin work? The server (in my case IIS) knows to run the program instead of presenting the code as a text file. So there must be some kind of session between a user from the outside world and the server, which should have restricted permissions. I'm sure the gory details are online somewhere.

Here is how severe the problem is. Let's ask Windows Server 2000 for my own name.


Code
 use Win32::OLE 'in'; 
print "content-type: text/html\n\n";
$strComputer = ".";
$objWMIService = Win32::OLE->GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\".$strComputer."\\root\\cimv2");
$colItems = $objWMIService->ExecQuery("Select * from Win32_ComputerSystem");

foreach $objItem (in $colItems) {
print "Computer Name: " . $objItem->Name . "\n";
print "User Name: " . $objItem->UserName ;
}


The output in the command line is:

Code
E:/blah>perl username.pl 

Computer Name: SERVER
User Name: SERVER\Administrator


If I go on the web and access the same file in cgi-bin we get blanks instead of "SERVER" and "SERVER\Administrator":

Code
http://mysite.com/cgi-bin/username.pl 

Computer Name:
User Name:

So accessing from the outside world, the computer (specifically Windows Management Instrumentation - WMI) won't even tell me its own name. Surely, this has to do with the permissions an external user has when accessing files in cgi-bin.

I don't know how to look them up or how to change them.


FishMonger
Veteran / Moderator

Jan 16, 2009, 6:31 AM

Post #8 of 8 (1437 views)
Re: [mrcactu5] Remote DNS Management [In reply to] Can't Post

I haven't used IIS for almost 10 years. I use apache and tested your username.pl test script which worked as expected.

This confirms that it's either a permissions or some other IIS config issue. Since I haven't used IIS in a long time, I may not be of much help in this case, but a forum that is dedicated to IIS would probably have a simple solution.

If you want to try apache, you can get it here: http://httpd.apache.org/docs/2.0/platform/windows.html#down

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives