The Network People Support Forums

NicToolClient Changes are mainly code cleanups:

• HTML 5 validation
• validating the CSS and Javascript
• replaced huge swaths of 20th century HTML markup with HTML 5 and CSS
• rewrote much of the perl from OBF to tidy paragraph sized subs
• separated much of the perl from the HTML in the .cgi files. Makes both easier to maintain.
• index.cgi honors valid cookies, so login sessions are preserved

NicToolServer changes

• fixed a problem where records from deleted zones were sometimes published
• rewrote SQL queries so they look like SQL
• improved the nameserver export status messages
• added additional tests

See the changes pages for more details:

• http://www.nictool.com/download/NicToolClient.shtml (http://www.nictool.com/download/NicToolClient.shtml)
• http://www.nictool.com/download/NicToolServer.shtml (http://www.nictool.com/download/NicToolServer.shtml)

Download from the tnpi store: http://www.tnpi.net/cart/index.php?downloads=1 (http://www.tnpi.net/cart/index.php?downloads=1)

Hi,

I found a bug in NicTool-2.12:

After changing a parameter of the zone (e.g. NS-set, mailaddr etc.) the NicToolServer build a wrong SQL-Statement:

UPDATE nt_zone SET nt_group_id = '1',mailaddr = 'hostmaster.mcs.de.',description = '',serial = 'refr
esh' WHERE nt_zone_id = '11'


As you can see the field 'serial' get the string "refresh", this results in a serial 0.


Any idea whats wrong??


Cheers
Christian

Possibly a relation to this error:

I get sometimes an alert in the browser (three different alerts), whan I change a record:

* could not get element id: tr_weight
* could not get element id: tr_priority
* could not get element id: tr_other


Cheers
Christian

Log-Entry in NicTool for this change:

   changed serial from '0' to 'refresh', changed zone from 'test1.mcs' to 'nameservers', changed mailaddr from 'hostmaster.ZONE.TLD.' to 'hostmaster.mcs.de.'


...

I'm taking a look into the zone editing error. I know about the JavaScript error (I discovered it a day after release), but it's merely annoying.

Here is the fix for the JavaScript errors.
https://github.com/msimerson/NicTool/commit/c925ff44dd37c6182cb47a297dc3d98c9be9768a (https://github.com/msimerson/NicTool/commit/c925ff44dd37c6182cb47a297dc3d98c9be9768a)

And now a fix for the zone editing problem is on github as well. The solution is in nictoolclient, htdocs/zone.cgi:


@@ -140,22 +142,27 @@ sub do_edit_zone {
         return;
     };

-    my @fields = qw/ nt_zone_id nt_group_id zone nameservers
-        description mailaddr serial refresh retry expire ttl minimum /;
-    my %data = map { $_ => $q->param($_) } @fields;
+    my @fields = qw/ nt_zone_id nt_group_id zone description
+                     mailaddr serial refresh retry expire ttl minimum /;
+    my %data;
+    foreach ( @fields ) {
+        next if ! defined $q->param($_);
+        $data{$_} = $q->param($_);
+    };
     $data{'nameservers'} = join( ',', $q->param('nameservers') );


https://github.com/msimerson/NicTool/commit/7a019f78043cd11b9a0152a5ae4239b83d31d0a9 (https://github.com/msimerson/NicTool/commit/7a019f78043cd11b9a0152a5ae4239b83d31d0a9)

Thanks for the patches - looks good :-)

But if I change something of the basic zone data like Refresh etc. or changing the nameserver-set, the serial will not increased. The logfile says:

modified    zone       final1.mcs   nothing modified

but I delete one of the nameserver from the set. Looks like the zone_edit doesnt notice correctly that the NS-set was changed.


Adding/editing/deleting a RR the serial increase as expected.

Can you please check this ??

Cheers
Christian

Hi,

when I delete a RR and click "recover" from the log-entry, I get just an empty form for a new record, but 'recover' should mean that the NicTool presents me the old entry.

Cheers
Christian

It turns out this was a feature. :)  NicTool has never (at least not since 2.00 incremented the serial number when zone properties or nameservers are altered.

I believe that is contrary to what most people expect, so I have added the requisite code to implement this.

Sorry the patch is so long, I also rewrote the serial # incrementing logic and added tests for it.

https://github.com/msimerson/NicTool/commit/de0b21c89442e7c2a30693773185d8b898c16175 (https://github.com/msimerson/NicTool/commit/de0b21c89442e7c2a30693773185d8b898c16175)

Fixed.

https://github.com/msimerson/NicTool/commit/33dabe8e3476d7ada73f2a8fdef9b077caffeb7a

Hi Matt,

me again :-)

When the User-Session for NicToolClient expired and the user try to click some of the links, an apache error 500 (Server Error) appears.

[Thu Jan 12 08:44:11 2012] [error] Can't use string ("1") as a HASH ref while "strict refs" in use at /var/www/NicToolClient/htdocs/group_zones.cgi line 57.\n



I know whats the problem, but the normal user cannot understand this.
In 2.07 you get the login-page with the alert "session expired".


Cheers
Christian

Hi Matt,

thanks for the great job! Now its as expected!

I check this functionality on our production-site with vers. 2.07 and found that the serial increase on every change:
* add/modify/delete a record
* modify the properties like Retry/Refresh etc
* modify the nameserver-set (adding/deleting nameservers to/from the zone)

:-)


Cheers
Christian

Ah, right you are.

I looked it over again, to see just how that could be. It turns out that the serial number incrementing logic depended on the serial # being passed in the request from NicToolClient to NicToolServer as an empty string. Not an undef, not an undefined key, but a defined key with a value of empty string. No other value would work. NicToolClient passed in that value as an empty string as a byproduct of how CGI.pm treats undefined parameters. And so, it actually worked when NicToolClient submitted the request.

But not when the API submitted it, or even the test suite. The tests made alterations to the zone properties and nameservers and expected the result to come back without having bumped the serial. And they did. Hence my initial belief that NicToolServer never incremented the serial for those operations.

My changes to NicToolServer ignore any serial value sent in the request and increment the serial value that's stored in the database if any change is made.

Hi,

I need the underscore in a dns-label for DKIM, but NicTool reject this record due to RFC1035.

I think it's the best way to allow this character in the sanity-check?

Cheers
Christian

Hi Christian,

Please post an example or two of the DKIM records that *should* be allowed but currently are not.

If you want to help me and speed up the process, provide:

• example RRs that are valid (to add to NicToolServer's test suite)
• pointers to the relevant RFC which demonstrate the validity of the example records

My goal for NicTool is to allow every valid DNS RR, and to reject every invalid one. RFC 1035 is fairly old, fairly strict, and there's already a bunch of exceptions codified into NicTool. I imagine there's more lurking.

Can you provide me with a browser/OS combo that exhibits this behavior?  I always get redirected to the NicTool login page.

Hi Matt,

I used the DKIM-Creationtool from http://www.dnswatch.info/dkim/create-dns-record and build an example for tnpi.net :-)

mail2012._domainkey.tnpi.net IN TXT "v=DKIM1; p=-----BEGINPUBLICKEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFTOTS2cqE974AL+M1JZkSWZR+WkRuaKBm++h/h29sO4XCsK/OpIVHh6pvlu0I4LHEKxkJTffz5Uz8X9BqAlW26HL1JC5oX3jPkvA/S+2QZlj+zOWTMDEU8/h+H9cyDb9qrdOfzE0B0Zv2DsXmmgABQcN5VsYaATMrPSzVDTmDgQIDAQAB-----ENDPUBLICKEY-----; t=y"


The official RFC: 6376

Please have a look at 3.6.2.1:

3.6.2.1. Namespace

   All DKIM keys are stored in a subdomain named "_domainkey".  Given a
   DKIM-Signature field with a "d=" tag of "example.com" and an "s=" tag
   of "foo.bar", the DNS query will be for
   "foo.bar._domainkey.example.com".


Cheers
Christian

Thanks Christian!

And here's your patch:

https://github.com/msimerson/NicTool/commit/9e5af085fb2dc96194409363f1274e3745b94275

This may help:

https://github.com/msimerson/NicTool/commit/f4c1ab908d7e9eae86fea9f68d6088d86aebce54

As I said before, it works for me. If this doesn't fix it for you, provide me with enough details that I can replicate the problem.

Thanks for the quick service :-)


Do you intend to release a new version with all the patches included?


Cheers
Christian

You bet. I'd like to track down the Apache 500 problem you have as well.  As soon as I have a patch for that applied, I'll roll up 2.13 and release.

Hmmmm

Just replicate this problem with:

MacOSX 10.7.2
Firefox 9.0.1


Now I will apply your patches and report the result to you.


Cheers
Christian

Hi Matt,

I want to search for a record in a selected zone, there is no matching record (exact match is NOT marked).

This is the result:

     Illegal modulus zero at /var/httpd/servers/dns.gay-web.de/NicToolClient/lib/NicToolClient.pm line 628.


Could you please recheck this fact?


Cheers
Christian

Hi Matt,


works fine now...... :-)


Cheers
Christian

Fixed.

https://github.com/msimerson/NicTool/commit/147eeb605163c6be39405a503c54c2121f94d39d

The changes to NicToolClient.pm are the only ones required for this fix.

Thanks !!

This patch is already included in 2.13 ?


Cheers
Christian

Yes.