GnuDIP Release 2.3.5++ - New Features and Changes Since Release 2.1.2

Server and Web Tool Operational Changes

Release 2.3.5++

• Made more bug fixes and minor upgrades to release 2.3.5 - without bumping the release number.

• Made changes to accomodate Perl 5.8.0 when using "-T".

• Removed all occurences "-T", "-w" and "use warnings;", in the hope of avoiding future problems with new releases of Perl.

• Removed the authors' names, E-mail addresses and web site names from all Perl source and web page source, except for the names (no E-mail or web sites) in the "credits.html" files, and the name of the legacy GnuDIP author in files that evolved directly from the legacy version.

Release 2.3.5++

• Made bug fixes and minor upgrades to release 2.3.5 - without bumping the release number!

• Completed support for tinydns. MX value for a tinydns domain must be an IP address.

• Removed the "release notes" page from the GUI.

Release 2.3.5

• Removed all links to the SourceForge web site.

• Replaced gnudip.gif with gnudip.jpg.

• The clients can now be downloaded from the "help" page.

Release 2.3.4

• Bug fixes and improvements to the code base.

• Added support for Client-Server updates using an HTTP adaptation of the update protocol.

• Worked with the author of DynSite to ensure that DynSite supports the new HTTP update protocol.

Release 2.3.3

Release 2.3.2

• Added support for operation behind NAT/IP masquerade box. Update server returns IP address to client if asked.

Release 2.3.1

• GnuDIP can now be run without mySQL, using normal UNIX files instead. As a by-product GnuDIP now has full database abstraction.

• A script ("gdipunld.pl") is included to dump the user database to a flat file. Corresponding to this a script ("gdipreld.pl") is included to reload the user database from a flat file.

• The Digest::MD5 Perl module is now optional. It will provide better performance than the pure Perl module that comes with GnuDIP.

• The BIND zone reload shell script in the "back end" example was enhanced to handle incrementing the zone serial number.

• Some small bugs were fixed.

Release 2.3.0

• As of release 2.3.0, GnuDIP was completely rewritten. There is little if any code left from release 2.1.2.

• Early releases of BIND and tinydns, which cannot be updated using nsupdate are supported using a set of "back end" scripts that interface with GnuDIP where nsupdate normally would.

• Under Release 2.1.2, information for one domain was kept in the "globalprefs" table using the "GNUDIP_DOMAIN" and "ALLOW_CHANGE_PASS preference names. All domain information is now kept in the "domains" table.

• Under Release 2.1.2, the name of the domain for use in Auto URL cookies had to provided in "System Settings", and was kept "globalprefs" table using the "COOKIE_DOMAIN" preference name. This manual intervention is no longer required.

• The web tool has greatly increased security. All pages contain a set of credentials (user name, user domain, hashed password, login id, time page generated) which are "signed" using a key known only to the GnuDIP server. The "logon id" is only generated from the GnuDIP login page.

  The GnuDIP administrator may specify a "Page Timeout" (in seconds) after which pages older than this interval may no longer be used. This does not apply to adminstrator accounts.

  It is now impossible to "spoof" the web interface into updating the IP address using a single link to an URL - particluary when time outs are used.

  This was implemented to discourage the use of poorly designed user-written update clients that abuse the GnuDIP server.

• The "HEADER_FILE" preference is no longer used. It has been replaced by the "header_file" and "trailer_file" options in gnudip.conf. These files of HTML are included at the beginning and end of every page.

• There is a new "Require and Validate E-mail" system preference. When this is on, a user must provide an E-mail address during self-registration. An E-mail is sent to the address provided. The E-mail contains a "signed" URL which may be used to create a user with the information the user entered. In this way we are sure that the E-mail address provided is valid. When a user changes their E-mail addres, an E-mail is again sent in order to validate that the address is valid.

• The web tool will now run under mod_perl Apache::Registry.

Release 2.2.0

• All updates to DNS servers are done using the DNS dynamic update protocol. Release 2.1.2 used the BIND "ndc reload" command to reload all zones on the DNS server at regular frequent intervals. In a high load environment, this was problematic. With support for incremental zone transfer and dynamic update forwarding now available in BIND Release 9.1.1, reloading zones is no longer necessary. The BIND "nsupdate" command is used for this.

  This also means that DNS changes occur immediately.

  The nsupdate command line and the DNS TTL value to use can be specified globally, or for specific domains. In this way different TSIG keys may be used with each domain. The DNS servers do not need to be on the same computer as GnuDIP. These DNS servers do not need to be running BIND, so long as they support the dynamic DNS protocol.

• The GnuDIP dynamic IP update server now runs under INETD or XINETD, rather than stand-alone. This allows the server to be controlled with regard to access by IP address and load on the system. It also simplifies the code dramatically - reducing the risk of code error and making maintenance easier.

• Under Release 2.1.2 the relationship of user names to the GnuDIP domains could be specified as either "GLOBAL" or "INDIVIDUAL". For GLOBAL, each user name applied to every GnuDIP domain, and an update to the IP address of a user affected every GnuDIP domain. This is problematic when real-time dynamic DNS updates (not just for IP address A records but also wild card CNAME records and mail exchanger MX records) are being done. The GLOBAL option no longer exists. Related conversion issues are discussed in the installation notes.

• The IP addresses acceptable to the web tool must be specified. These would normally agree with those specified for the INET update server.

• DNS updates are only done if the IP address of the web user or IP update client program differs from the IP address in GnuDIP's mySQL database.

• All DNS updates done either by the Web Interface or via a Dynamic IP Update Client are logged to syslog. Release 2.1.2 logged to a seperate file, and did not log for the Web Interface.

• All GnuDIP system files are now contained within one file system directory. This directory may have any name and be located anywhere in the file system. The common subroutine library and configuration file are located relative to the executing program. The subdirectories of the GnuDIP directory are the familiar bin, cgi-bin, etc, lib and sbin. Basically, although still entirely written in Perl, GnuDIP Release 2.3 is packaged more like typical GNU autoconf-ed UNIX system software packages.

• The "Manage Users" button for administrative users now has an associated "User Pattern" text box in which the user may specify an SQL pattern match string ("%" matches zero or more characters and "_" matches one character) . This will restrict the set of users shown in the list. This is intended to make "Manage Users" more practical for sites with thousands of registered users. Note that if the text box is left blank, all users will be listed (if it ever comes back).

• The "Add User" button has been moved from "Manage Users" up to main administrative user page.

• The "Add Domain" button has been moved from "Manage Domains" up to main administrative user page.

• The "Auto URL" feature is now optional. Allowing Auto URL is likely to result in many unnecessary update attempts being sent to the GnuDIP server by users. If this option is "off" and an Auto URL update is attempted, the server removes any existing Auto URL cookie from the user's browser and presents a web page with an error message.

• A script ("gdipzone.pl") is included to scan the database and generate input for nsupdate to reload the zones. This could be used to ensure the GnuDIP database and DNS zones stay in agreement. This would correct for any mySQL, DNS server or other failures.

• A script ("gdipdlet.pl") is included to scan the database and generate input for nsupdate to delete any zone records for users whose IP address has not been updated for a specified number of days. Optionally, the users are also deleted from the database.

• A script ("gdipdbfix.pl") is included to bring the database into a self-consistent state after changes to global system settings.

• The installation process has been made less automatic, but at the same time less mysterious and easier to customize. The person setting GnuDIP up is given credit for some experience and understanding of Linux/UNIX. After all, to get GnuDIP running will require an understanding of BIND and mySQL.

Web Tool End User Enhancements

Release 2.3.5++

• An MX value for a domain served by tinydns must be an IP address, not a domain name.

• Removed the "release notes" page from the GUI.

Release 2.3.5

• Removed all links to the SourceForge web site.

• The clients can now be downloaded from the "help" page.

Release 2.3.4

Release 2.3.3

Release 2.3.2

Release 2.3.1

• Some minor changes were made to the Web interface to better indicate when changes have been accepted.

Release 2.3.0

• There is now a "Forgotten Password" button on the login page, which may be used to obtain a "Quick Login" URL by E-mail.

• There are new pages to support the new "Require and Validate E-mail" system preference.

• The "SHOW_DOMAINLIST" preference is now applied only to the login page. On all other pages the domain selection list is always shown rather than a text box.

• Pages may "time out" after a period of inactivity, if the GnuDIP administrator has configured this behaviour.

• All pages may be embedded within pages customized for the GnuDIP site.

Release 2.2.0

• When a user logs in through the main login page, a combination of Javascript and a Java applet are used to detect the IP address of the computer running the browser. This allows the true IP address to be detected even if the user is behind a proxy of some sort, or on a private network.

• There is now a "Delete Current User" option, which allows a user to delete their own user entry from the system.

• There is now a "Self Register" button on the login page, if self registration is enabled. This removes the need for a separate URL for self registration.

• There is now a "Set Quick Login URL" button on the user options page, which may be used to create a Netscape Bookmark or Internet Explorer Favourite, or when using Netscape or Internet Explorer under Windows, a Windows Desktop Shortcut by right-clicking on a link. The URL will take a user directly to the GnuDIP user options page, where they can update their IP address.

• A user may now select the option to have a wildcard DNS CNAME zone record for their domain. So for example they may put "www." in front of their domain name and have this resolve to the same IP address.

  The GnuDIP administrator must enable this option. The option may enabled globally or on a per-user basis.

• A user may now specify a domain to use as a mail exchanger on a DNS MX zone record. Mail Transfer Agents (MTA-s) will send E-mail for the user's domain to the mail exchanger domain host rather than the user's domain host. The user must make arrangements for the mail to be accepted there.

  The GnuDIP administrator must enable this option. The option may enabled globally or on a per-user basis.

• A user may specify that the mail exchanger is only for backup use. Another MX record with higher priority pointing at the user's domain host will be added. MTA-s will attempt to use the higher priority MX record first. If the user's domain host does not respond, the MTA will send to the mail exchanger host.

Client and Update Server Enhancements

Release 2.3.5++

• Bug fixes and minor upgrades - without bumping the release number!

Release 2.3.5

Release 2.3.4

• Bug fixes and improvements to the code base.

• Added support for Client-Server updates using an HTTP adaptation of the update protocol.

Release 2.3.3

• The command invoked when an address for a dynamic domain name changes is passed all IP addresses the client has validated as arguments.

• The client can invoke a command to supply the address to be registered. This provides an alternative to the client detecting the address at its end of the connection, or the server detecting the connection at the other end of its connection. A sample Perl script to use SNMP/MIB-2 to query an NAT gateway for its "external" address is provided.

Release 2.3.2

• The client uses UDP rather than TCP for validating IP addresses.

• The default timeout of 1 second for the arrival of address validation packets can be overridden to any value.

• The client only validates an address once.

• The client and update server support operation behind NAT/IP masquerade boxes. The client will send and receive on specified ports for address validation. The update server returns the IP address to the client.

• The client can run continually (in "daemon" mode), checking the address for validity at a specified interval. This interval can be any value, not just multiples of 1 minute, as for cron or Windows Task Scheduler.

• The client can invoke a command when an address for a dynamic domain name changes. This command could be used for example to reconfigure and reload a DNS server on the client machine.

Release 2.3.1

Release 2.3.0

• Several bugs and operational problems were fixed.

Release 2.2.0

• The client passes the IP address it detects at its end of the connection to the server. The server will use the address passed instead of the IP address of the computer that connected to the server. If no address is passed, the IP address of the computer that connected to the server will be used, so that old clients may still be used. This allows the true IP address to be detected even if the client is behind a proxy of some sort, or on a private network.

• The client now maintains the information for several GnuDIP domains in the same configuration file. Using "gdipc.pl -c" will replace any existing entry. To list the entries or delete an entry the user must use a text editor. There is one line per GnuDIP domain.

  There is also a new script, encpass.pl, which takes its plain text password argument and prints the encrypted version. This script faciliates manual modification of the configuration file.

• The format of the lines in the configuration file has changed. This is partly for compatibility with Windows file names. This is a sample configuration file:

  tester;gnudip;localhost;f5d1278e8109edd94e1e4197e04873b9;/root/.GnuDIP2.cache.tester.gnudip;0;60
  tester2;gnudip;localhost;179ad45c6ce2cb97cf1029e212046e81;/root/.GnuDIP2.cache.tester2.gnudip;0;2073600
  

• The client now endeavors not to abuse a GnuDIP server, and maintains a cache file for each GnuDIP domain towards this end. This is reflected in the user interface, of which this is a sample:

  # gdipc.pl -c
  Configuration file name: /root/.GnuDIP2
  Using Update Configuration Mode
  Username: tester2
  Domain: gnudip
  GnuDIP Server: localhost
  Password: testpass
  Cache File [/root/.GnuDIP2.cache.tester2.gnudip]:
  Minimum Seconds Between Updates [0]:
  Maximum Seconds Between Updates [2073600]:
  

  This is a sample update run:

  # gdipc.pl
  Configuration file name: /root/.GnuDIP2
  Cache file name: /root/.GnuDIP2.cache.tester.gnudip
  No update done for tester.gnudip - 127.0.0.1 still valid
  Cache file name: /root/.GnuDIP2.cache.tester2.gnudip
  Invalid login attempt for tester2.gnudip
  

  The IP address for tester.gnudip was not updated because the IP address at the time of the last update was still valid, and because "Maximum Seconds Between Updates" had not yet expired.

  This is the contents of /root/.GnuDIP2.cache.tester.gnudip:

  127.0.0.1;990991068
  

  The status of a GnuDIP2 domain may be reset by deleting its cache file.

  If "Minimum Seconds Between Updates" is specified, then an update will not be sent to the server more often than this interval, even if the IP address at the time of the last update is no longer valid.

• The "help" has been slightly enhanced:

  # gdipc.pl -h
  usage: gdipc.pl \
  usage:     [ -h | -v | -i [ -r] | [ -f configfile ] [ -c | -r ] \
  usage:     [ -o outfile | -a appendfile ]
  usage: With no arguments, update server if address changed or time expired.
  usage: -h: Print this usage message.
  usage: -v: Show version information
  usage: -i: Prompt and read standard input rather than a configuration file.
  usage: -f: Specify a particular configuration file.
  usage:     This will otherwise be .GNUDIP2 in the directory specified by
  usage:     the HOME environment variable, or gdipc.conf in the directory
  usage:     of the binary if HOME is not set.
  usage: -c: Specify contents to write to configuration file.
  usage: -r: Send an offline request to the server to remove your DNS hostname.
  usage: -o: Specify file to overwrite with all output from script.
  usage: -a: Specify file to append with all output from script.
  

• The client works with Windows if ActivePerl is installed. It is converted to a .bat for convenience. It is even possible to run it an regular intervals using the Windows task scheduler without console (i.e. DOS) windows popping up, using the wperl.exe program file.

  The Windows client package contains HTML documentation on using the client with Windows.