DirectSlave/GO 3 - public beta

roman_m

Verified User
Joined
May 5, 2005
Messages
130
Location
Ukraine, Kiev
Wtf?

[m@regme]~/download$ file directslave-3.2-advanced-all.tar.gz
directslave-3.2-advanced-all.tar.gz: gzip compressed data, was "directslave-3.2-advanced-all.tar", last modified: Mon Jun 4 12:24:03 2018, from Unix
 

roman_m

Verified User
Joined
May 5, 2005
Messages
130
Location
Ukraine, Kiev
Also, the "pass" script to create auths is no longer in use?
Since 3.0-beta use
Code:
/usr/local/bin/directslave ----password user:password
to create/update passwd file entries.

But you able to use old `pass` utility to operate entries. Shure, if your still maintain perl in your system running DS.
 

roman_m

Verified User
Joined
May 5, 2005
Messages
130
Location
Ukraine, Kiev
Can you show me MD5 of directslave-3.2-advanced-all.tar.gz on your side ?

MD5 (directslave-3.2-advanced-all.tar.gz) = 85088b77fa688b1bcf114c9fc895819c
 

DhoTjai

Verified User
Joined
Apr 23, 2006
Messages
80
Location
Netherlands
Same here,

# tar -zxvf directslave-3.2-advanced-all.tar.gz
> gzip: stdin: not in gzip format
> tar: Child returned status 1
> tar: Error is not recoverable: exiting now

# gunzip directslave-3.2-advanced-all.tar.gz
> gzip: directslave-3.2-advanced-all.tar.gz: not in gzip format

This works:
tar -xf directslave-3.2-advanced-all.tar.gz

md5
6b79ba421065ab9dc4093ba3f548e524 directslave-3.2-advanced-all.tar.gz
 

roman_m

Verified User
Joined
May 5, 2005
Messages
130
Location
Ukraine, Kiev
I understand what's happening!

I'm using nginx + gzip on, so all traffic from my server is gzipped out and sent to browser via HTTP/2 in compressed form.
But if traffic contains archive stream in gzip format, browser unpacks it just like usual traffic stream (yes, including stream file)!

Repacked bundle with tar+bzip2 and edited a link to bundle.
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,788
Location
A Coruña, Spain
Sorry I was implementing SOLR on my Dovecot Server and I didn't realize I wasn't receiving emails :p

Glad you found out and it wasn't me :D

Thanks for the password tip, I completely forgot that (or probably I didn't use it since I already had my users created :D)

Everything is working fine, and the web interface it is very very nice and useful :)

I still didn't try the text storage but I guess it will simply work, if not I will post it here :)

Thanks for the amazing job

Best regards
 

roman_m

Verified User
Joined
May 5, 2005
Messages
130
Location
Ukraine, Kiev
>Thanks for the password tip
You're welcome :)

>Everything is working fine, and the web interface it is very very nice and useful
It's running for a week in my prod env.

> text storage but I guess it will simply work
It should! (also didn't test that)

Enjoy :)
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,788
Location
A Coruña, Spain
Okay the text option works perfectly on latest bind but doesn't work on old versions

I have one of the NS which is an old CentOS 5.11 (cannot update due to the hardware) and use Bind 9.3.6 which doesn't support the masterfile-format option.

Would be possible to have some sort of check for the bind version to define if to add that option or not? To help you out, that option has been introduced from Bind 9.4.0, before that it will not work :)

Thanks :)
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,788
Location
A Coruña, Spain
If not, whoever might be interested, I created this crontab:

Code:
0 * * * * root if [ "`cat /var/named/slaves.conf | grep masterfile-format`" != "" ]; then sed -i "s/ masterfile-format text;//g" /var/named/slaves.conf; service named restart >/dev/null 2>&1; fi  >/dev/null 2>&1;
This will check if any zone in the slave file (/var/named/slaves.conf , change all the references to it if different) have that option, if yes it will remove it and restart named, the crontab is set to run every hour.

Best regards
 

roman_m

Verified User
Joined
May 5, 2005
Messages
130
Location
Ukraine, Kiev
Sure, I know this and do a simple code trick:

if you give "masterfile-format" option other than "text" in directslave.conf, it will conpletely remove "masterfile-format" from included template line, so generated line will not contain "masterfile-format". You can give it value of "none" or "nil", but dont' remove it from config conpletely -- DS won't start without it.
 

verkerkict

Verified User
Joined
Jan 19, 2007
Messages
12
I;m just testing the product and with the new webinterface it is working really good.
Only when making some changes at the same time it is taking the TTL before its beeining updated in bind/named.
Is there an way to force it? So that an change in DA directly will be pushed to bind/named

in the logging you can see directly the POST /CMD_API_DNS_ADMIN?action=rawsave&domain=
 

roman_m

Verified User
Joined
May 5, 2005
Messages
130
Location
Ukraine, Kiev
I;m just testing the product and with the new webinterface it is working really good.
Only when making some changes at the same time it is taking the TTL before its beeining updated in bind/named.
Is there an way to force it? So that an change in DA directly will be pushed to bind/named

in the logging you can see directly the POST /CMD_API_DNS_ADMIN?action=rawsave&domain=
When DS recv POST data, it triggers the internal queue manager that runs `rndc`.
As you can see in logs "RNDC queue triggered with NUM events"

I can move 'trigger' setting to config in next release, so you've be able to set it to 120 seconds or 60 seconds, as you want (now it's 30 seconds).
 

roman_m

Verified User
Joined
May 5, 2005
Messages
130
Location
Ukraine, Kiev
[b]!warning![/b]

!WARNING!
!WARNING!
!WARNING!

Today I discovered DirectSlave 3.2 have a bunch of security breaches in webinterface (XSS) since it have no filtration of data coming through web channel (I completely rely on user's sanity).
And I really aplogise for that.

So, I'm working on next release to beat all the bugs out and filter data as much as I can.

HOTFIX: open /usr/local/directslave/www/templates/login.tpl in editor and remove {{.User}} and {{.Pass}} fields from template.
Also, remove commented html code.

OR

Apply this fix - https://directslave.com/download/directslave-3.2-login-XSS-HOTFIX.tar.gz
Extract directslave/www/templates/login.tpl from archive into /usr/local/directslave/www/templates/ and overwrite login.tpl with archive version.
 
Last edited:

verkerkict

Verified User
Joined
Jan 19, 2007
Messages
12
!WARNING!
!WARNING!
!WARNING!

Today I discovered DirectSlave 3.2 have a bunch of security breaches in webinterface (XSS) since it have no filtration of data coming through web channel (I completely rely on user's sanity).
And I really aplogise for that.

So, I'm working on next release to beat all the bugs out and filter data as much as I can.
We got an ip block on the webinterface because it's not necessary to access it from not trusted locations, guess then above problem wont exist?
 

ps4all

Verified User
Joined
Oct 21, 2008
Messages
8
Did the DirectSlave project quit somehow?
Seems the website is offline for about a week now ( ERR_CONNECTION_REFUSED ) :-(
 
Top