{"id":14128477,"url":"https://github.com/dyne/gitzone","last_synced_at":"2025-09-16T18:28:34.473Z","repository":{"id":9437015,"uuid":"11312268","full_name":"dyne/gitzone","owner":"dyne","description":"git-based zone management tool for static and dynamic domains","archived":false,"fork":false,"pushed_at":"2019-10-30T14:41:31.000Z","size":69,"stargazers_count":117,"open_issues_count":3,"forks_count":19,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-04-07T10:35:46.309Z","etag":null,"topics":["bind9","dns","git","perl","ssh","sysadmin"],"latest_commit_sha":null,"homepage":"https://www.dyne.org/software/gitzone/","language":"Perl","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dyne.png","metadata":{"files":{"readme":"README.org","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-07-10T13:09:49.000Z","updated_at":"2025-02-16T13:48:29.000Z","dependencies_parsed_at":"2022-09-03T23:10:40.982Z","dependency_job_id":null,"html_url":"https://github.com/dyne/gitzone","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dyne%2Fgitzone","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dyne%2Fgitzone/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dyne%2Fgitzone/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dyne%2Fgitzone/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dyne","download_url":"https://codeload.github.com/dyne/gitzone/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252133719,"owners_count":21699585,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bind9","dns","git","perl","ssh","sysadmin"],"created_at":"2024-08-15T16:01:45.307Z","updated_at":"2025-09-16T18:28:29.421Z","avatar_url":"https://github.com/dyne.png","language":"Perl","readme":"#+TITLE: gitzone\n#+AUTHOR: tg(x)\n#+OPTIONS: ^:{}\n#+INFOJS_OPT: view:showall ltoc:nil\n#+STYLE: \u003cstyle\u003ehtml{max-width:1000px}\u003c/style\u003e\n\n#+LATEX_HEADER: \\usepackage{lmodern}\n#+LATEX_HEADER: \\usepackage{fullpage}\n\n* About\n\nGitzone is a git-based zone file management tool for BIND. Users can update\ntheir zones in a git repository then during a push the zone files are checked,\nupdated \u0026 reloaded from git receive hooks. If there's an error in a file being\npushed then the push is rejected, thus only correct files are stored on the\nserver. Gitzone is written in Perl.\n\nGitzone-shell is similar to git-shell but it restricts the user to the\nzones repository and provides some additional commands for dynamic DNS\nupdates \u0026 SSH key management.\n#+LATEX: \\pagebreak\n\n\n* Installation (semi-automatic)\n\nFirst install Bind9 (not covered by this documentation).\n\nThen install all scripts in the prefix /bin path and /libexec\n\n  : # make install\n\nOnce the binaries are in place, to enable gitzone for a user there is\na relatively simple script: gitzone-install. Usage synopsis:\n\n  : # gitzone-install username id_rsa.pub\n\nThis script assumes that a user with 'username' (first argument)\nalready exists: anyone with access to this user will be in control of\ngitzone, since access is managed via ssh authentication.\n\nSecond argument is the first public ssh key which will have write\npermissions to change zones (more keys can be added later).\n\nIf you intend to use the dynamic DNS feature via the gitzone-shell,\nthen you'd better create a specific user only for gitzone.\n\nOnce ready, run the script with all the arguments in place.\n\nThen create /etc/bind/repos/${user}.conf and put inside:\n\n#+BEGIN_EXAMPLE\nzone \"domain.com\" {\n\ttype master;\n\tnotify yes;\n\tfile \"/var/cache/bind/$user/domain.com\";\n\tallow-transfer { transfer; };\n};\n#+END_EXAMPLE\n\nWhere 'domain.com' is the first domain you are managing with\ngitzone. There can be more domains and for each of them the above\nconfiguration section must be created.\n\nNow clone the gitzone repository from another user that has access to\nthe ssh secret key configured in gitzone-install. The git url will be\ncomposed of the hostname of the machine where is has been installed\nand the username chosen:\n\n: git clone username@ns.myown.net:zones/username gitzone-admin\n\nThe command above will clone the new gitzone repository into a\ndirectory gitzone-admin. If you aren't familiar with git, this is a\ngood time to go study it.\n\nCreate a file named 'domain.com' inside gitzone-admin and fill it in\nas a canonical DNS zone file for bind9. Then add, commit and push:\n\n#+BEGIN_EXAMPLE\ncd gitzone-admin; vim domain.com\n (edit the zone file according to bind9 documentation)\ngit add domain.com\ngit commit -m \"initial zone commit for domain.com\"\ngit push\n#+END_EXAMPLE\n\nIf the domain.com file contains any errors, gitzone will not accept\nthe push and will report an error among the screen messages.\n \n\nIf all went well, restart the bind9 daemon and you'll see that the\nzone for domain.com is served by your new DNS. One can check using\nnslookup.\n\nGitzone can be installed on multiple users on the same machine,\nthis way there can be different admins (or groups of admins)\nfor different zones all on the same machine.\n\n* Installation (in close detail)\n\n- set PREFIX in Makefile and make sure the paths in the hooks are correct, then\n  : # make install\n\n- edit path settings in gitzone-shell\n\n- create users with ssh access and set their shell to gitzone-shell\n\n- create a zones repo for each user and set receive.denyCurrentBranch to ignore,\n  this allows pushing to a checked out repository. The checked out files are\n  used for incrementing serials and validating the zones with named-checkzone.\n  : # mkdir -p ~$user/zones\n  : # cd ~$user/zones\n  : # git init $user\n  : # cd $user\n  : # git config receive.denyCurrentBranch ignore\n  : # cd .git/hooks\n  : # ln -s /usr/libexec/gitzone/pre-receive\n  : # ln -s /usr/libexec/gitzone/post-receive\n\n- if you want to use a repository locally add these hooks as well / instead:\n  : # ln -s /usr/libexec/gitzone/pre-commit\n  : # ln -s /usr/libexec/gitzone/post-commit\n\n- create a .gitconfig for each user that contains user name \u0026 user email (used\n  for auto increment commits):\n  : # git config -f ~$user/.gitconfig user.name $user\n  : # git config -f ~$user/.gitconfig user.email \"$user@ns.example.com\"\n\n- add ssh keys to ~$user/.ssh/authorized_keys and enable ssh key editing if desired:\n  : # touch ~$user/.ssh/authorized_keys_edit_allowed\n\n- make sure the user's HOME directory has correct permissions:\n  : # chown -R $user:users ~$user\n\n- edit the settings in gitzone.conf\n\n- create a directory for each user in $zone_dir and chown them to the users, this\n  will contain a clone of the user's repository, the zone files here should be\n  included in named.conf.\n  : # cd $zone_dir\n  : # mkdir $user\n  : # chown $user:$group $user\n\n- edit named.conf\n  - set directory in options to $zone_dir, this is needed to make relative file\n    names work in $INCLUDE:\n    : options {\n    :   directory \"/var/named\";\n    :   // ...\n    : }\n\n  - put user zone configuration in a separate file for each user and include them:\n    : include \"/etc/bind/repos/user1.conf\";\n    : include \"/etc/bind/repos/user2.conf\";\n    : include \"/etc/bind/repos/user3.conf\";\n\n* Usage\n\n** Git repository\n\nTo make changes to the zones you need to clone the git repository, edit the\nfiles, commit the changes and finally push the changes to the server.  If you\nuse the auto increment feature you also need to pull after a push as the receive\nhooks on the server make commits to the repository during a push.\n\n#+BEGIN_EXAMPLE\n  % git clone ns.example.net:zones/$user zones\n  % # or if you're using gitzone-shell you can use any path:\n  % git clone ns.example.net:zones\n  % cd zones\n  % # edit files\n  % git add .\n  % git commit -m 'commit msg'\n  % git push origin \u0026\u0026 git pull\n#+END_EXAMPLE\n\n** SSH commands\n\nThe following SSH commands are provided by gitzone-shell:\n\n- =update-record \u003cfilename\u003e \u003crecord\u003e=: updates the IP address of the first matched\n  record in the given file to the SSH client's IP address.\n  : % ssh ns.example.net update-record example.net somehost IN A\n\n- SSH key management commands, to use these do:\n  : touch .ssh/authorized_keys_edit_allowed\n  in the users' home directories.\n\n  - =list-keys=: list added ssh keys\n    : % ssh ns.example.net list-keys\n\n  - =add-key=: add a new ssh key\n    : % ssh ns.example.net add-key `cat id_rsa.pub`\n\n    or only allow one specific command:\n    : % ssh ns.example.net add-key 'command=\"update-record example.net somehost IN A\"' `cat id_rsa.pub`\n\n  - =del-key=: delete an ssh key from the config\n    : % ssh ns.example.net del-key user@somewhere\n\n** Dynamic DNS\n\nIn order to do automatic dynamic DNS updates, create an SSH key without a\npassword and use the add-key command to add it with a command= parameter which\nhas an update-record command in it, see the example in the previous\nsection. This way the host doing the updates does not have access to the git\nrepository as it is restricted to the specified command only. Then all you have to do to\nupdate your IP is:\n: % ssh ns.example.net\n\nRun this command whenever the IP changes or the interface comes up.\n\n*** Debian, Ubuntu\n\nOn Debian-like systems you can use a post-up command in =/etc/network/interfaces=.\n\n*** Gentoo\n\nOn Gentoo you can put a postup() function in =/etc/conf.d/net=.\n\n** Zone files\n\nThere are a few keywords you can use in the zone files:\n\n- ;AUTO_INCREMENT after a serial number to automatically increment it during\n  a push. If the number is 10 digits and starts with 20 it's treated as a date.\n  e.g.:\n  : example.net.  IN  SOA  ns1.example.net. hostmaster.example.net. (\n  :                        2011013101  ;AUTO_INCREMENT\n  :                        1d 2h 4w 2d )\n\n- $INCLUDE can be used to include other files from the repository, the file\n  names should be prefixed with the user name\n\n- ;INCLUDED_BY on the first line of a file indicates what other files include\n  this file. When this file is committed \u0026 pushed all the other files listed\n  after ;INCLUDED_BY are reloaded as well.\n\n  E.g. if you have the following files in the repository then a change in\n  example-common would result in the reload of both example.net \u0026 example.org:\n\n  - example.net:\n    : ...\n    : $INCLUDE username/example-common example.net.\n\n  - example.org:\n    : ...\n    : $INCLUDE username/example-common example.org.\n\n  - example-common:\n    : ;INCLUDED_BY example.net example.org\n    : ...\n\n* Acknowledgements\n\nGitzone is copyright (C) 2013-2019 by Dyne.org foundation, Amsterdam\n\nDesigned and written by tg(x)\n\nMaintained and documented by Denis Roio and Ivan J.\n\nWith contributions by Zephaniah Loss-Cutler-Hull\n\nGitzone is Licensed under the terms of the Affero GNU Public License\nas published by the Free Software Foundation; either version 3 of the\nLicense, or (at your option) any later version.\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\nimplied.  See [the License](LICENSE.txt).\n","funding_links":[],"categories":["Perl"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdyne%2Fgitzone","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdyne%2Fgitzone","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdyne%2Fgitzone/lists"}