{"id":13930233,"url":"https://github.com/james-stevens/powerdns-webui","last_synced_at":"2025-07-19T12:32:00.192Z","repository":{"id":37774073,"uuid":"225887983","full_name":"james-stevens/powerdns-webui","owner":"james-stevens","description":"Self-contained, single-page, single-file, javascript webapp for managing your PowerDNS data","archived":false,"fork":false,"pushed_at":"2023-01-05T12:31:17.000Z","size":1098,"stargazers_count":58,"open_issues_count":0,"forks_count":14,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-08-08T18:26:51.478Z","etag":null,"topics":["javascript-webapp","powerdns-api","powerdns-server","powerdns-webui","webapp"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/james-stevens.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":"james-stevens","patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"lfx_crowdfunding":null,"custom":"https://www.paypal.com/donate/?hosted_button_id=QVFND645E299A"}},"created_at":"2019-12-04T14:37:21.000Z","updated_at":"2024-04-28T23:29:39.000Z","dependencies_parsed_at":"2023-02-04T04:47:26.103Z","dependency_job_id":null,"html_url":"https://github.com/james-stevens/powerdns-webui","commit_stats":null,"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/james-stevens%2Fpowerdns-webui","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/james-stevens%2Fpowerdns-webui/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/james-stevens%2Fpowerdns-webui/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/james-stevens%2Fpowerdns-webui/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/james-stevens","download_url":"https://codeload.github.com/james-stevens/powerdns-webui/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":226607617,"owners_count":17658484,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["javascript-webapp","powerdns-api","powerdns-server","powerdns-webui","webapp"],"created_at":"2024-08-07T18:05:22.827Z","updated_at":"2024-11-26T19:30:57.694Z","avatar_url":"https://github.com/james-stevens.png","language":"HTML","funding_links":["https://github.com/sponsors/james-stevens","https://www.paypal.com/donate/?hosted_button_id=QVFND645E299A"],"categories":["webapp"],"sub_categories":[],"readme":"# General Disclaimer\n\nThis project has no connection whatsoever with [PowerDNS.COM BV](https://www.powerdns.com/contact.html),\n[Open-Xchange Inc](https://www.open-xchange.com/) - or any other third party.\n\nIt is an independently funded \u0026 maintained development effort.\n\nIf this doesn't meet your needs, you might want to try [some of these](https://github.com/PowerDNS/pdns/wiki/WebFrontends).\n\n\n# Help with this effort\n\nIf you find this code useful, I would absolutely appreciate it if you could make a donation, no matter how small.\n\n- [Donate by PayPal](https://www.paypal.com/donate/?hosted_button_id=QVFND645E299A)\n- Donate by BTC - 357ynBdTQiVKybo93bP2cYbrkLbpGmQCj6\n- Donate by ETH - 0x20fbf9555F09a8579540970488dcB8245244b683 (Etherium Network ONLY)\n\nDonations are paid into a UK Limited Company, so if you want a trade invoice / recipt, just ask.\n\nOr you can sponsor me [through GitHub](https://github.com/sponsors/james-stevens) - Also see `Sponsor this project`\n\n\n\n\n# Discussions\n\nGithub now has a `discussions` feature, so I have enabled it on this project. Please use this to leave\nany ad-hoc feedback or raise minor issues / enhancement requests etc\n\nOr just stop by to say `hello` or `thanks`.\n\n\n\n# PowerDNS WebUI\n\n`htdocs/index.html` is a complete self-contained, single-file, single page HTML, CSS \u0026 Javascript webapp\nwhich allows you to browse and edit DNS data held in a PowerDNS Database using only the PowerDNS RestAPI.\nYou can clone the project, if you want, but this is the only file you need in order to add a complete WebUI to your PowerDNS Server.\n\nPunycode to IDN decoding \u0026 encoding is done by a very slightly modified version of the\n[module by Mathias Bynens](https://github.com/mathiasbynens/punycode.js)\nwhich has been appended to the `index.html` file.\n\nIt is primarily aimed at those who are using PowerDNS as a DNS Master, as this is what I do,\nbut it should handle native / slave zones OK.\nIf you are using this webapp for slave / native, please let me know if there are features it needs.\n\nWhen minified, using `python -m jsmin index.html \u003e min.html`, the savings are not great (~10%), so I've chosen to no longer provide this minified file.\nThis is probably largely because I use TAB indents (see CONTRIBUTING.md).\n\nBecause of the security limitations of the PowerDNS Rest/API, this is intended as a SysAdmin tool only - see the **Security** Section below.\n\nA critical design goal was to ensure that the data you see has come live from the server, and you have a single\nclick button in the navigation bar that will reload the data you are seeing.\n\nThe only exception to this is occasionally when the `NSEC3PARAM` value is displayed on the DNSSEC page.\n\n\n\n\n# Features\n\nThis is a summary of the features this WebUI provides to PowerDNS\n\n* **Servers** - contact PowerDNS Servers directly using the API-Key, or indirectly though a web proxy, HTTP or HTTPS (see `Browser Security Restrictions` below)\n* **Zones** - Add, View, Remove, Sign, Unsign, Force NOTIFY, Rectify, Download in RFC format, force update (slave only), Change type/kind\n* **Metadata** - Add, Edit, Remove Metadata items or individual values, with some clientside validation, including picking drop-downs where specific metadata items have a limited range of values\n* **Hosts/names** - Master or Native only - Add, Edit, Remove RRs / RR-Sets with some clientside validation, Change the TTL of an RR-Set. Copy records, including between zones, by renaming the RR-Set\n* **TSIG Keys** - Add, Regenerate, Remove, click to copy name or digest to clipboard. NOTE: Adding multiple TSIG keys, of different algorythms, does not work in PowerDNS v4.2.0\n* **Search** - quick access to native search facility, with click-through to records / zones\n* **Navigation** - fully functional BACK button, link to open any page in a new tab (or link you can email etc)\n* **DNSSEC**\n\t* Sign an unsigned zone - NSEC or NSEC3, KSK+ZSK or CSK, any algorythm \u0026 key lengths\n\t* Unsign a signed zone - NOTE: removing the NSEC3 param record using the Rest/API does not work in PowerDNS v4.2.0\n\t* Step-by-Step one-button CSK, KSK or ZSK key roll-over\n\t* Add, Remove, Activate / Deactivate individual keys\n\t* DS digest, click to copy digest to clipboard\n\t* Convert NSEC to NSEC3 or vice versa. NOTE: removing the NSEC3 param record using the Rest/API does not work in PowerDNS v4.2.0\n\t* NSEC3PARAM roll-over - Yeah, some people like to do it. What can you say.\n* Punycode - where record or zone names are [punycode](https://en.wikipedia.org/wiki/Punycode) encoded, they will be decoded and the IDN version will be displayed (look out for tooltips!).\n\tWhen zones or records are created or renamed, the name can be entered as UTF-8 and it will be automatically encoded to punycode.\n* Basic Theme Support - comes with four hardcoded colour schemes\n* **Stats** - ability to view all server stats data, including breaking out data presented in lists\n* Ability to maintain a [bind-9.11 catalog zone](https://kb.isc.org/docs/aa-01401), for RFC/XFR (not native) slaves.\n\n`Fast Zone Listing` allows you to view the full list of zones considerably faster, at the cost of slightly reduced information.\nWhere you have 1000s of zones, or a server a long way away, this can significantly reduce time to load the zone list.\n\n\nWhen reporting an issue, please also include any messages in your browser console (in Chrome press F12, in FireFox Ctrl-Shift-J).\n\n\n# Themes\n\nThere are five built-in colour schemes, called themes, plus one called \"Custom\", which ships as the same as \"Dark\".\nThe app should remember which theme you chose and return to that one. This means you can customise the \"Custom\" theme,\nif you want, \u0026 it will then return to your custom colour scheme without affecting the default themes.\n\n\n\n# Browser Security Restrictions\n\nThis webapp is super simple to use, but does require a little setting up to ensure your browser is happy with stuff.\nThese issues are generic browser security restrictions, and not specifically to do with this code.\n\n* If your browser received the `index.html` (this webapp) over HTTPS, then the RestAPI **must** be accessed over HTTPS - this is where\nusing an HTTP/HTTPS proxy is useful. As of v4.2.0, PowerDNS does not natively support HTTPS, and sending all your data\n(and maybe your API Key) over HTTP is probably not what you want.\n\n* You must be [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) compliant - in this context it means the web server\nthat gave your browser `index.html` must list (in the header of the response) all the other HTTP/S servers you are allowed to access via the webapp.\n\nNOTE: For CORS, by default, you are allowed to access the Rest/API on the server that sent you the webapp, regardless of the port number.\nSo this requires no special extra consideration.\n\nSo, for exmaple, you could obtain the `index.html` page from port 80 (HTTP) but, on the same server, still be OK to access the PowerDNS API directly (port 8081, and **not** HTTPS).\n\nBut, I strongly recommend you simply use a `HTTPS` proxy.\n\n# The Example Config\n\nWe have provided a fully working example set-up in the `example` directory.\n\nBecause this webapp accesses the PowerDNS RestAPI directly from your desktop's browser, to prevent you having to give everybody the `api-key`,\nwe would recommend you use a web proxy (e.g. Apache or nginx) and (for exmaple) enforce per-user authentication in the proxy.\nThis means you will need to configure the proxy to add the `api-key` to each request (see below).\n\nYou can also use the web proxy to provide an HTTP-\u003eHTTPS service, transparently adding `HTTPS` support to the RestAPI.\n\nI used both Apache \u0026 nginx. Here's a snip of my setup. It assumes your PowerDNS WebUI is listening on IP Address 127.1.0.1\nand your Apache Server can listen on port 443 (HTTPS). The PowerDNS IP Address will probably work for you.\n\nI haven't included the SSL, or per-user authentication, config lines, you will need to add whatever you prefer,\nbut all the SSL \u0026 Basic Authentication configuration is included in `example/httpd.conf` and `exmaple/nginx.conf`.\n\n```\n\u003cVirtualHost *:443\u003e\n\n\tDocumentRoot /opt/websites/pdns/powerdns-webui/htdocs\n\n\t\u003cProxy http://127.1.0.1:8081/*\u003e\n\t\tAllow from all\n\t\u003c/Proxy\u003e\n\n    \u003clocation /stats/\u003e\n        ProxyPass http://admin,Dev-Key@127.1.0.1:8081/\n        ProxyPassReverse http://admin,Dev-Key@127.1.0.1:8081/\n    \u003c/location\u003e\n\n\t\u003clocation /api\u003e\n\t\tHeader add X-API-Key \"Dev-Key\"\n\t\tRequestHeader set X-API-Key \"Dev-Key\"\n\t\tProxyPass http://127.1.0.1:8081/api\n\t\tProxyPassReverse http://127.1.0.1:8081/api\n\t\u003c/location\u003e\n\n\u003c/VirtualHost\u003e\n```\n\nBecuase I want the webapp to live in the ROOT directory of the website, this overloads the PowerDNS stats page (which also lives at the root),\nso I have put in a rule that makes the stats page available from `https://\u003cserver-ip-address\u003e/stats/`. Although, of course, this webapp\nalso gives you access to the stats that are available from the Rest/API.\n\nYou will need to ensure you have loaded the Apache proxy modules, I used this code\n\n```\nLoadModule proxy_module modules/mod_proxy.so\nLoadModule proxy_connect_module modules/mod_proxy_connect.so\nLoadModule proxy_http_module modules/mod_proxy_http.so\nLoadModule rewrite_module  modules/mod_rewrite.so\n```\nHere's the corresponding PowerDNS `pdns.conf` settings for the WebUI \u0026 Rest-API\n\n```\n...\n\nwebserver=yes\nwebserver-address=127.1.0.1\nwebserver-allow-from=127.0.0.0/8\nwebserver-password=Dev-Key\napi=yes\napi-key=Dev-Key\n\n...\n\n```\n\n\nClone this project as the directory `/opt/websites/pdns/powerdns-webui`,\nor whatever you chose in the Apache conf, and request the URL `https://\u003cserver-ip-address\u003e/`\n\nIf it worked correctly, you should see a screen like this.\n\n![Frist Screen](/first2.png)\n\nBecause it prompts you for a server name, you can use one copy of this webapp to access any PowerDNS RestAPI\nyou can reach, subject to the browser restrictions described above.\n\nA fully working example configuration, and instructions, are provided in the `example` directory.\n\n\n# An Easier Configuration\n\nA less secure configuration, that is easier to get working, is to set up PowerDNS to listen on the same IP Address\nas a standard HTTP web server, then load the webapp's `index.html` from the web server and tell the webapp to connect directly \nto the PowerDNS API on port 8081, by adding `:8081` after the server name / ip address. You will also need to enter the \n`web-api` key and untick the `HTTPS` tick box.\n\nThis should satisfy your browser's security checks. I have tested this in both Chrome and Firefox.  \nHowever, it means all your data, and your API key, will be sent in plain text.\n\n\n# Don't Worry There's a Docker Container\n\nFor those who want the extra security provided by HTTPS and per-user authentication, but are troubled by\nthe effort of setting it up yourself, don't worry there's a [Docker container](https://hub.docker.com/r/jamesstevens/pdns-webui) called `jamesstevens/pdns-webui`.\n\nThere are a few caveats, and things you'll probably want to change, so there's also a [README](container/README.md) in the `container` directory.\n\n\n# SSH Tunnel\n\nUsing an SSH tunnel allows encryption and authentication to be handled by SSH. This provides a simple alternative to configuring a web server.\n\nIt is vital that the PowerDNS API is **only** available on the local loopback interface and **not** any public network interface. This restricts access only to users who are allowed to log in to the remote machine. They can then use SSH to tunnel the loopback interface to their local machine and use the web interface there.\n\nAn example section of a ```pdns.conf``` file would be:\n\n```\nwebserver=yes\nwebserver-address = ::1\nwebserver-port = 8068\napi=yes\napi-key=Dev-Key\n```\nThis will make PowerDNS provide the API over the local IPv6 loopback interface, ```[::1]```, and listen on port ```8068```. Port 8068 was chosen because the ASCII for 'P' is 80 and for 'D' it is 68.\n\nPowerDNS WebUI can then be run using three commands in a terminal on a typical Unix box, e.g. Linux, running a desktop:\n\n```\ncurl -sS https://raw.githubusercontent.com/james-stevens/powerdns-webui/master/htdocs/index.html --output powerdns-webui.html\nxdg-open powerdns-webui.html\nssh user@myserver -L 8000:[::1]:8068 -N\n```\nThe first and second commands download the user interface file and open it in the desktop's default browser respectively.\n\nThe third command creates an SSH tunnel on local port 8000, which connects to the IPv6 loopback interface, ```[::1]```, on port ```8068``` of the remote machine. The ```-N``` switch stops a remote shell being opened for user input.\n\nTo connect PowerDNS WebUI use ```[::1]:8000``` for the server address and then enter the relevant API-Key.\n\nThis is all that is required to create a remote connection using SSH for encryption and authentication.\n\nTo close the connection use CTRL + C to terminate SSH in the terminal.\n\n**NOTE:** `ssh` tunnelling will also work on non-Linux desktops, but you will need to use slightly different commands.\n\n\n# In Operation #\n\nI've tested this with the latest Chrome \u0026 Firefox running on Xubuntu (Ubuntu + XFCE) talking to a 95% idle PowerDNS server\nrunning v4.2.2 over an 18ms latency link and the response time, for all actions, including viewing a zone with 1000 records\n(500 names, 2 records per name), is virtually instant.\n\nApart from some minor aesthetic differences, the behaviour in Chrome and Firefox was identical. \nAs far as I know, any ES6 compliant browser should work, but I might be wrong.\n\nnginx performed the same as Apache - virtually instant.\n\n\n# Security #\n\nThis webapp is intended as a SysAdmin aid, and not to be given directly to end-users without the addition of more serverside security.\nEspecially, this webapp is not recommended in the situation where you have multiple users owning different domains.\n\nThere are deliberatly **NO** security options in this webapp, e.g. who can edit/delete zones/names/records etc.\n\nAs a general principal, when you have a JavaScript+RestAPI webapp the place to put the security is in the serverside RestAPI.\nAny security put into the Javascript can probably be trivially circumvented and is therefore of extremely limited value.\nIn fact, in security circles, this is considered worse than having no security, as less experienced sysadmins may be left thinking\nthey are safe, when this is not the case.\n\nIn various web proxies, there are options to block certain `METHODs`. For example, by blocking all `METHODs` except `GET`,\nyou can stop a user from being able to make changes. For more information, please ask Google.\n\nIn general, therefore, as it is provided, this webapp is probably not going to be that useful for giving to end users.\nHowever, as an sysadmin tool, it can be very useful.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjames-stevens%2Fpowerdns-webui","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjames-stevens%2Fpowerdns-webui","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjames-stevens%2Fpowerdns-webui/lists"}