vinyldns/README.md

[![Join the chat at https://gitter.im/vinyldns](https://badges.gitter.im/vinyldns/vinyldns.svg)](https://gitter.im/vinyldns)
[![Travis build](https://api.travis-ci.org/vinyldns/vinyldns.svg?branch=master)](https://travis-ci.org/vinyldns/vinyldns)
[![CodeCov ](https://codecov.io/gh/vinyldns/vinyldns/branch/master/graph/badge.svg)](https://codecov.io/gh/vinyldns/vinyldns)
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/2682/badge)](https://bestpractices.coreinfrastructure.org/projects/2682)
![License](https://img.shields.io/github/license/vinyldns/vinyldns)

<p align="left">
  <a href="http://www.vinyldns.io/">
    <img
      alt="VinylDNS"
      src="img/vinyldns-logo-full.png"
      width="400"
    />
  </a>
</p>

# VinylDNS
VinylDNS is a vendor agnostic front-end for enabling self-service DNS and streamlining DNS operations.
VinylDNS manages millions of DNS records supporting thousands of engineers in production at [Comcast](http://www.comcast.com).
The platform provides fine-grained access controls, auditing of all changes, a self-service user interface,
secure RESTful API, and integration with infrastructure automation tools like Ansible and Terraform.
It is designed to integrate with your existing DNS infrastructure, and provides extensibility to fit your installation.

VinylDNS helps secure DNS management via:
* AWS Sig4 signing of all messages to ensure that the message that was sent was not altered in transit
* Throttling of DNS updates to rate limit concurrent updates against your DNS systems
* Encrypting user secrets and TSIG keys at rest and in-transit
* Recording every change made to DNS records and zones

Integration is simple with first-class language support including:
* java
* ruby
* python
* go-lang
* javascript

## Table of Contents
- [Quickstart](#quickstart)
- [Code of Conduct](#code-of-conduct)
- [Developer Guide](#developer-guide)
- [Contributing](#contributing)
- [Roadmap](#roadmap)
- [Contact](#contact)
- [Maintainers and Contributors](#maintainers-and-contributors)
- [Credits](#credits)

## Quickstart
Docker images for VinylDNS live on Docker Hub at <https://hub.docker.com/u/vinyldns/>.
To start up a local instance of VinylDNS on your machine with docker:

1. Ensure that you have [docker](https://docs.docker.com/install/) and [docker-compose](https://docs.docker.com/compose/install/)
1. Clone the repo: `git clone https://github.com/vinyldns/vinyldns.git`
1. Navigate to repo: `cd vinyldns`
1. Run `./bin/docker-up-vinyldns.sh`. This will start up the api at `localhost:9000` and the portal at `localhost:9001`
1. See [Developer Guide](DEVELOPER_GUIDE.md#loading-test-data) for how to load a test DNS zone
1. To stop the local setup, run `./bin/remove-vinyl-containers.sh`.

There exist several clients at <https://github.com/vinyldns> that can be used to make API requests, using the endpoint `http://localhost:9000`

## Things to try in the portal
1. View the portal at <http://localhost:9001> in a web browser
1. Login with the credentials ***professor*** and ***professor***
1. Navigate to the `groups` tab: <http://localhost:9001/groups>
1. Click on the **New Group** button and create a new group, the group id is the uuid in the url after you view the group
1. View zones you connected to in the `zones` tab: <http://localhost:9001/zones> (Note, see [Developer Guide](DEVELOPER_GUIDE.md#loading-test-data) for creating a zone)
1. You will see that some records are preloaded in the zoned already, this is because these records are preloaded in the local docker DNS server 
and VinylDNS automatically syncs records with the backend DNS server upon zone connection
1. From here, you can create DNS record sets in the **Manage Records** tab, and manage zone settings and ***ACL rules***
in the **Manage Zone** tab
1. To try creating a DNS record, click on the **Create Record Set** button under Records, `Record Type = A, Record Name = my-test-a,
TTL = 300, IP Addressess = 1.1.1.1`
1. Click on the **Refresh** button under Records, you should see your new record created

## Other things to note
1. Upon connecting to a zone for the first time, a zone sync is ran to provide VinylDNS a copy of the records in the zone
1. Changes made via VinylDNS are made against the DNS backend, you do not need to sync the zone further to push those changes out
1. If changes to the zone are made outside of VinylDNS, then the zone will have to be re-synced to give VinylDNS a copy of those records
1. If you wish to modify the url used in the creation process from `http://localhost:9000`, to say `http://vinyldns.yourdomain.com:9000`, you can modify the `bin/.env` file before execution.
1. A similar `docker/.env` can be modified to change the default ports for the Portal and API. You must also modify their config files with the new port: https://www.vinyldns.io/operator/config-portal & https://www.vinyldns.io/operator/config-api

## Code of Conduct
This project and everyone participating in it are governed by the [VinylDNS Code Of Conduct](CODE_OF_CONDUCT.md).  By
participating, you agree to this Code.  Please report any violations to the code of conduct to vinyldns-core@googlegroups.com.

## Developer Guide
See [DEVELOPER_GUIDE.md](DEVELOPER_GUIDE.md) for instructions on setting up VinylDNS locally.

## Contributing
See the [Contributing Guide](CONTRIBUTING.md).

## Roadmap
See [ROADMAP.md](ROADMAP.md) for the future plans for VinylDNS.

## Contact
- [Gitter](https://gitter.im/vinyldns)
- [Mailing List](https://groups.google.com/forum/#!forum/vinyldns)
- If you have any security concerns please contact the maintainers directly vinyldns-core@googlegroups.com

## Maintainers and Contributors
The current maintainers (people who can merge pull requests) are:
- Paul Cleary
- Nima Eskandary
- Michael Ly
- Rebecca Star
- Britney Wright

See [AUTHORS.md](AUTHORS.md) for the full list of contributors to VinylDNS.

See [MAINTAINERS.md](MAINTAINERS.md) for documentation specific to maintainers 

## Credits
VinylDNS would not be possible without the help of many other pieces of open source software. Thank you open source world!

Initial development of DynamoDBHelper done by [Roland Kuhn](https://github.com/rkuhn) from https://github.com/akka/akka-persistence-dynamodb/blob/8d7495821faef754d97759f0d3d35ed18fc17cc7/src/main/scala/akka/persistence/dynamodb/journal/DynamoDBHelper.scala

Given the Apache 2.0 license of VinylDNS, we specifically want to call out the following libraries and their corresponding licenses shown below.
- [logback-classic](https://github.com/qos-ch/logback) - [Eclipse Public License 1.0](https://www.eclipse.org/legal/epl-v10.html)
- [logback-core](https://github.com/qos-ch/logback) - [Eclipse Public License 1.0](https://www.eclipse.org/legal/epl-v10.html)
- [h2 database](http://h2database.com) - [Mozilla Public License, version 2.0](https://www.mozilla.org/MPL/2.0/)
- [pureconfig](https://github.com/pureconfig/pureconfig) - [Mozilla Public License, version 2.0](https://www.mozilla.org/MPL/2.0/)
- [pureconfig-macros](https://github.com/pureconfig/pureconfig) - [Mozilla Public License, version 2.0](https://www.mozilla.org/MPL/2.0/)
- [junit](https://junit.org/junit4/) - [Eclipse Public License 1.0](https://www.eclipse.org/legal/epl-v10.html)
update gitter (#120) 2018-08-17 15:45:15 -04:00			`[![Join the chat at https://gitter.im/vinyldns](https://badges.gitter.im/vinyldns/vinyldns.svg)](https://gitter.im/vinyldns)`
update travis link in README (#126) 2018-08-21 10:06:37 -04:00			`[![Travis build](https://api.travis-ci.org/vinyldns/vinyldns.svg?branch=master)](https://travis-ci.org/vinyldns/vinyldns)`
add Travis and CodeCov badges to Readme (#78) 2018-08-09 11:31:49 -04:00			`[![CodeCov ](https://codecov.io/gh/vinyldns/vinyldns/branch/master/graph/badge.svg)](https://codecov.io/gh/vinyldns/vinyldns)`
Adding CII Best Practices Badge 2019-04-02 22:02:32 -04:00			`[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/2682/badge)](https://bestpractices.coreinfrastructure.org/projects/2682)`
add license badge to Readme (#881) 2019-10-21 10:03:27 -04:00			`![License](https://img.shields.io/github/license/vinyldns/vinyldns)`
Initial code release 2018-07-27 10:18:29 -04:00
Use PNG for README image The SVG file was not correctly displaying. Made the logo left aligned. 2018-07-31 16:07:36 -04:00			`<p align="left">`
Fixing the image location 2018-07-31 15:11:02 -04:00			`<a href="http://www.vinyldns.io/">`
Update README Logo * Add new logo to img. This is the svg * Updated README to point to new logo * Delete the old logo 2018-07-31 15:03:55 -04:00			`<img`
			`alt="VinylDNS"`
Use PNG for README image The SVG file was not correctly displaying. Made the logo left aligned. 2018-07-31 16:07:36 -04:00			`src="img/vinyldns-logo-full.png"`
Update README Logo * Add new logo to img. This is the svg * Updated README to point to new logo * Delete the old logo 2018-07-31 15:03:55 -04:00			`width="400"`
			`/>`
			`</a>`
			`</p>`

Initial code release 2018-07-27 10:18:29 -04:00			`# VinylDNS`
Operator Guide (#88) Created Operator Guide. Includes pre-requisites, setup, configuration, and using the docker images. 2018-08-22 10:44:53 -04:00			`VinylDNS is a vendor agnostic front-end for enabling self-service DNS and streamlining DNS operations.`
			`VinylDNS manages millions of DNS records supporting thousands of engineers in production at [Comcast](http://www.comcast.com).`
Initial code release 2018-07-27 10:18:29 -04:00			`The platform provides fine-grained access controls, auditing of all changes, a self-service user interface,`
Operator Guide (#88) Created Operator Guide. Includes pre-requisites, setup, configuration, and using the docker images. 2018-08-22 10:44:53 -04:00			`secure RESTful API, and integration with infrastructure automation tools like Ansible and Terraform.`
Initial code release 2018-07-27 10:18:29 -04:00			`It is designed to integrate with your existing DNS infrastructure, and provides extensibility to fit your installation.`

			`VinylDNS helps secure DNS management via:`
			`* AWS Sig4 signing of all messages to ensure that the message that was sent was not altered in transit`
			`* Throttling of DNS updates to rate limit concurrent updates against your DNS systems`
			`* Encrypting user secrets and TSIG keys at rest and in-transit`
			`* Recording every change made to DNS records and zones`

			`Integration is simple with first-class language support including:`
			`* java`
			`* ruby`
			`* python`
			`* go-lang`
update tooling/language lists (#494) 2019-02-20 13:52:37 -05:00			`* javascript`
Initial code release 2018-07-27 10:18:29 -04:00
			`## Table of Contents`
vinyldns start docker publish process (#63) * start signed docker push process, manual for now * make quickstart guide in README, make MAINTAINTERS.md * fix error in comments in bin/docker-up-vinyldns.sh * change api and portal image tags to 0.8.0 in docker/docker-compose-build.yml 2018-08-07 11:26:43 -04:00			`- [Quickstart](#quickstart)`
Initial code release 2018-07-27 10:18:29 -04:00			`- [Code of Conduct](#code-of-conduct)`
			`- [Developer Guide](#developer-guide)`
			`- [Contributing](#contributing)`
Initial revision for developer guide documentation. (#118) 2018-08-23 10:02:52 -04:00			`- [Roadmap](#roadmap)`
Initial code release 2018-07-27 10:18:29 -04:00			`- [Contact](#contact)`
			`- [Maintainers and Contributors](#maintainers-and-contributors)`
			`- [Credits](#credits)`

vinyldns start docker publish process (#63) * start signed docker push process, manual for now * make quickstart guide in README, make MAINTAINTERS.md * fix error in comments in bin/docker-up-vinyldns.sh * change api and portal image tags to 0.8.0 in docker/docker-compose-build.yml 2018-08-07 11:26:43 -04:00			`## Quickstart`
quickstart update (#528) * quickstart update * tell them to use the js client 2019-03-18 17:44:37 -04:00			`Docker images for VinylDNS live on Docker Hub at <https://hub.docker.com/u/vinyldns/>.`
vinyldns start docker publish process (#63) * start signed docker push process, manual for now * make quickstart guide in README, make MAINTAINTERS.md * fix error in comments in bin/docker-up-vinyldns.sh * change api and portal image tags to 0.8.0 in docker/docker-compose-build.yml 2018-08-07 11:26:43 -04:00			`To start up a local instance of VinylDNS on your machine with docker:`

Initial revision for developer guide documentation. (#118) 2018-08-23 10:02:52 -04:00			`1. Ensure that you have [docker](https://docs.docker.com/install/) and [docker-compose](https://docs.docker.com/compose/install/)`
vinyldns start docker publish process (#63) * start signed docker push process, manual for now * make quickstart guide in README, make MAINTAINTERS.md * fix error in comments in bin/docker-up-vinyldns.sh * change api and portal image tags to 0.8.0 in docker/docker-compose-build.yml 2018-08-07 11:26:43 -04:00			1. Clone the repo: `git clone https://github.com/vinyldns/vinyldns.git`
			1. Navigate to repo: `cd vinyldns`
Update README.md (#855) 2019-10-02 03:04:41 +05:30			1. Run `./bin/docker-up-vinyldns.sh`. This will start up the api at `localhost:9000` and the portal at `localhost:9001`
quickstart update (#528) * quickstart update * tell them to use the js client 2019-03-18 17:44:37 -04:00			`1. See [Developer Guide](DEVELOPER_GUIDE.md#loading-test-data) for how to load a test DNS zone`
			1. To stop the local setup, run `./bin/remove-vinyl-containers.sh`.
vinyldns start docker publish process (#63) * start signed docker push process, manual for now * make quickstart guide in README, make MAINTAINTERS.md * fix error in comments in bin/docker-up-vinyldns.sh * change api and portal image tags to 0.8.0 in docker/docker-compose-build.yml 2018-08-07 11:26:43 -04:00
quickstart update (#528) * quickstart update * tell them to use the js client 2019-03-18 17:44:37 -04:00			There exist several clients at <https://github.com/vinyldns> that can be used to make API requests, using the endpoint `http://localhost:9000`
vinyldns start docker publish process (#63) * start signed docker push process, manual for now * make quickstart guide in README, make MAINTAINTERS.md * fix error in comments in bin/docker-up-vinyldns.sh * change api and portal image tags to 0.8.0 in docker/docker-compose-build.yml 2018-08-07 11:26:43 -04:00
quickstart update (#528) * quickstart update * tell them to use the js client 2019-03-18 17:44:37 -04:00			`## Things to try in the portal`
vinyldns start docker publish process (#63) * start signed docker push process, manual for now * make quickstart guide in README, make MAINTAINTERS.md * fix error in comments in bin/docker-up-vinyldns.sh * change api and portal image tags to 0.8.0 in docker/docker-compose-build.yml 2018-08-07 11:26:43 -04:00			`1. View the portal at <http://localhost:9001> in a web browser`
Support non ActiveDirectory LDAP (#859) Support non ActiveDirectory LDAP This PR has an optional local portal setup against this docker container - https://github.com/rroemhild/docker-test-openldap The base modifications for LDAP was to change the actual authentication flow. Before, we only attempted to bind (setting up a DirContext and relying on an exception). We would test all of the search bases until we exhausted the list. The new approach works differently: 1. First, login using the main service account 2. Second, do a lookup of the user 3. Finally, attempt to bind to that user's context directly using the password provided. This works fine with both AD LDAP as well as the example docker container which uses OpenLDAP Besides these changes, need to make configurable the userNameField, which is the ldap attribute that is used to search for the username sent in the login screen. In AD, this is `sAMAccountName`, but in the example it is `uid`, the logon field is up to the way LDAP is setup - `docker-up-vinyldns.sh` - fixed a quote issue with the startup script to properly send in the version of vinyldns - `docker-compose-build.yml` - added the `ldap` container so the portal can connect as `vinyldns-ldap` - `docker/portal/application.conf` - new config file so that we can connect to the new ldap container - `docker-compose.yml` - added the `ldap` container here as well so we can play with it using `reStart` in sbt instead of `docker-up-vinyldns.sh` - simplifies local testing - `LdapAuthenticator.scala` - this is where the main changes happen 2019-10-08 19:13:15 -04:00			`1. Login with the credentials *professor* and *professor*`
vinyldns start docker publish process (#63) * start signed docker push process, manual for now * make quickstart guide in README, make MAINTAINTERS.md * fix error in comments in bin/docker-up-vinyldns.sh * change api and portal image tags to 0.8.0 in docker/docker-compose-build.yml 2018-08-07 11:26:43 -04:00			1. Navigate to the `groups` tab: <http://localhost:9001/groups>
quickstart update (#528) * quickstart update * tell them to use the js client 2019-03-18 17:44:37 -04:00			`1. Click on the New Group button and create a new group, the group id is the uuid in the url after you view the group`
			1. View zones you connected to in the `zones` tab: <http://localhost:9001/zones> (Note, see [Developer Guide](DEVELOPER_GUIDE.md#loading-test-data) for creating a zone)
			`1. You will see that some records are preloaded in the zoned already, this is because these records are preloaded in the local docker DNS server`
vinyldns start docker publish process (#63) * start signed docker push process, manual for now * make quickstart guide in README, make MAINTAINTERS.md * fix error in comments in bin/docker-up-vinyldns.sh * change api and portal image tags to 0.8.0 in docker/docker-compose-build.yml 2018-08-07 11:26:43 -04:00			`and VinylDNS automatically syncs records with the backend DNS server upon zone connection`
			`1. From here, you can create DNS record sets in the Manage Records tab, and manage zone settings and *ACL rules*`
			`in the Manage Zone tab`
			1. To try creating a DNS record, click on the Create Record Set button under Records, `Record Type = A, Record Name = my-test-a,
			TTL = 300, IP Addressess = 1.1.1.1`
			`1. Click on the Refresh button under Records, you should see your new record created`

quickstart update (#528) * quickstart update * tell them to use the js client 2019-03-18 17:44:37 -04:00			`## Other things to note`
vinyldns start docker publish process (#63) * start signed docker push process, manual for now * make quickstart guide in README, make MAINTAINTERS.md * fix error in comments in bin/docker-up-vinyldns.sh * change api and portal image tags to 0.8.0 in docker/docker-compose-build.yml 2018-08-07 11:26:43 -04:00			`1. Upon connecting to a zone for the first time, a zone sync is ran to provide VinylDNS a copy of the records in the zone`
			`1. Changes made via VinylDNS are made against the DNS backend, you do not need to sync the zone further to push those changes out`
			`1. If changes to the zone are made outside of VinylDNS, then the zone will have to be re-synced to give VinylDNS a copy of those records`
quickstart update (#528) * quickstart update * tell them to use the js client 2019-03-18 17:44:37 -04:00			1. If you wish to modify the url used in the creation process from `http://localhost:9000`, to say `http://vinyldns.yourdomain.com:9000`, you can modify the `bin/.env` file before execution.
			1. A similar `docker/.env` can be modified to change the default ports for the Portal and API. You must also modify their config files with the new port: https://www.vinyldns.io/operator/config-portal & https://www.vinyldns.io/operator/config-api
Initial code release 2018-07-27 10:18:29 -04:00
			`## Code of Conduct`
			`This project and everyone participating in it are governed by the [VinylDNS Code Of Conduct](CODE_OF_CONDUCT.md). By`
			`participating, you agree to this Code. Please report any violations to the code of conduct to vinyldns-core@googlegroups.com.`

			`## Developer Guide`
			`See [DEVELOPER_GUIDE.md](DEVELOPER_GUIDE.md) for instructions on setting up VinylDNS locally.`

			`## Contributing`
			`See the [Contributing Guide](CONTRIBUTING.md).`

Initial revision for developer guide documentation. (#118) 2018-08-23 10:02:52 -04:00			`## Roadmap`
			`See [ROADMAP.md](ROADMAP.md) for the future plans for VinylDNS.`

Initial code release 2018-07-27 10:18:29 -04:00			`## Contact`
update gitter (#120) 2018-08-17 15:45:15 -04:00			`- [Gitter](https://gitter.im/vinyldns)`
Initial code release 2018-07-27 10:18:29 -04:00			`- [Mailing List](https://groups.google.com/forum/#!forum/vinyldns)`
			`- If you have any security concerns please contact the maintainers directly vinyldns-core@googlegroups.com`

			`## Maintainers and Contributors`
			`The current maintainers (people who can merge pull requests) are:`
			`- Paul Cleary`
Shameless maintainer insert 2018-08-01 15:38:48 -04:00			`- Nima Eskandary`
Initial code release 2018-07-27 10:18:29 -04:00			`- Michael Ly`
			`- Rebecca Star`
			`- Britney Wright`

			`See [AUTHORS.md](AUTHORS.md) for the full list of contributors to VinylDNS.`

vinyldns start docker publish process (#63) * start signed docker push process, manual for now * make quickstart guide in README, make MAINTAINTERS.md * fix error in comments in bin/docker-up-vinyldns.sh * change api and portal image tags to 0.8.0 in docker/docker-compose-build.yml 2018-08-07 11:26:43 -04:00			`See [MAINTAINERS.md](MAINTAINERS.md) for documentation specific to maintainers`

Initial code release 2018-07-27 10:18:29 -04:00			`## Credits`
			`VinylDNS would not be possible without the help of many other pieces of open source software. Thank you open source world!`

			`Initial development of DynamoDBHelper done by [Roland Kuhn](https://github.com/rkuhn) from https://github.com/akka/akka-persistence-dynamodb/blob/8d7495821faef754d97759f0d3d35ed18fc17cc7/src/main/scala/akka/persistence/dynamodb/journal/DynamoDBHelper.scala`

			`Given the Apache 2.0 license of VinylDNS, we specifically want to call out the following libraries and their corresponding licenses shown below.`
			`- [logback-classic](https://github.com/qos-ch/logback) - [Eclipse Public License 1.0](https://www.eclipse.org/legal/epl-v10.html)`
			`- [logback-core](https://github.com/qos-ch/logback) - [Eclipse Public License 1.0](https://www.eclipse.org/legal/epl-v10.html)`
			`- [h2 database](http://h2database.com) - [Mozilla Public License, version 2.0](https://www.mozilla.org/MPL/2.0/)`
			`- [pureconfig](https://github.com/pureconfig/pureconfig) - [Mozilla Public License, version 2.0](https://www.mozilla.org/MPL/2.0/)`
			`- [pureconfig-macros](https://github.com/pureconfig/pureconfig) - [Mozilla Public License, version 2.0](https://www.mozilla.org/MPL/2.0/)`
			`- [junit](https://junit.org/junit4/) - [Eclipse Public License 1.0](https://www.eclipse.org/legal/epl-v10.html)`