Web based user interface for Sauron is implemented as a single CGI script (sauron.cgi). To use this script WWW server software that supports CGI programs is needed. Currently this interface is developed and tested using Apache, but it should work with any WWW server software, as long as it has support for CGIs.
It is recommended to setup your WWW server to use HTTPS and only allow access to the sauron.cgi CGI script using encrypted HTTPS connection. If your WWW server supports both unencrypted (HTTP) and encrypted (HTTPS) connections, it is recommended to setup a separate "cgi-bin" directory for HTTPS connections and place sauron.cgi (or symbolic link to it) only in that directory.
Although sauron.cgi has it's own access control mechanism, it is recommended to further improve security by restricting access to the web interface for only the hosts that need access to the Sauron using the WWW server configuration and/or a firewall.
Sauron's web interface doesn't use JavaScript, only standard HTML is used. Goal is to keep the web interface lightweight and usable by all browsers (graphical as well as text-based).
For session tracking sauron.cgi uses cookies. Each generated cookie contains only a MD5 hash of user's session identifier and has maximum life of a week. Normally the cookie is deleted when user logs out. Cookies are only sent back to the issuing server. Sauron supports the use of "secure cookies" via configuration file setting SAURON_SECURE_COOKIES (this is not enabled by default since some buggy browsers don't handle secure cookies correctly).
Servers menu provides commands for creating and modifying servers for administrator. For normal user it only provides server selection command for selecting the active server.
Show Current command displays the currently selected server information. It is default command when entering Servers menu.
Select command displays list of available servers for selecting active server. For normal user's this list will include only the servers user has at least read access to.
Add command is used to create a new server. This option is available only for administrator. See Table 5-1 for descriptions of the fields used in the command dialog.
Table 5-1. New Server Dialog
| Field | Description | Example |
|---|---|---|
| Name | Short name of the server (this handle can contain only letters, numbers, and hyphens) | ns1 |
| Hostname | Domainname of the server (FQDN) | ns1.middle.earth. |
| IP address | IP address of the server | 192.168.1.1 |
| Hostmaster | Default hostmaster email address for all zones in the server (replace "@" in the email address with ".") | hostmaster.middle.earth. |
| Configuration directory | Base directory for BIND configuration files | /var/named |
| Slave for | Option that allows to select a master server for this server (making it a slave). Slave server will automatically inherit all the master zones of it's master as slave zones. Slave server can also optionally inherit DNS server access controls from the master server. | None |
| Comment | Long description of the server (optional) | primary name server |
Delete command allows removal of a server. This command should be used with caution, since it will remove the entire server from the database. This command is available only for administrator.
Edit command is used to edit existing server. This option is available only for administrator. See Table 5-2 for descriptions of the fields used in the command dialog.
Table 5-2. Edit Server Dialog
| Field | Description | Example |
|---|---|---|
| Server Name | Short name of the server (this handle can contain only letters, numbers, and hyphens) | ns1 |
| Hostname | Domainname of the server (FQDN) | ns1.middle.earth. |
| IP address | IP address of the server | 192.168.1.1 |
| Output mode | Option for selecting wheter to generate full named.conf or named.zones file that contains only zones (to be included in your static named.conf). | "Generate full named.conf" |
| Comments | Optional field reserved for comments | |
| Hostmaster | Default hostmaster email address for all zones in the server (replace "@" in the email address with ".") | hostmaster.middle.earth. |
| Refresh | Zone SOA record default "refresh" value | 43200 |
| Retry | Zone SOA record default "retry" value | 3600 |
| Expire | Zone SOA record default "expire" value | 2419200 |
| Minimum (negative caching TTL) | Zone SOA record default "minimum" value | 86400 |
| Default TTL | Default TTL for records in zones for this server | 86400 |
| Default zone TXT | TXT records that get automatically included for each zone in this server | |
| Configuration directory | Base directory for BIND configuration files | /var/named |
| Primary zone-file path | Pathname relative to configuration directory for storing master zone files | |
| Slave zone-file path | Pathname relative to configuration directory for storing slave zone files | NS2/ |
| Root-server file | filename for root server (zone) file. | named.ca |
| pid-file path | pathname for pid-file (BIND option) | |
| dump-file path | pathname for dump-file (BIND option) | |
| statistics-file path | pathname for statistics-file (BIND option) | |
| memstatistics-file path | pathname for memstatistics-file (BIND option) | |
| named-xfer path | pathname for named-xfer (BIND option) | |
| Forward (mode) | BIND forward setting; default, only, first | default |
| Forwarders | BIND forwarders setting (list of server IPs to forward queries to) | |
| Transfer source IP | Source IP address for zone transfers (for multi-homed hosts) | |
| Query source IP | Source IP address for DNS queries sent by server (for multi-homed hosts) | |
| Query source port | Source port for DNS queries sent by server | |
| Listen on port | Port that the server listens for DNS queries (allows setting non-standard port) | |
| Listen-on | BIND listen-on setting; list of IPs (interfaces) server should listen for queries | |
| Allow-transfer | BIND allow-transfer setting; list of CIDRs from where to allow zone transfers. | |
| Allow-query | BIND allow-query setting; list of CIDRs from where to allow DNS queries. | |
| Allow-recursion | BIND allow-recursion setting; list of CIDRs from where to allow recusive DNS queries (causes recursion to be disabled from anywhere else). | |
| Blackhole | BIND blackhole setting; list of CIDRs from where any requests are to be ignored by the server. | |
| Do not generate HINFO records | Controls whether to omit HINFO records from the generated zone files or not. | No |
| Do not generate WKS records | Controls whether to omit WKS records from the generated zone files or not. | No |
| Notify | BIND notify setting; default, yes, no | Default |
| Auth-nxdomain | BIND auth-nxdomain setting; default, yes, no | Default |
| Recursion | BIND recursion setting; default, yes, no | Default |
| Dialup mode | BIND dialup setting; default, yes, no | Default |
| Allow multiple CNAMEs | BIND multiple_cnames setting; default, yes, no | Default |
| RFC2308 Type 1 mode | BIND rfc2308_type1 setting; default, yes, no | Default |
| Check-names (Masters) | BIND check-names master setting; default, fail, ignore, fail | Default |
| Check-names (Slaves) | BIND check-names slave setting; default, fail, ignore, fail | Default |
| Check-names (Responses) | BIND check-names response setting; default, fail, ignore, fail | Default |
| Version string | If this is set then this string is that BIND will report as it's version (instead of the real version) | |
| Logging options | List of BIND logging options (these are placed inside "logging" section in named.conf) | |
| auto-domainnames | Controls wheter to automatically generate correct "domain-name" option for each host in dhcpd.conf. | No |
| Global DHCP Settings | List of global DHCP settings. These lines are include in the global scope of dhcpd.conf. Any valid global DHCP option can be used here (lines should not end with ";"). | |
| Enable failover protocol | Controls wheter DHCP failover protocol is enabled. | No |
| Port number | Port to be used by DHCP failover protocol | 519 |
| Max Response Delay | Max Response Delay for DHCP failover protocol | 60 |
| Max Unacked Updates | Max Unacked Updates for DHCP failover protocol | 10 |
| MCLT | Maximum Client Lead Time (MCLT) for DHCP failover protocol | 3600 |
| Split | Split for DHCP failover protocol | 128 |
| Load balance max | Load balance max (seconds) for DHCP failover protocol | 3 |