If you do DNS for too long everything looks like 53.

In this “trace” I’m showing the logging of fksd when I add a zone, try to list it as a non-existent user miekg (which fails), add the user miekg and list it again. User are identified by the key in the TSIG record, their password is the shared secret.

The “config files” from nsupdate can be found in the github repo of fksd. The nsupdate commands are preceded with a %, extra comments are preceded with #:

./fksd -log
# add a zone as the superuser (defaults to root)
% nsupdate -vd addzone
2012/08/07 21:48:31 fksd: config command
2012/08/07 21:48:31 fksd: config command ok
2012/08/07 21:48:31 fksd: config: READ miek.nl.  /home/miekg/g/src/dns/ex/fksd/z/miek.nl.db
2012/08/07 21:48:31 fksd: config: added: READ miek.nl.  /home/miekg/g/src/dns/ex/fksd/z/miek.nl.db

# list the zones in the server as the user miekg (this fails)
% nsupdate -vd listzone-miekg
2012/08/07 21:48:35 fksd: config command
2012/08/07 21:48:35 fksd: non config command (tsig fail): dns: bad signature

# add the user miekg (only the superuser may do this)
% nsupdate -vd adduser-miekg
2012/08/07 21:48:39 fksd: config command
2012/08/07 21:48:39 fksd: config command ok
2012/08/07 21:48:39 fksd: config: ADD miekg. with bWlla2c=

# list the current users 
% nsupdate -vd listuser
2012/08/07 21:48:43 fksd: config command
2012/08/07 21:48:43 fksd: config command ok
2012/08/07 21:48:43 fksd: config: USER root.: c3R1cGlk
2012/08/07 21:48:43 fksd: config: USER miekg.: bWlla2c=

# Again, list the zones as the user miekg, now it works
% nsupdate -vd listzone-miekg
2012/08/07 21:48:51 fksd: config command
2012/08/07 21:48:51 fksd: config command ok
2012/08/07 21:48:51 fksd: config: LIST

That last command now works, before we got a “dns: bad signature” error.

The user management will be kept simple. The superuser can do everything, other users can use: write, list or drop, but this is currently a (minor) to do.