Revision [3182]
This is an old revision of API BindACL made by JeffTaylor on 2014-05-22 11:29:22.
BIND9 Access Control Lists
Administrators running open Tier1 and Tier2 servers may wish to make use of the automatically-generated ACL file. This file is a BIND-formatted ACL which has listings for Tier1 addresses, Tier2 addresses, and whitelisted user IP addresses. Each list may be combined as desired to control access to your server.
If you are a Tier1 or Tier2 administrator and need access to this feature, please contact Shdwdrgn on the mailing list or IRC. Once you have access, you may log in to the members page and you will be shown a wget command with your username and a hash key for authentication:
wget --no-check-certificate -qO- "https://api.opennicproject.org/acl/bind/?user=myUser&auth=myHash" curl --insecure "https://api.opennicproject.org/acl/bind/?user=myUser&auth=myHash"
There is also an SHA256 hash provided to validate the information you receive. The hash may be accessed in the same manner as the ACL file:
wget --no-check-certificate -qO- "https://api.opennicproject.org/acl/hash/?user=myUser&auth=myHash" curl --insecure "https://api.opennicproject.org/acl/hash/?user=myUser&auth=myHash"
The hash can be calculated in linux as follows:
sha256sum <acl-file.name>
Complete automation may be achieved by calling the following script as a cron job. It only updates when a new file is available, so you should check it at least every 1-5 minutes.
#!/bin/sh USER="myUserName" AUTH="myAuthCode" FILE="/etc/bin/OpenNIC.acl" curl -sRk "https://api.opennicproject.org/acl/bind/?user=$USER&auth=$AUTH" -z $FILE -o $FILE -w %{http_code} | if [ "${*:-`cat`}" == "200" ]; then echo "rndc reload" ; fi
Note that the API page currently uses a self-signed certificate, thus the need for the flags in the wget and curl commands. These will be removed from documentation once an official certificate has been applied to api.opennicproject.org.