Installing NicTool on CentOS 6

Share Button

Here are some tips for anyone trying to install NicTool (http://www.nictool.com/) on RedHat Enterprise / CentOS 6 and not getting a working result.  NicTool is a web and CLI-based DNS record manager for those not familiar with it.  It’s really nice because it supports both web and CLI-based tools for managing the data, whether on the same server as the ‘server’ portion, or a remote server, and there is also an API you can use for interfacing with the data using your own software tools.  It also supports exporting the data in multiple formats for a few different authoritative name servers, or again, you can use the API to pull that data yourself if you need to push it to something else like a DNS service.

My first experience with NicTool was attempting to get version 2.21 running on a newly installed copy of CentOS 6 x86_64 and it had its hiccups. Some pre-reqs I’d recommend installing first from yum include:

  • httpd
  • httpd-devel
  • mod_perl
  • mod_ssl
  • mysql-server
  • mysql
  • mysql-libs

Here are my steps to install it and the issues I ran into:

  1. Download the software from the author’s website; NicTool-2.21.tar.gz is the file at the time of this writing.  It has both the client and server which you’ll have to extract separately.
  2. Switch to the server/NicToolServer-2.21/ directory.
  3. Normally you’d start the build and install process at this point but I’m going to give you a small detour to fix a problem I ran into after the fact.  Not yet fixed as of v2.21, there’s a bug that will prevent you from defining CNAME records that begin with a leading underscore, which is becoming more and more common as of late.  Here is the patch (in ‘patch’ format; see http://en.wikipedia.org/wiki/Patch_%28Unix%29 or http://www.gnu.org/software/patch/patch.html if not familiar) which I found at https://www.tnpi.net/support/forums/index.php/topic,1046.0.html:
    diff --git a/server/lib/NicToolServer/Zone.pm b/server/lib/NicToolServer/Zone.pm
    index 63ed72c..a3c7e28 100644
    --- a/server/lib/NicToolServer/Zone.pm
    +++ b/server/lib/NicToolServer/Zone.pm
    @@ -1154,6 +1154,9 @@ sub valid_hostname {
             if ( $field eq 'name' && $type eq 'SRV' && $first_char eq '_' ) {
                 # except for SRV
             }
    +        elsif ( $type eq 'CNAME' && $first_char eq '_' ) {
    +            # CNAME can delegate DMARC records, and perhaps others
    +        }
             elsif ( $first_char =~ /[^a-zA-Z0-9]/ ) {
                 $self->error( $field, "$warn_prefix must begin with a letter or digit: RFC 1912");
                 $has_error++;
    diff --git a/server/lib/NicToolServer/Zone/Record/Sanity.pm b/server/lib/NicToolServer/Zone/Record/Sanity.pm
    index 3530121..9797085 100644
    --- a/server/lib/NicToolServer/Zone/Record/Sanity.pm
    +++ b/server/lib/NicToolServer/Zone/Record/Sanity.pm
    @@ -545,16 +545,17 @@ sub get_invalid_chars {
         return '[^a-fA-F0-9:]' if $type eq 'AAAA' && $field eq 'address';
         return '[^0-9\.]'      if $type eq 'A'    && $field eq 'address';
     
    -    if ( $field eq 'name' ) {
    -        # allow _ char for SRV, NS (delegated SRV), SPF, & TXT (DKIM, DMARC)
    -        # DKIM: delegated _domainkey in RFC 5016, 5.3
    -        return '[^a-zA-Z0-9\-\._]' if $type =~ /^(?:SRV|TXT|SPF|NS)$/;
    -
    -        # DNS & BIND, 4.5: Names that are not host names can consist of any
    -        # printable ASCII character. I feel like this is providing enough rope
    -        # for users to hang themselves. The code is here, but disabled.
    -        #return '[^ -~]' if $type !~ /^(?:A|AAAA|MX|LOC|SPF|SSHFP)$/;
    -    };
    +    # allow _ char for SRV, NS (delegated SRV), SPF, & TXT (DKIM, DMARC)
    +    # DKIM: delegated _domainkey in RFC 5016, 5.3
    +    # CNAME: delegated _dmarc (and perhaps other uses)
    +    return '[^a-zA-Z0-9\-\._]' if $type =~ /^(?:SRV|TXT|SPF|NS|CNAME)$/;
    +
    +    # DNS & BIND, 4.5: Names that are not host names can consist of any
    +    # printable ASCII character. I feel like this is providing enough rope
    +    # for users to hang themselves. The code is here, but disabled.
    +#   if ( $field eq 'name' ) {
    +#       return '[^ -~]' if $type !~ /^(?:A|AAAA|MX|LOC|SPF|SSHFP)$/;
    +#   };
     
         # allow / in reverse zones, for both name & address: RFC 2317
         return '[^a-zA-Z0-9\-\.\/]' if $zone_text =~ /(in-addr|ip6)\.arpa[\.]{0,1}$/i;
    

    If you’re not comfortable with ‘patch’, don’t worry, here’s what you do to patch things manually:

    1. From the extracted files, edit lib/NicToolServer/Zone.pm.  At line 1157 of the file, add the following three lines:
              elsif ( $type eq 'CNAME' && $first_char eq '_' ) {
                  # CNAME can delegate DMARC records, and perhaps others
              }
      
    2. Edit the file lib/NicToolServer/Zone/Record/Sanity.pm.  Lines 548 to 557 will contain the following code:
          if ( $field eq 'name' ) {
              # allow _ char for SRV, NS (delegated SRV), SPF, & TXT (DKIM, DMARC)
              # DKIM: delegated _domainkey in RFC 5016, 5.3
              return '[^a-zA-Z0-9\-\._]' if $type =~ /^(?:SRV|TXT|SPF|NS)$/;
      
              # DNS & BIND, 4.5: Names that are not host names can consist of any
              # printable ASCII character. I feel like this is providing enough rope
              # for users to hang themselves. The code is here, but disabled.
              #return '[^ -~]' if $type !~ /^(?:A|AAAA|MX|LOC|SPF|SSHFP)$/;
          };
      

      Replace those lines with the following:

          # allow _ char for SRV, NS (delegated SRV), SPF, & TXT (DKIM, DMARC)
          # DKIM: delegated _domainkey in RFC 5016, 5.3
          # CNAME: delegated _dmarc (and perhaps other uses)
          return '[^a-zA-Z0-9\-\._]' if $type =~ /^(?:SRV|TXT|SPF|NS|CNAME)$/;
      
          # DNS & BIND, 4.5: Names that are not host names can consist of any
          # printable ASCII character. I feel like this is providing enough rope
          # for users to hang themselves. The code is here, but disabled.
      #   if ( $field eq 'name' ) {
      #       return '[^ -~]' if $type !~ /^(?:A|AAAA|MX|LOC|SPF|SSHFP)$/;
      #   };
      
  4. Okay, with the patches out of the way, we’re back on track to get this thing installed.  Normally, you’d execute “bin/nt_install_deps.pl” which will find and install any dependencies you may need.  I’m not big on having that kind of thing automated; I like to know what all’s being installed, so up to you, the easy way is run bin/nt_install_deps.pl and skip down to step 8 (click), or, continue on and let’s do things manually.  I knew the software requires a lot of perl libraries, so the first thing I did was attempt to build the makefile by running the standard “perl Makefile.PL”.  In my case, it spit out the following:
    # perl Makefile.PL
    Checking if your kit is complete...
    Looks good
    Warning: prerequisite APR::Table 0 not found.
    Warning: prerequisite Apache::DBI 0 not found.
    Warning: prerequisite BIND::Conf_Parser 0 not found.
    Warning: prerequisite CGI 3 not found.
    Warning: prerequisite DBIx::Simple 0 not found.
    Warning: prerequisite MIME::Base32 0 not found.
    Warning: prerequisite Net::DNS::Zone::Parser 0 not found.
    Warning: prerequisite NicTool 0 not found.
    Warning: prerequisite Params::Validate 0.8 not found.
    Warning: prerequisite RPC::XML 0 not found.
    Warning: prerequisite RPC::XML::Parser 0 not found.
    Warning: prerequisite SOAP::Lite 0.51 not found.
    Warning: prerequisite Test::More 0 not found.
    Warning: prerequisite TestConfig 0 not found.
    Warning: prerequisite Time::TAI64 2 not found.
    Warning: prerequisite XML::Parser 0 not found.
    Warning: prerequisite mod_perl 0 not found.
    Warning: prerequisite parent 0.2 not found.
    Checking if your kit is complete...
    Looks good
    Warning: prerequisite RPC::XML 1 not found.
    Warning: prerequisite RPC::XML::Parser 0 not found.
    Warning: prerequisite SOAP::Lite 0.51 not found.
    Warning: prerequisite Test::More 0 not found.
    Warning: prerequisite TestConfig 0 not found.
    Writing Makefile for NicTool
    Writing Makefile for NicToolServer
    
  5. Not a huge deal, I’m okay with installing perl libraries.  If you’re not, see my tutorial on that at http://www.ispcolohost.com/2013/07/15/installing-cpan-modules-for-perl/  Before I start doing it manually though, I did want to check to see if I could get any out of the normal CentOS yum repositories so I checked.  Oh, also, I was already starting out with all of the following installed on the server:
    perl-Archive-Tar
    perl-BSD-Resource
    perl-Compress-Raw-Zlib
    perl-Compress-Zlib
    perl-CPAN
    perl-Crypt-OpenSSL-Bignum
    perl-Crypt-OpenSSL-Random
    perl-Crypt-OpenSSL-RSA
    perl-DBD-MySQL
    perl-DBI
    perl-devel
    perl-Digest-HMAC
    perl-Digest-SHA1
    perl-Digest-SHA
    perl-Encode-Detect
    perl-ExtUtils-MakeMaker
    perl-ExtUtils-ParseXS
    perl-HTML-Parser
    perl-HTML-Tagset
    perl-IO-Compress-Base
    perl-IO-Compress-Zlib
    perl-IO-Socket-INET6
    perl-IO-Socket-SSL
    perl-IO-Zlib
    perl-libs
    perl-libwww-perl
    perl-Mail-DKIM
    perl-MailTools
    perl-Module-Pluggable
    perl-NetAddr-IP
    perl-Net-DNS
    perl-Net-IP
    perl-Net-LibIDN
    perl-Net-SSLeay
    perl-Package-Constants
    perl-Pod-Escapes
    perl-Pod-Simple
    perl-Socket6
    perl-String-CRC32
    perl-Test-Harness
    perl-Text-Iconv
    perl-TimeDate
    perl-Time-HiRes
    perl-URI
    

    You can install any of those using “yum install NAME” where you just put the name in. The remaining requirements that can be satisfied with yum were:

    perl-CGI
    perl-DBIx-Simple
    perl-Params-Validate
    perl-SOAP-Lite
    perl-XML-Parser
    
  6. Okay, so time to go to work on installing the rest from CPAN.  Just work your way through the requirements one by one; i.e., the make process says “Warning: prerequisite APR::Table 0 not found.”, so you try to install APR::Table via CPAN using the steps in the link I gave you earlier if not familiar.  Install all of the prereq’s as well.  Oh yeah, at least one of the pre-reqs is going to require you have gcc installed, so you may need to install that as well if your server doesn’t have it by default; it’s in yum of course.
    1. This module gave me issues not passing its testing, so it wouldn’t install: Net::DNS::Zone::Parser
    2. When this occurs, you’ll want to drop out of the CPAN shell and probably do something along these lines: cd ~/.cpan/build/Net-DNS-Zone-Parser-0.02-*  which should put you in the build directory that cpan was trying from.  That will of course error out if you tried more than once and there is more than one copy extracted, so just pick one to cd into.
    3. In the failed module’s directory: 
      perl Makefile.PL
    4. make install
    5. Go back to the CPAN shell and keep on going.
    6. This module also gave me issues: TestConfig
    7. The problem is it requires Net::FTP::Common which in turn requires Net::FTP, and for whatever reason, installing Net::FTP via CPAN seems to require communicating with the Oregon State University Open Source Lab at ftp.osuosl.org where it gets stuck in an endless loop trying and failing to retrieve something.  I gave up and downloaded/installed it manually:
      wget http://search.cpan.org/CPAN/authors/id/T/TB/TBONE/Net-FTP-Common-7.0.d.tar.gz
      tar zxvf Net-FTP-Common-7.0.d.tar.gz
      cd Net-FTP-Common-7.0.d
      perl Makefile.PL
      make install
      
  7. For whatever reason, even if you install the yum mod_perl, the makefile still complains that it’s not installed.  This is safe to ignore.
  8. Okay, install time!
  9. perl Makefile.PL
    make install clean
    
  10. You’ll find your life will be much easier if you use the default location for this software, which is /usr/local/nictool/. The reason is that all the docs have the expectation that it will be there, as do some of the config files and their settings. Forum posts if you go there for support will also commonly reference that. With that being said, the directory you’ve been working from, probably named NicToolServer-2.21, will end up being named server and located under /usr/local/nictool/, so make that happen; i.e.:
    cd ..
    mkdir /usr/local/nictool/
    mv NicToolServer-2.21 /usr/local/nictool/server/
    
  11. At this point I think it makes more sense to configure MySQL and the databases rather than apache (which is what the default install doc tells you to do), so, next up, cd to /usr/local/nictool/server/sql/ and edit the file create_tables.pl.  By default it creates your nictool database with a name and username you provide, but a default password which you may or may not like, and it assumes your MySQL root user has no password, so all of that may need correction before you run “perl create_tables.pl”.  Once you have it the way you want, run that command.
  12. Edit the /usr/local/nictool/server/lib/nictoolserver.conf file and make it match the info you just set up for the database.
  13. Now, lets set up Apache.  The author suggests this:
    <IfDefine !MODPERL2> 
       PerlFreshRestart On
    </IfDefine>
    PerlTaintCheck Off
        
    Listen 8082
    
    PerlRequire /usr/local/nictool/server/lib/nictoolserver.conf
    
    <VirtualHost 127.0.0.1:8082>
        KeepAlive Off
        <Location />
            SetHandler perl-script
            PerlResponseHandler NicToolServer
        </Location>
        <Location /soap>
            SetHandler perl-script
            PerlResponseHandler Apache::SOAP
            #PerlResponseHandler Apache2::SOAP
            PerlSetVar dispatch_to "/usr/local/nictool/server, NicToolServer::SOAP"
        </Location>
    </VirtualHost>
    
  14. Personally I changed the Listen directive to be Listen 127.0.0.1:8082 so it’s only listening on the non-standard port locally.
  15. Try to start apache; didn’t work for me, I got:
    Starting httpd: Syntax error on line 2 of /etc/httpd/conf.d/nictool.conf:
    Invalid command 'PerlFreshRestart', perhaps misspelled or defined by a module not included in the server configuration
  16. Get rid of this and it should allow Apache to start:
    <IfDefine !MODPERL2> 
       PerlFreshRestart On
    </IfDefine>
    
  17. Wow, okay, let’s install the client now.  cd ~/client/NicToolClient-2.21/
  18. Oops, missing JSON, yum install perl-JSON -y
  19. perl Makefile.PL ; make install clean
  20. cd ../ ; mv NicToolClient-2.21 /usr/local/nictool/client
  21. Edit /usr/local/nictool/client/lib/nictoolclient.conf and update any defaults for zones that you need; otherwise it should be fine.  If your NicTool server is not local, then you’ll have to adjust for that as well in the host field.
  22. Configure Apache; author suggests (edited to run on port 80, you can set it up for 443 on your own): 
  23. Restart apache.
  24. In theory, you should now have a working copy of NicTool.  Well, hit your web page and see.  In my case, I got the login screen along with:  “SOAP: transport error: http://localhost:8082/soap: 500 Internal Server Error”
  25. Checking /var/log/httpd/error_log says I have this problem: 
    [Mon Mar 31 15:13:29 2014] [error] [client 127.0.0.1] Illegal field name 'APR::Table=HASH(0x7ff01ea53e28)' at /usr/share/perl5/vendor_perl/SOAP/Transport/HTTP.pm line 796\n
  26. If you see that, it means a bug in the HTTP::Message perl module has not been fixed yet.  The last version known to work is 6.04, so if you need that, grab it: 
    wget http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/HTTP-Message-6.04.tar.gz
  27. tar zxvf HTTP-Message-6.04.tar.gz
    cd HTTP-Message-6.04
    perl Makefile.PL
    make install
    service httpd restart
  28. Okay try again.  If things work for you the way they did for me, you should now be able to log in as root and the password you gave during setup.
  • If you see this in your logs:

    DBI connect(‘database=nictool;host=localhost;port=3306′,’nictool’,…) failed: Access denied for user ‘nictool’@’localhost’ (using password: YES) at /usr/local/share/perl5/Apache/DBI.pm line 236

    Check your /usr/local/nictool/server/lib/nictoolserver.conf for database credentials.

  • If you see this in your logs:

    [Sun Mar 30 20:12:40 2014] [error] [client 127.0.0.1] Illegal field name ‘APR::Table=HASH(0x7fcc06bf0e58)’ at /usr/local/share/perl5/SOAP/Transport/HTTP2.pm line 103\n

    Then you didn’t downgrade the HTTP::Message module like I told you to.

  • If you have what appears to be a functioning copy of NicTool but it is running very slow sporadically, and you see this in your logs:

    Client error: 301: nt_user_id: Required parameters missing ModPerl::ROOT::ModPerl::Registry::usr_local_nictool_client_htdocs_user_2ecgi:/usr/local/nictool/client/htdocs/user.cgi:55 at /usr/local/nictool/client/lib/NicToolClient.pm line 1316.
    Client error: 301: nt_user_id: Required parameters missing ModPerl::ROOT::ModPerl::Registry::usr_local_nictool_client_htdocs_user_2ecgi:/usr/local/nictool/client/htdocs/user.cgi:276 at /usr/local/nictool/client/lib/NicToolClient.pm line 1316.

    You probably are running the Apache2::SOAP module in your Apache config instead of Apache::SOAP. I had tried that one first and had the issue, reverted, issue went away.

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *