Netbox-plugin-dns

fixes 49

DNSSEC

This is the second beta release with the new DNSSEC support for NetBox DNS.

> [!WARNING]
> **This is a beta release. Please do not use it in production and make sure you have a backup before you install it.**
>
> There is no guarantee that there will be a backup path to upcoming beta releases, or to a later production release of this feature. Changes that may be required before this feature is released into production may require schema changes, so there may not be a way to migrate to a later schema version.
>
> **And have a backup, really. Even if you don't use beta versions, but then especially!**

Changes
* Some UI improvements, based on suggestions by jpmens (thanks!)
* Enhanced and improved filtersets for `DNSSECPolicy` and `DNSSECKeyTemplate`
* Enhanced API to show `Zone` and `ZoneTemplate` references for `DNSSECPolicy`
* Tenancy fields are now visible in the `DNSSECPolicy` edit form (again, thanks to jpmens)
* Ongoing improvement of the French translation (thanks to jean1)

DNSSEC

This is the first beta release with the new DNSSEC support for NetBox DNS.

> [!WARNING]
> **This is a beta release. Please do not use it in production and make sure you have a backup before you install it.**
>
> There is no guarantee that there will be a backup path to upcoming beta releases, or to a later production release of this feature. Changes that may be required before this feature is released into production may require schema changes, so there may not be a way to migrate to a later schema version.
>
> **And have a backup, really. Even if you don't use beta versions, but then especially!**


Summary

NetBox DNS supports the management of DNSSEC in as much as DNSSEC Key Templates and DNSSEC Policies can be stored in NetBox DNS and assigned to zones. It does not, however, support zone signing nor storing cryptographic material in the NetBox database. There are two main reasons for this concept:

1. Storing cryptographic material in a data source for automation is generally problematic. While there is the NetBox Secrets plugin, it is better practice to store confidential data in vault systems specifically created for this purpose. (In some cases the keys are stored in HSMs as an added method of protection.)
2. In typical modern scenarios, signing servers maintain keys and sign records, so such configurations do not even require having NetBox DNS provide keys or create the signatures from within NetBox DNS.

Additionally, there is no direct integration between NetBox and any given name server implementation, so an interface for providing signed zones to a name server is generally out of scope for NetBox DNS, just as it is the case for serving plain DNS. This should be implemented using specific solutions adapted to the use case and the name server implementation used.

As noted earlier there are two data models for DNSSEC in NetBox DNS: DNSSEC Key Templates and DNSSEC Policies. The former are used for storing parameters for DNSSEC Keys such as the type, algorithm and lifetime, and the latter to define policies that determine how often signatures are regenerated, DS records are propagated etc.

While the implementation is oriented largely towards options BIND 9 provides, this is mainly because that software has a huge set of configuration options and other products are usually not very different, in most cases more limited than BIND 9. Given the large installed base of BIND 9, this is considered a good basis. (There is, however, no reason why NetBox DNS cannot be used to maintain data for, say, Knot-DNS or PowerDNS.)

**Please provide feedback on this implementation, submit bug reports and suggest features, especially if you're _not_ using BIND!**

What's Changed
* Added a TimePeriod field for ISO 8601 duration entry by peteeckel in https://github.com/peteeckel/netbox-plugin-dns/pull/559
* Update dnssync_perm.py custom validator example by jean1 in https://github.com/peteeckel/netbox-plugin-dns/pull/560
* French translation by jean1 in https://github.com/peteeckel/netbox-plugin-dns/pull/561
* minor spelling mistake.gif by chaeynz in https://github.com/peteeckel/netbox-plugin-dns/pull/562

New Contributors
* chaeynz made their first contribution in https://github.com/peteeckel/netbox-plugin-dns/pull/562

**Full Changelog**: https://github.com/peteeckel/netbox-plugin-dns/compare/1.2.5...1.2.6

New Features

French translation
* I'm really happy to announce the first contributed translation for NetBox DNS. jean1 was generous enough to do translate everything to French - thanks a lot, Jean! The next beers at FOSDEM are on me!
* A small usability improvement: From this version on it's possible to enter time periods, e.g. for TTLs, in the ISO 8601 time period format. Instead of typing "864000" you can now just enter "P10D", which is a bit more convenient and less error-prone. Please note that the full syntax of ISO 8601 is not supported - "W", "M" and "Y" don't work. Thats due to the fact that the Django library that's available out of the box doesn't support it and I didn't want to introduce an additional external dependency just for this.

What's Changed
* Fixed name of exporter script file by jpmens in https://github.com/peteeckel/netbox-plugin-dns/pull/544
* Normalise name server, zone and record names to lowercase by peteeckel in https://github.com/peteeckel/netbox-plugin-dns/pull/548
* Revisited name uniqueness approach by peteeckel in https://github.com/peteeckel/netbox-plugin-dns/pull/549
* Provided sensible error messages by peteeckel in https://github.com/peteeckel/netbox-plugin-dns/pull/550
* Enabled "Quick Add" in the Zone and ZoneTemplate forms by peteeckel in https://github.com/peteeckel/netbox-plugin-dns/pull/552
* Removed version specific code for NetBox < 4.1 from tests by peteeckel in https://github.com/peteeckel/netbox-plugin-dns/pull/553
* Adjustments for the latest Black release by peteeckel in https://github.com/peteeckel/netbox-plugin-dns/pull/554
* Added new error messages to the migrations for case insensitive uniqueness of Nameserver and Zone by peteeckel in https://github.com/peteeckel/netbox-plugin-dns/pull/555
* Made `record_name` bulk editable for record templates by peteeckel in https://github.com/peteeckel/netbox-plugin-dns/pull/556
* Added a link to kollross' GitHub repo to the examples doc by peteeckel in https://github.com/peteeckel/netbox-plugin-dns/pull/558

**Full Changelog**: https://github.com/peteeckel/netbox-plugin-dns/compare/1.2.4...1.2.5

Breaking Change
This version enforces uniqueness of zone, name server and record names regardless of casing. This means that now you can't have, for example, NS1.example.com and ns1.example.com in the database at the same time.

If you already have a situation where you have duplicate names except for the casing, the migration to NetBox DNS 1.2.5 **will fail**. Unfortunately, by then it will be too late to fix it. If that happens to you, please disable the `netbox_dns` plugin in the NetBox configuration file and open an issue so we can work out a solution. Sorry for the inconvenience.

What's Changed
* Typos and a bit of rewording by jpmens in https://github.com/peteeckel/netbox-plugin-dns/pull/536
* Allow SOA MNAME and SOA RNAME in Zone Templates by peteeckel in https://github.com/peteeckel/netbox-plugin-dns/pull/537
* Use primary/secondary consistently by jpmens in https://github.com/peteeckel/netbox-plugin-dns/pull/538
* s/update/upgrade/ by jpmens in https://github.com/peteeckel/netbox-plugin-dns/pull/539
* Provided example code for an AXFR zone importer by peteeckel in https://github.com/peteeckel/netbox-plugin-dns/pull/542

New Contributors
* jpmens made their first contribution in https://github.com/peteeckel/netbox-plugin-dns/pull/536

**Full Changelog**: https://github.com/peteeckel/netbox-plugin-dns/compare/1.2.3...1.2.4