Coming Soon! Watch My Domains SED v4.2

Watch My Domains SED v4 is getting another update which includes a new monitoring module. Other additions include additional themes, ability to update the application using the command-line tool even when installed into non-standard folders, etc.

Here are some screen-shots of the new module.

The new monitoring module makes it very easy to manage domain portfolios that are not extremely huge. You can use it to quickly view snapshot views of your domains without having to scroll through large spreadsheet like domain lists. The monitoring module can be used to track both domain expiry dates and SSL certificates.

Enabling Remote Access to MySQL /MariaDB Database for Importing Data

By default remote access to MYSQL databases are disabled. This will cause a problem when you want to import data from an older version of Watch My Domains SED to the current version.

These are the basic minimum steps required required to enable remote access. Additional steps may be required to make this work on your server if there are other security measures (enabling port access, changing firewall settings, etc.).

How to Enable Remote Access

There are two basic steps required to enable remote access.

The first step is changing the bind-address to the IP address of the server running MySQL. This is done by editing my.cnf file and setting

bind-address    = x.x.x.x

Make sure that you set x.x.x.x to the MySQL server’s IP address. Restart the mysql server after doing this.

The second step is creating a user who can connect from your remote address. This is done by connecting to the mysql server using

mysql -u root -p

Provide the password when prompted. Now run

 GRANT ALL ON wmdsed.* TO wmdsedimport@'y.y.y.y' IDENTIFIED BY 'secretpassword' 

Change wmdsed to the database name and secretpassword to your password. The IP address y.y.y.y should be set to your remote address (the IP you will connect from and where the new version of Watch My Domains is installed). We are also creating a new user called wmdsedimport just to import the data into the new version of Watch My Domains SED.

Testing

From the server that has Watch My Domains SED installed, run

mysql -h x.x.x.x  -u wmdsedimport -p

Replace x.x.x.x with the IP address of the mysql server and when prompted, provide the password you created in step-2 above.

If the connection works, you are in business.

Importing Data

Now create a data provider profile in Watch My Domains SED v4 and specify the proper credentials like user name (wmdsedimport), the newly created password, the hostname (where older database is, x.x.x.x or the corresponding FQDN) etc.

Watch My Domains SED API and PHP session id

This is a quick tip for using the Watch My Domains SED API from a PHP script. Remember that this has security implications because a session id will be passed as a URL parameter. You should restrict access to the modified script and use it only within intranet.

The stateful API exposed by Watch My Domains SED v4 allows creating your own customized web interface using Javascript and HTML. However it is not suitable for easily and quickly obtaining information using, for example, a PHP script.

This problem can be fixed by making the PHP script use it’s own session id, allowing you to authenticate and then call any API query to get / set the required information.

The first step to enable this is to make a copy of the api.php file in the root installation folder and save it to another name, say myapi.php. Then open myapi.php and add something similar to this

if(isset($_REQUEST['seid'])) {
     $seid = $_REQUEST['seid'];
     // add code here to ensure that $seid has only valid chars
     session_id($seid);
}

at the top, before the…

require 'lib/php/loader.php';

You may want to change the parameter from ‘seid’ to something else. You can also add some code that checks $_SERVER[‘REMOTE_ADDR’] and allows access from only specific IP addresses.

Important: Do not change or modify the original api.php file.

In your PHP script to get or set information using the API you should now use myapi.php instead of api.php. You should also pass a session id (created using session_create_id) to myapi.php as a parameter (seid or whatever you named it).

$seid = session_create_id('nxert-');
$url = "https://labs.softnik.com/wmdsed4/myapi.php?seid=$seid";

Watch My Domains SED Report Viewer and the Days To Expiry Column

The report viewer in Watch My Domains SED has a user configurable column called ‘Days’. This has been a subject of confusion at times.

The ‘Days’ column refers to ‘days to nearest expiry’. This data can change for the same domain based on the other columns in the report.

Contents of ReportContents of ‘Days’ Column
Contains SSL Expiry Date ColumnDays to SSL Expiry
Contains Domain Registry Expiry DateDays to Registry Expiry
Contains Domain Registrar Expiry Date Days to Registrar Expiry
Contains Domain Registrar Expiry and Registry Expiry DatesDays to nearest Expiry Date (Registry / Registrar Expiry Date whichever occurs first)
Contains SSL, Domain Registrar Expiry and Registry Expiry Dates Days to nearest Expiry Date (Registry / Registrar /SSL Expiry Date whichever occurs first)

Secondary Domains and Watch My Domains SED

Some secondary domains like yourdomain.uk.com will not get added to Watch My Domains SED v4 by default. This is because the application will assume that you want to add UK.COM and that the yourdomain part is a subdomain (which it really is).

In such cases you can force add the domains by wrapping them in square brackets ([]). For example,

[abcd.uk.com]
[domain.bd.com]

You can also make some changes to the domain suffix list in Watch My Domains SED to permanently support such domains.

The public suffix list is used by Watch My Domains to properly identify the effective / registered domain name. You can acces this from the administrive settings panels.

After you add these second level domains (uk.com, bd.com, etc) your entries will be parsed as you want them to be. You can also verify the parser by typing in your test entries under the ‘Test Domain Parser’ box.

CentOS 7, SELinux and Watch My Domains SED

Installing Watch My Domains SED on a CentOS system with SELinux (Security-Enhanced Linux) enabled often requires some extra work.

The Log Folder

Watch My Domains SED requires that the log folder is writable by apache. For this to work you will have to properly set the security context and ownership for the folder.

By default the log folder is at the root of the base installation. If you are installing the application at /var/www/html/wmdsed40, the log folder will be /var/www/html/wmdsed40/logs. You can ofcourse change the location of the log folder by editing the config.php file.

To make the log folder writable you will have to run

chown apache:apache /var/www/html/wmdsed40/logs
chcon -t httpd_sys_rw_content_t /var/www/html/wmdsed40/logs -R

The first command will set the owner of the folder to apache and the second will set the security context so that the folder is readable and writable by apache.

If you set the log folder outside of wmdsed40, you will also need to set httpd_sys_content_t for it.

Changing DocumentRoot

Installing the application to a folder different from the default /var/www/html requires more changes. For example, to install to /home/wmdsed/wmdsed40 you would do…

chcon -R --reference=/var/www/html/ /home/wmdsed/wmdsed40 
chcon -R -t httpd_sys_content_t /home/wmdsed/wmdsed40/ 
semanage fcontext -a -t httpd_sys_content_t "/home/wmdsed/wmdsed40(/.*)?" 
setsebool -P httpd_enable_homedirs true 
chmod 755 /home/wmdsed/wmdsed40

You will have to edit /etc/httpd/httpd.conf and change the DocumentRoot settings. You should also make the log folder writable by apache as mentioned in the previous section.

Net_DNS2

It is a good idea to install Net_DNS2 so that advanced DNS monitoring is possible. You can do this by installing php-pear.

yum -y install php-pear 
pear install Net_DNS2

Setup Cron

Though this is not related to SELinux or CentOS, remember to setup the cron immediately after you install the application. This is essential for the default tables to get initialized.

Verify Installation

You can run the basic diagnostic tool by opening

https://<installpath>/verify.php

in your browser. For example, if your installation is at example.com/wmdsed40, you should open

https://example.com/wmdsed40/verify.php

Upgrading Hosted & Managed Versions of Watch My Domains SED

If you are currently using the hosted and managed versions of Watch My Domains SED v3, you should consider contacting us to schedule an upgrade to the current v4.

Upgrading will be painless because you will have access to the old and new versions and we will take down the old installation only after you have confirmed that it is okay to do so.

The new installation will have all your domains, custom data columns (plus data) and your categories intact. You will need to recreate your users and assign access rights. You will also need to configure the reports and scheduled emails. This is not complicated because you can do this easily from the user interface.

What’s New in Watch My Domains SED v4

Before scheduling an upgrade you should fix a date and time after which you will stop making any additions to your current version 3 installation. Then contact us for setting up the new version.

Verifying if a Watch My Domains SED v4 Installation is fully UP & Running

There are a number of scripts and services that check if a website is up and running. However, checking if a web application is fully functional is not exactly the same as testing if a web page is up. Web applications may still show it’s interface even if there are errors that are then displayed elsewhere.

You can easily verify if an installation of Watch My Domains SED v4 is fully functional by checking if it’s testpad.php page returns a

<p>OK</p>

response.

You can add https://<yourinstallpath>/testpad.php to any monitoring script and look for the above response to monitor the application’s status.

Domain Name Management Software: Transition to RDAP

The Registration Data Access Protocol, or RDAP, is soon going to replace the traditional port 43 Whois. Once RDAP has been deployed, ICANN no longer requires gTLD registries to provide a port 43 whois service. However, most registries are expected to do this in a phased manner .

All the current versions of our software products will be updated before the end of the year to support RDAP.

RDAP

What this means

Are you using older (major) versions of the software? Once the registries and registrars fully transition to the RDAP and abandon the port 43 Whois, you will no longer be able to retrieve domain related information using your version of the software.

To be able to continue using the software you will have to purchase an upgrade to the latest major version.

The transition to RDAP will not affect the domains that are managed using registrar APIs.

When will this happen?

Registries and registrars are likely to begin providing more information about their plans to phase out the port 43 service in due course. This will happen after the current Registry Agreement (RA) and Registrar Accreditation Agreement (RAA) are amended. As per an ICANN blog post negotiations have been initiated to begin this process and to define a coordinated transition from the WHOIS protocol to RDAP.

Download CSV Data from Watch My Domains SED.

You can very easily download data in CSV format from Watch My Domains SED v4. The download options are available for both domain and report tables. Please see the screen shot below.

The download can be scheduled as a background task when the number of rows is more than 5000. You can select the rows and columns that appear in the download. You may also specify the column delimiter (between comma, semicolon and tab).

You may need to use the data import option in Excel to open the downloaded file in Excel.