2019-09-04 18:15:10 +02:00
#!/bin/sh
2021-07-08 00:39:48 +02:00
# SPDX-License-Identifier: GPL-3.0
#
# freifunk-franken dns-scipts (c) 2016 mayosemmel
# (c) 2020-2021 Fabian Bläse
# (c) 2021 Blackyfff
2019-09-04 18:15:10 +02:00
# exit script when command fails
set -e
2021-01-14 20:46:10 +01:00
# Communityconfig
2021-01-04 20:53:39 +01:00
CommunityDomain = "fff.community"
2021-03-10 00:02:15 +01:00
CommunityExternPrefix = "extern"
2021-01-14 20:46:10 +01:00
CommunitySubnets = "10.50.0/16 10.83.0/16 fd43:5602:29bd::/48"
2021-01-21 19:21:25 +01:00
RemoteLocation = "https://git.freifunk-franken.de/freifunk-franken/dns/raw/branch/master/"
2021-03-10 00:02:15 +01:00
DNSSECPolicy = "herpf"
2021-01-04 20:53:39 +01:00
2021-01-14 20:46:10 +01:00
# Serverconfig
export DNSSCRIPT_CONTACT_EMAIL = info.freifunk-herpf.de.
2021-02-08 01:34:03 +01:00
# DNSSCRIPT_SERVER_NAME must be the server given in community zone files NS entry (Full Hostname, w/o trailing dot)
2021-01-14 20:46:10 +01:00
export DNSSCRIPT_SERVER_NAME = dns.herpf.fff.community
UpdateScriptsFolder = "/usr/lib/ffdns/"
ZoneFilesFolder = "/etc/bind/fff/"
2021-01-15 17:12:33 +01:00
BindIncludeFileFolder = "/etc/bind/"
2021-03-10 00:02:15 +01:00
DNSSECKeyFolder = "/etc/bind/keys/"
TempFolder = "/tmp/dnsscripts/"
2021-02-01 20:59:32 +01:00
# specify the bird/babel or other routing table[s]
2021-03-10 00:02:15 +01:00
# if RoutingTables is empty, the ICVPN-ACL-List will be fetched remotely (for servers that are no gateway)
2021-01-26 22:53:02 +01:00
RoutingTables = "10"
2021-01-04 20:53:39 +01:00
2021-01-21 19:21:25 +01:00
# -1 -> disable bind [restart|reload]
2021-01-19 20:24:33 +01:00
# 0 -> Debian (and like) systemctl [reload|restart] bind9
2021-01-21 19:21:25 +01:00
# 1 -> use rndc to [reload zone|reconfig] (recommended; rndc needs setup first)
2021-01-19 20:24:33 +01:00
# 2 -> OpenWRT /etc/init.d/named [reload|restart]
2021-01-14 20:46:10 +01:00
export DNSSCRIPT_BIND_RELOAD_VER = 0
2021-01-04 20:53:39 +01:00
2021-01-14 20:46:10 +01:00
InternalViews = "icvpn-internal-view icvpn-internal-dns64-view"
ExternalView = "external-view"
2021-01-04 20:53:39 +01:00
# TTL Refresh Retry Expire Minimum
TTLReReExMi = "3600 2000 6400 2419200 86400"
2021-01-14 20:46:10 +01:00
# ForwardZones: "<Zone>/<Zonendatei>" ; optionaly multiple " ""<ZoneX>/<ZonendateiX>" no spaces in full filename
2021-02-08 01:34:03 +01:00
ForwardZones = " $CommunityDomain " "/" " $ZoneFilesFolder " "db.icvpn-internal-view." " $CommunityDomain "
2021-01-04 20:53:39 +01:00
#############################################################
2021-01-14 20:46:10 +01:00
cd " $UpdateScriptsFolder "
2021-01-21 19:21:25 +01:00
2021-01-14 20:46:10 +01:00
. ./dns-functions.sh
2021-01-04 20:53:39 +01:00
2021-02-08 01:34:03 +01:00
FirstInternal = " $( echo " $InternalViews " | sed -ne 's/^\(\S\+\)\s.*$/\1/p' ) "
2021-03-10 00:02:15 +01:00
BindIcvpnAclTmp = " $TempFolder " "icvpn-acl.conf"
2021-01-15 17:12:33 +01:00
BindIcvpnAcl = " $BindIncludeFileFolder " "icvpn-acl.conf"
2021-03-10 00:02:15 +01:00
[ -z " $CommunityExternPrefix " ] || CommunityExternDomain = " $CommunityExternPrefix " "." " $CommunityDomain "
2021-06-28 00:47:45 +02:00
[ -n " $DNSSECPolicy " ] || DNSSECKeyFolder = ""
2021-03-10 00:02:15 +01:00
mkdir -p " $TempFolder " "cache"
2021-01-04 20:53:39 +01:00
2021-02-08 01:34:03 +01:00
for IView in $InternalViews ; do
2021-03-10 00:02:15 +01:00
rm -f " $TempFolder " " $IView " ".conf"
2021-02-08 01:34:03 +01:00
done
2021-03-10 00:02:15 +01:00
rm -f " $TempFolder " " $ExternalView " ".conf"
2021-02-08 01:34:03 +01:00
2021-03-10 00:02:15 +01:00
CachedMasterFile = " $TempFolder " "cache/db." " $CommunityDomain "
PreFetchMasterSerial = " $( GetZoneFileSerial " $CachedMasterFile " ) "
2021-06-28 00:51:49 +02:00
$( curl -s -S -f " $RemoteLocation " "db." " $CommunityDomain " --output " $CachedMasterFile " && [ -f " $CachedMasterFile " ] && echo "" >> " $CachedMasterFile " )
2021-03-10 00:02:15 +01:00
PostFetchMasterSerial = " $( GetZoneFileSerial " $CachedMasterFile " ) "
ServeMasterZone = " $( GetAllZoneNameservers " $CommunityDomain " " $CachedMasterFile " | awk '{for(i=NF;i>0;--i) if($i=="' " $DNSSCRIPT_SERVER_NAME " '") {printf 1}}' ) "
if [ -n " $CommunityExternDomain " ] ; then
if [ -n " $ServeMasterZone " ] ; then
ServeExtZone = "1"
else
ServeExtZone = " $( GetAllSubNameservers " $CommunityDomain " " $CommunityExternPrefix " " $CachedMasterFile " | awk '{for(i=NF;i>0;--i) if($i=="' " $DNSSCRIPT_SERVER_NAME " '") {printf 1}}' ) "
fi
else
ServeExtZone = ""
fi
2019-09-04 18:15:10 +02:00
2021-03-10 00:02:15 +01:00
if [ -n " $ServeMasterZone " ] || [ -n " $ServeExtZone " ] ; then
sed -i -e '/^\s*_dnsseckeys\./d' " $CachedMasterFile "
FileForExternGeneration = " $CachedMasterFile "
if [ -n " $ExternalView " ] ; then
ExternFile = " $ZoneFilesFolder " "db." " $ExternalView " "." " $CommunityDomain "
else
ExternFile = " $ZoneFilesFolder " "db." " $CommunityExternDomain "
2021-02-08 01:34:03 +01:00
fi
2021-03-10 00:02:15 +01:00
LocalMasterSerial = $(( PostFetchMasterSerial))
if [ -n " $ServeMasterZone " ] ; then
MasterFile = " $ZoneFilesFolder " "db." " $FirstInternal " "." " $CommunityDomain "
FileForExternGeneration = " $MasterFile "
ZoneTempFolder = " $TempFolder " "cache/" " $CommunityDomain " "/"
2021-02-08 01:34:03 +01:00
2021-06-27 22:51:24 +02:00
UpdateMaster = " $( UpdateDNSSECEntryCache " $CommunityDomain " " $ZoneTempFolder " " $CachedMasterFile " " $DNSSECKeyFolder " ) "
if [ $(( PostFetchMasterSerial)) -gt $(( PreFetchMasterSerial)) ] || [ $UpdateMaster -ne 0 ] ; then
2021-03-10 00:02:15 +01:00
cp -f " $CachedMasterFile " " $CachedMasterFile " "I"
for KeyFile in " $ZoneTempFolder " *; do
2021-06-27 22:51:24 +02:00
[ " $KeyFile " = = " $ZoneTempFolder " "*" ] || \
2021-03-10 00:02:15 +01:00
cat " $KeyFile " >> " $CachedMasterFile " "I"
done
LocalMasterSerial = " $( GetZoneFileSerial " $MasterFile " ) "
if [ $(( PostFetchMasterSerial)) -le $(( LocalMasterSerial)) ] ; then
LocalMasterSerial = $(( LocalMasterSerial+1))
sed -i -e 's/^\(\s*\)' " $PostFetchMasterSerial " '\(\s*;\s*[Ss]erial.*\)$/\1' " $LocalMasterSerial " '\3/g' " $CachedMasterFile " "I"
sed -i -e 's/^\(\s*\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\s\+\S\+\s\+\S\+\s\+\)' " $PostFetchMasterSerial " '\(\s\+.*\)$/\1' " $LocalMasterSerial " '\3/g' " $CachedMasterFile " "I"
else
LocalMasterSerial = $(( PostFetchMasterSerial))
fi
mv " $CachedMasterFile " "I" " $MasterFile "
ReloadZone " $CommunityDomain " " $InternalViews "
2021-06-27 22:51:24 +02:00
InsertZoneToViews " $InternalViews " " $ZoneFilesFolder " " $CommunityDomain " " $MasterFile " " $TempFolder " " $DNSSECPolicy "
2021-03-10 00:02:15 +01:00
fi
2021-02-08 01:34:03 +01:00
for Subnet in $CommunitySubnets ; do
ReverseDomains = " $( GetReverseDomains " $Subnet " ) "
for RDomain in $ReverseDomains ; do
ReverseZoneFile = " $( GetReverseZoneFileFromZone " ${ RDomain %*. } " ) "
! curl -s -f " $RemoteLocation " "static." " $ReverseZoneFile " \
--output " $ZoneFilesFolder " "static." " $ReverseZoneFile " && \
rm -f " $ZoneFilesFolder " "static." " $ReverseZoneFile "
./update-rdnszone.sh " $RDomain " " $ForwardZones " " $ZoneFilesFolder " " $ReverseZoneFile " " $TTLReReExMi " " $InternalViews "
for IView in $InternalViews ; do
2021-03-10 00:02:15 +01:00
InsertZoneToIncludeFile " ${ RDomain %*. } " " $ZoneFilesFolder " " $ReverseZoneFile " " $TempFolder " " $IView " ".conf"
2021-02-08 01:34:03 +01:00
done
done
2021-01-14 20:46:10 +01:00
done
2021-03-10 00:02:15 +01:00
if [ -n " $ExternalView " ] ; then
InsertZoneToIncludeFile " $CommunityDomain " " $ExternFile " " $TempFolder " " $ExternalView " ".conf" " $DNSSECPolicy "
fi
fi
2021-02-08 01:34:03 +01:00
2021-03-10 00:02:15 +01:00
UpdateExternView = 0
if [ -n " $ExternalView " ] || [ -n " $ServeExtZone " ] ; then
SerialExtern = " $( GetZoneFileSerial " $ExternFile " ) "
if [ $(( LocalMasterSerial)) -gt $(( SerialExtern)) ] ; then
2021-06-27 22:55:27 +02:00
sed -e ' /^[ ^; ] *\s \( 10\. \| [ fF] [ cdCD] [ 0-9a-fA-F] \{ 2\} :\) \S *\s *\( ; .*\) \? $/d; \
2021-03-10 00:02:15 +01:00
s/^[ ^; ^@] *\s \+ \( [ ^; ] *\) \s [ Ii] [ Nn] \s \+ [ Ss] [ Oo] [ Aa] \s /@ \1 IN SOA /g' " $FileForExternGeneration " \
> " $ExternFile "
UpdateExternView = 1
[ -z " $ExternalView " ] || ReloadZone " $CommunityExternDomain " " $ExternalView "
fi
fi
if [ -n " $ServeExtZone " ] ; then
MasterExtDomainFile = " $ZoneFilesFolder " "db." " $FirstInternal " "." " $CommunityExternDomain "
ZoneTempFolder = " $TempFolder " "cache/" " $CommunityExternDomain " "/"
cp -f " $ExternFile " " $CachedMasterFile " "E"
sed -i -e '/^\s*_dnsseckeys\./d' " $CachedMasterFile " "E"
[ -n " $( sed -e '/^\s*\(@\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\)\s/!d' " $CachedMasterFile " "E" ) " ] || \
sed -i -e 's/^\s*\(@\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\)\s\+\S\+\s\+\S\+\s/\1 ' " $DNSSCRIPT_SERVER_NAME " '. ' " $DNSSCRIPT_CONTACT_EMAIL " ' /g' " $CachedMasterFile " "E"
2021-07-08 08:15:02 +02:00
sed -i -e 's/^\s*' " $CommunityExternPrefix " '\s/@ /g;/^\s*@\s\+[Ii][Nn]\s\+[Dd][Ss]\s/d' " $CachedMasterFile " "E"
2021-03-10 00:02:15 +01:00
UpdateExternDomain = " $( UpdateDNSSECEntryCache " $CommunityExternDomain " " $ZoneTempFolder " " $CachedMasterFile " "E" " $DNSSECKeyFolder " ) "
2021-06-27 22:51:24 +02:00
if [ $UpdateExternView -ne 0 ] || [ $UpdateExternDomain -ne 0 ] ; then
2021-03-10 00:02:15 +01:00
for KeyFile in " $ZoneTempFolder " *; do
2021-06-27 22:51:24 +02:00
[ " $KeyFile " = = " $ZoneTempFolder " "*" ] || \
2021-03-10 00:02:15 +01:00
cat " $KeyFile " >> " $CachedMasterFile " "E"
2021-02-08 01:34:03 +01:00
done
2021-03-10 00:02:15 +01:00
LocalExtDomainMasterSerial = " $( GetZoneFileSerial " $MasterExtDomainFile " ) "
if [ $(( LocalMasterSerial)) -le $(( LocalExtDomainMasterSerial)) ] ; then
LocalExtDomainMasterSerial = $(( LocalExtDomainMasterSerial+1))
sed -i -e 's/^\(\s*\)' " $LocalMasterSerial " '\(\s*;\s*[Ss]erial.*\)$/\1' " $LocalExtDomainMasterSerial " '\3/g' " $CachedMasterFile " "E"
sed -i -e 's/^\(\s*\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\s\+\S\+\s\+\S\+\s\+\)' " $LocalMasterSerial " '\(\s\+.*\)$/\1' " $LocalExtDomainMasterSerial " '\3/g' " $CachedMasterFile " "E"
fi
mv " $CachedMasterFile " "E" " $MasterExtDomainFile "
ReloadZone " $CommunityExternDomain " " $InternalViews "
fi
2021-06-27 22:51:24 +02:00
InsertZoneToViews " $InternalViews " " $ZoneFilesFolder " " $CommunityExternDomain " " $MasterExtDomainFile " " $TempFolder " " $DNSSECPolicy "
InsertZoneToViews " $ExternalView " " $ZoneFilesFolder " " $CommunityExternDomain " " $MasterExtDomainFile " " $TempFolder " " $DNSSECPolicy "
2021-02-08 01:34:03 +01:00
fi
fi
2019-09-04 18:15:10 +02:00
2021-03-10 00:02:15 +01:00
if [ -z " $MasterFile " ] ; then
MasterFile = " $ZoneFilesFolder " "db." " $FirstInternal " "." " $CommunityDomain "
cp -f " $CachedMasterFile " " $MasterFile "
fi
2021-01-14 20:46:10 +01:00
# set shorter TTL for Hoods
TTLReReExMi = "420 360 180 1800 360"
Hoods = " $( GetOwnHoods " $CommunityDomain " " $MasterFile " ) "
for Hood in $Hoods ; do
2021-01-21 19:21:25 +01:00
HoodDomain = " ${ Hood %% \# * } " "." " $CommunityDomain "
2021-01-14 20:46:10 +01:00
Subnets = " $( echo " ${ Hood #* \# } " | sed -e 's/#/ /g' ) "
2021-02-08 01:34:03 +01:00
HoodZoneFile = " $ZoneFilesFolder " "db." " $FirstInternal " "." " $HoodDomain "
2021-01-14 20:46:10 +01:00
if [ ! -f " $HoodZoneFile " ] ; then
2021-01-19 17:49:06 +01:00
{
echo " \$TTL ${ TTLReReExMi %% * } "
2021-06-27 22:51:24 +02:00
echo " @ IN SOA $DNSSCRIPT_SERVER_NAME " "." " $DNSSCRIPT_CONTACT_EMAIL ( "
echo " 1 ; Serial"
echo " " " $( echo " $TTLReReExMi " | awk '{print $2}' ) " " ; Refresh"
echo " " " $( echo " $TTLReReExMi " | awk '{print $3}' ) " " ; Retry"
echo " " " $( echo " $TTLReReExMi " | awk '{print $4}' ) " " ; Expire"
echo " " " $( echo " $TTLReReExMi " | awk '{print $5}' ) " " ) ; Negative Cache TTL"
2021-01-21 19:21:25 +01:00
echo ";"
2021-06-27 22:51:24 +02:00
echo " @ IN NS $DNSSCRIPT_SERVER_NAME " "." ""
2021-02-08 01:34:03 +01:00
GetOwnGlueRecords " $CommunityDomain " " $HoodDomain " " $MasterFile "
2021-01-21 19:21:25 +01:00
echo ";"
2021-01-19 17:49:06 +01:00
} > " $HoodZoneFile "
2021-01-14 20:46:10 +01:00
fi
2021-01-21 19:21:25 +01:00
./update-hoodzone.sh " $HoodZoneFile " " $HoodDomain " " $Subnets " " $InternalViews "
2021-01-15 17:12:33 +01:00
2021-01-21 19:21:25 +01:00
HoodForwardZones = " $ForwardZones $HoodDomain " "/" " $HoodZoneFile "
2021-01-14 20:46:10 +01:00
for Subnet in $Subnets ; do
ReverseDomains = " $( GetReverseDomains " $Subnet " ) "
for RDomain in $ReverseDomains ; do
2021-01-21 19:21:25 +01:00
ReverseZoneFileFullPath = " $ZoneFilesFolder " " $( GetReverseZoneFileFromZone " ${ RDomain %*. } " ) "
./update-rdnszone.sh " $RDomain " " $HoodForwardZones " " $ReverseZoneFileFullPath " " $TTLReReExMi " " $InternalViews "
2021-02-08 01:34:03 +01:00
for IView in $InternalViews ; do
2021-03-10 00:02:15 +01:00
InsertZoneToIncludeFile " ${ RDomain %*. } " " $ReverseZoneFileFullPath " " $TempFolder " " $IView " ".conf"
2021-02-08 01:34:03 +01:00
done
2021-01-14 20:46:10 +01:00
done
done
2021-02-08 21:23:15 +01:00
if [ -n " $CommunityExternDomain " ] ; then
HoodExternDomain = " ${ Hood %% \# * } " "." " $CommunityExternDomain "
else
HoodExternDomain = ""
fi
2021-06-27 22:51:24 +02:00
if [ -n " $ExternalView " ] ; then
2021-02-08 01:34:03 +01:00
ExternFile = " $ZoneFilesFolder " "db." " $ExternalView " "." " $HoodDomain "
2021-06-27 22:51:24 +02:00
elif [ -n " $HoodExternDomain " ] ; then
ExternFile = " $ZoneFilesFolder " "db." " $HoodExternDomain "
else
ExternFile = ""
fi
2021-02-08 01:34:03 +01:00
2021-06-27 22:51:24 +02:00
if [ -n " $ExternFile " ] ; then
./update-extzone.sh " $HoodZoneFile " " $ExternFile " " $HoodDomain " " $ExternalView " " $HoodExternDomain " " $InternalViews "
fi
InsertZoneToViews " $InternalViews " " $ZoneFilesFolder " " $HoodDomain " " $HoodZoneFile " " $TempFolder " " $DNSSECPolicy "
InsertZoneToViews " $ExternalView " " $ZoneFilesFolder " " $HoodDomain " " $ExternFile " " $TempFolder " " $DNSSECPolicy "
2021-02-08 01:34:03 +01:00
2021-02-08 21:23:15 +01:00
if [ -n " $HoodExternDomain " ] ; then
2021-06-27 22:51:24 +02:00
InsertZoneToViews " $InternalViews " " $ZoneFilesFolder " " ${ Hood %% \# * } " "." " $CommunityExternDomain " " $ExternFile " " $TempFolder " " $DNSSECPolicy "
InsertZoneToViews " $ExternalView " " $ZoneFilesFolder " " ${ Hood %% \# * } " "." " $CommunityExternDomain " " $ExternFile " " $TempFolder " " $DNSSECPolicy "
2021-02-08 01:34:03 +01:00
fi
2021-01-15 17:12:33 +01:00
done
2021-01-26 22:53:02 +01:00
./update-public-acl.sh " $BindIcvpnAclTmp " " $RemoteLocation " " $RoutingTables "
2021-01-15 17:12:33 +01:00
2021-02-08 01:34:03 +01:00
ReConfigBind = 0
2021-01-15 17:12:33 +01:00
UpdateBindConfig( ) {
2021-01-19 17:49:06 +01:00
if [ -f " $1 " ] && ! cmp -s " $1 " " $2 " ; then
mv " $1 " " $2 "
2021-02-08 01:34:03 +01:00
ReConfigBind = 1
2021-01-15 17:12:33 +01:00
else
2021-01-19 17:49:06 +01:00
rm -f " $1 "
2021-01-04 20:53:39 +01:00
fi
2021-01-15 17:12:33 +01:00
}
2021-01-19 17:49:06 +01:00
UpdateBindConfig " $BindIcvpnAclTmp " " $BindIcvpnAcl "
2021-02-08 01:34:03 +01:00
for IView in $InternalViews ; do
2021-03-10 00:02:15 +01:00
UpdateBindConfig " $TempFolder " " $IView " ".conf" " $BindIncludeFileFolder " " $IView " ".conf"
2021-02-08 01:34:03 +01:00
done
2021-06-27 22:51:24 +02:00
if [ -n " $ExternalView " ] ; then
2021-03-10 00:02:15 +01:00
UpdateBindConfig " $TempFolder " " $ExternalView " ".conf" " $BindIncludeFileFolder " " $ExternalView " ".conf"
2021-06-27 22:51:24 +02:00
fi
2021-01-15 17:12:33 +01:00
2021-02-08 01:34:03 +01:00
if [ $ReConfigBind -ne 0 ] || [ -f "/tmp/dnsscript-forcereconf" ] ; then
2021-01-19 17:49:06 +01:00
if [ $(( DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ] ; then
2021-01-15 17:12:33 +01:00
systemctl restart bind9
2021-01-19 17:49:06 +01:00
elif [ $(( DNSSCRIPT_BIND_RELOAD_VER)) -eq 1 ] ; then
2021-01-15 17:12:33 +01:00
rndc reconfig
2021-01-19 20:24:33 +01:00
elif [ $(( DNSSCRIPT_BIND_RELOAD_VER)) -eq 2 ] ; then
2021-01-15 17:12:33 +01:00
/etc/init.d/named restart
fi
2021-01-21 19:21:25 +01:00
rm -f "/tmp/dnsscript-forcereconf"
fi