Umgestellt auf ash+posix; external-view möglich; Reload konfigurierbar nach System; Eigene Subdomain mit mehreren Subreversedomains möglich; Alles Zonefiles müssen in einem Ordner liegen (Forward&Reverse); Beschreibung aktualisiert
This commit is contained in:
parent
bf912faf18
commit
1568540904
|
@ -1,83 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
DomainZone="50.10.in-addr.arpa."
|
||||
#ForwardZoneFiles="/srv/fff-dns/db.fff.community"
|
||||
#ReverseZoneFile="/var/lib/bind/db.50.10"
|
||||
ForwardZoneFiles="/etc/bind/db.herpf.fff.community"
|
||||
ReverseZoneFile="/etc/bind/db.250.50.10"
|
||||
#Temporäres Verzeichnis - muss pro Zone exclusiv sein!
|
||||
TempDir="/tmp/250.50.10.in-addr.arpa"
|
||||
TTL=3600
|
||||
refresh=2000
|
||||
retry=6400
|
||||
expire=2419200
|
||||
minimum=86400
|
||||
ContactEMail=franken.freifunk.net.
|
||||
ReverseServerName=aquarius.gw.fff.community.
|
||||
|
||||
#################################################################
|
||||
|
||||
function GetZoneFileSerial() {
|
||||
local INSOAPrefix="^\s*\S\+\s\+\([0-9]*\s\)\?\s*IN\s\+SOA\s\+"
|
||||
local FirstSOALineAndFollowing="/""$INSOAPrefix""/,\$!d;"
|
||||
local RemoveComments=":a;s/;.*$//g;"
|
||||
local RemoveLineBreaks=":a;N;\$!ba;s/\n//g;"
|
||||
local SearchPrintSerial="s/""$INSOAPrefix""\S\+\s\+\S\+\s\+\((\s\)\?\s*\([0-9]*\).*/\3/i"
|
||||
|
||||
local Serial=$(sed -e "$FirstSOALineAndFollowing""$RemoveComments""$RemoveLineBreaks""$SearchPrintSerial" "$1")
|
||||
echo "$Serial"
|
||||
}
|
||||
|
||||
function DNSReload {
|
||||
if [[ -n "$Userndc" ]]; then
|
||||
rndc reload "$DomainZone" IN "icvpn-internal-view"
|
||||
else
|
||||
systemctl reload bind9
|
||||
fi
|
||||
}
|
||||
|
||||
function ValidateIPv4() {
|
||||
[[ -n "$(echo "$1" | sed -e '/^\(\(25[0-5]\|\(2[0-4]\|1[0-9]\|[1-9]\)\?[0-9]\)\.\)\{0,3\}\(25[0-5]\|\(2[0-4]\|1[0-9]\|[1-9]\)\?[0-9]\)$/!d')" ]]
|
||||
return $?
|
||||
}
|
||||
|
||||
|
||||
mkdir -p $TempDir
|
||||
|
||||
for ForwardZoneFile in $ForwardZoneFiles
|
||||
do
|
||||
ZoneName="$DomainZone" #$(sed -ne 's/\(\S\+\)\s\+IN\s\+SOA\s\+\S\+.*/\1/p' "$ForwardZoneFile")
|
||||
named-checkzone -o "$TempDir/$ZoneName" -D $ZoneName $ForwardZoneFile >/dev/null 2>&1
|
||||
Serial=$(GetZoneFileSerial "$TempDir/$ZoneName")
|
||||
NewSerial=$((Serial+NewSerial))
|
||||
done
|
||||
|
||||
echo "$DomainZone $TTL IN SOA $ReverseServerName $ContactEMail $NewSerial $refresh $retry $expire $minimum" > "$TempDir/$DomainZone"
|
||||
echo "$DomainZone $TTL IN NS $ReverseServerName" >> "$TempDir/$DomainZone"
|
||||
for ForwardZoneFile in $(ls $TempDir)
|
||||
do
|
||||
Hosts=($(cat "$TempDir/$ForwardZoneFile" | grep -v SOA | awk '{ print $1 }'))
|
||||
IPs=$(cat "$TempDir/$ForwardZoneFile" | grep -v SOA | awk '{ print $5 }')
|
||||
i=0
|
||||
for IP in $IPs
|
||||
do
|
||||
if ValidateIPv4 $IP
|
||||
then
|
||||
echo $(echo $IP | awk 'BEGIN { FS = "." } ; { print $4 "." $3 "." $2 "." $1 }')".in-addr.arpa." $TTL IN PTR ${Hosts[$i]} >> "$TempDir/$DomainZone"
|
||||
fi
|
||||
i=$((i+1))
|
||||
done
|
||||
done
|
||||
|
||||
if [[ -f $ReverseZoneFile ]]; then
|
||||
OldSerial="$(GetZoneFileSerial '$ReverseZoneFile')"
|
||||
else
|
||||
OldSerial=0
|
||||
fi
|
||||
|
||||
if [[ $NewSerial -gt $OldSerial ]]
|
||||
then
|
||||
named-compilezone -o $ReverseZoneFile $DomainZone "$TempDir/$DomainZone" >/dev/null 2>&1
|
||||
DNSReload
|
||||
fi
|
||||
rm -r $TempDir
|
|
@ -1,89 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
#Name der Zone
|
||||
DomainZone="83.10.in-addr.arpa."
|
||||
#Positionen und Namen der Forward Lookup Zone Files
|
||||
ForwardZoneFiles=("/srv/fff-dns/db.fff.community")
|
||||
ReverseZoneFile="/var/lib/bind/db.83.10"
|
||||
#Temporäres Verzeichnis - muss pro Zone exclusiv sein!
|
||||
TempDir="/tmp/83.10.in-addr.arpa"
|
||||
#TTL
|
||||
TTL=3600
|
||||
#refresh
|
||||
refresh=2000
|
||||
#retry
|
||||
retry=6400
|
||||
#expire
|
||||
expire=2419200
|
||||
#minimum
|
||||
minimum=86400
|
||||
#contact-mail
|
||||
contact=franken.freifunk.net.
|
||||
#responsible DNS Server by name (for reverseDNS your own)
|
||||
responsible=aquarius.gw.fff.community.
|
||||
|
||||
#################################################################
|
||||
|
||||
function dnsreload {
|
||||
systemctl reload bind9
|
||||
}
|
||||
|
||||
function validate_ip() {
|
||||
local ip=$1
|
||||
local stat=1
|
||||
|
||||
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
|
||||
OIFS=$IFS
|
||||
IFS='.'
|
||||
ip=($ip)
|
||||
IFS=$OIFS
|
||||
[[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \
|
||||
&& ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
|
||||
stat=$?
|
||||
fi
|
||||
return $stat
|
||||
}
|
||||
|
||||
|
||||
mkdir -p $TempDir
|
||||
Serials=()
|
||||
for ForwardZoneFile in "${ForwardZoneFiles[@]}"
|
||||
do
|
||||
ZoneName=$(cat $ForwardZoneFile | grep SOA | awk '{ print $1 }' | head -n 1)
|
||||
named-compilezone -o "$TempDir/$ZoneName" $ZoneName $ForwardZoneFile >/dev/null 2>&1
|
||||
serial=$(cat "$TempDir/$ZoneName" | grep SOA | awk '{ print $7 }' | head -n 1)
|
||||
Serials+=( "$serial" )
|
||||
done
|
||||
|
||||
Serials=( $( for i in ${Serials[@]}; do echo "$i"; done | sort -rn ) )
|
||||
serial=${Serials[0]}
|
||||
|
||||
echo "$DomainZone $TTL IN SOA $responsible $contact $serial $refresh $retry $expire $minimum" > "$TempDir/$DomainZone"
|
||||
echo "$DomainZone $TTL IN NS $responsible" >> "$TempDir/$DomainZone"
|
||||
for ForwardZoneFile in $(ls $TempDir)
|
||||
do
|
||||
Hosts=($(cat "$TempDir/$ForwardZoneFile" | grep -v SOA | awk '{ print $1 }'))
|
||||
IPs=$(cat "$TempDir/$ForwardZoneFile" | grep -v SOA | awk '{ print $5 }')
|
||||
i=0
|
||||
for IP in $IPs
|
||||
do
|
||||
if validate_ip $IP
|
||||
then
|
||||
echo $(echo $IP | awk 'BEGIN { FS = "." } ; { print $4 "." $3 "." $2 "." $1 }')".in-addr.arpa." $TTL IN PTR ${Hosts[$i]} >> "$TempDir/$DomainZone"
|
||||
fi
|
||||
i=$((i+1))
|
||||
done
|
||||
done
|
||||
|
||||
if [ -f $ReverseZoneFile ]; then
|
||||
oldSerial=$(grep SOA $ReverseZoneFile | awk 'NR==1{print $7}')
|
||||
else
|
||||
oldSerial=0
|
||||
fi
|
||||
|
||||
if [ $serial -gt $oldSerial ]
|
||||
then
|
||||
named-compilezone -o $ReverseZoneFile $DomainZone "$TempDir/$DomainZone" >/dev/null 2>&1
|
||||
dnsreload
|
||||
fi
|
||||
rm -r $TempDir
|
114
README.md
114
README.md
|
@ -1,29 +1,36 @@
|
|||
|
||||
# fff-scripts
|
||||
Dieses Git enthält eine Sammlung an Scripten zur Aktualisierung des Zone-git für fff.community.
|
||||
Außerdem gibt es Skripte, die aus der Forward-Zone eine passende Reverse-Zone für unsere internen RFC 1918 und RFC 4193 Adressen erzeugen.
|
||||
Dieses Git enthält eine Sammlung an Scripten zur Aktualisierung der Zonendatei für fff.community.
|
||||
Außerdem gibt es Skripte, die aus der Forward-Zone und optional eigener Subdomain passende Reverse-Zones für unsere internen RFC 1918 und RFC 4193 Adressen erzeugen.
|
||||
|
||||
## Installation
|
||||
#### Zone-git klonen
|
||||
Zuerst muss das [dns-git](https://git.freifunk-franken.de/freifunk-franken/dns) geclont werden. Dieses enthält die Zonendatei für fff.community. Wohin dieses git geklont wird, ist egal. Der DNS Server muss Lesezugriff darauf haben.
|
||||
```
|
||||
git clone https://git.freifunk-franken.de/freifunk-franken/dns.git /srv/fff-dns
|
||||
```
|
||||
|
||||
#### Systemanforderungen
|
||||
|
||||
curl
|
||||
named-checkzone (z.B. bei bind oder bind-tools enthalten)
|
||||
|
||||
|
||||
#### dns-scripts klonen
|
||||
Dann können die Skripte geklont werden. Dabei ist aktuell noch die Position wichtig, da das Skript derzeit absolulte Pfade verwendet.
|
||||
Die Scripte müssen geklont werden, oder anderweitig in einem Ordner auf dem Server abgelegt werden. Dabei ist aktuell noch die Position wichtig, da das Skript derzeit absolulte Pfade verwendet (oder den Pfad in update-dns.sh anpassen)
|
||||
```
|
||||
git clone https://git.freifunk-franken.de/freifunk-franken/dns-scripts.git /srv/fff-scripts
|
||||
```
|
||||
|
||||
#### konfigurieren
|
||||
In der Datei update-dns.sh kann die Verwaltung einer Subdomain incl. Reversezone aktiviert werden.
|
||||
|
||||
|
||||
#### Cron anlegen
|
||||
Schließlich muss noch ein Cron angelegt werden, der regelmäßig das Skript aufruft, welches das Zone-git aktualisiert und die Reverse-Skripte aufruft:
|
||||
Schließlich muss noch ein Cron angelegt werden, der regelmäßig das Skript aufruft, welches die Zonendatei aktualisiert und die Reverse-Skripte aufruft:
|
||||
```
|
||||
1-59/5 * * * * /srv/fff-scripts/update-dns.sh /srv/fff-dns
|
||||
1-59/5 * * * * /srv/fff-scripts/update-dns.sh
|
||||
```
|
||||
|
||||
#### DNS-Server konfigurieren
|
||||
Dann muss nur noch der DNS Server, z.B. `bind`, für die entsprechenden Zonen eingerichtet werden:
|
||||
|
||||
Einfachste Konfiguration:
|
||||
```
|
||||
$ cat named.conf.local
|
||||
[..]
|
||||
|
@ -51,4 +58,89 @@ zone "fff.community" {
|
|||
};
|
||||
|
||||
[..]
|
||||
```
|
||||
```
|
||||
|
||||
mit Split-View und eigener Subdomain:
|
||||
|
||||
```
|
||||
$ cat named.conf.local
|
||||
[..]
|
||||
|
||||
acl icvpnlocal {
|
||||
10.0.0.0/8;
|
||||
172.16.0.0/12;
|
||||
fd00::/8;
|
||||
};
|
||||
acl icvpnrange {
|
||||
icvpnlocal;
|
||||
# Die via babel/bird verteilten IPv6-Netze mit src-prefix, diese sollten per Script as der fff-table aktuell gehalten werden
|
||||
#z.B. 2a00:1aa0:ffff::/48;
|
||||
};
|
||||
|
||||
[..]
|
||||
view "icvpn-internal-view" {
|
||||
match-clients { icvpnrange; localhost; };
|
||||
|
||||
[..] # eigene Optionen
|
||||
|
||||
zone "<EIGENE SUBDOMAIN>.fff.community" {
|
||||
type master;
|
||||
file "/var/lib/bind/db.<EIGENE SUBDOMAIN>.fff.community";
|
||||
};
|
||||
|
||||
zone "<EIGENES IPv4SUBNETZ>.50.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/lib/bind/db.<EIGENES IPv4SUBNETZ>.50.10";
|
||||
};
|
||||
|
||||
zone "<EIGENES IPv6SUBNETZ>.d.b.9.2.2.0.6.5.3.4.d.f.ip6.arpa" {
|
||||
type master;
|
||||
file "/var/lib/bind/db.fd43-5602-29bd-<EIGENES IPv6SUBNETZ>";
|
||||
};
|
||||
|
||||
|
||||
zone "fff.community" {
|
||||
type master;
|
||||
file "/var/lib/bind/db.fff.community";
|
||||
};
|
||||
|
||||
zone "50.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/lib/bind/db.50.10";
|
||||
};
|
||||
|
||||
zone "83.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/lib/bind/db.83.10";
|
||||
};
|
||||
|
||||
zone "d.b.9.2.2.0.6.5.3.4.d.f.ip6.arpa" {
|
||||
type master;
|
||||
file "/var/lib/bind/db.fd43-5602-29bd";
|
||||
};
|
||||
|
||||
include "/var/lib/bind/icvpn-zones.conf"; # Nicht vergessen ;)
|
||||
|
||||
[..]
|
||||
};
|
||||
|
||||
view "external-view" {
|
||||
match-clients { any; };
|
||||
[..] # eigene Optionen
|
||||
|
||||
zone "<EIGENE SUBDOMAIN>.fff.community" {
|
||||
type master;
|
||||
file "/var/lib/bind/dbextern.<EIGENE SUBDOMAIN>.fff.community";
|
||||
};
|
||||
|
||||
zone "fff.community" {
|
||||
type master;
|
||||
file "/var/lib/bind/dbextern.fff.community";
|
||||
};
|
||||
|
||||
[..]
|
||||
};
|
||||
|
||||
|
||||
[..]
|
||||
```
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
#!/bin/sh
|
||||
|
||||
GetZoneFileSerial() {
|
||||
INSOASpec="^\s*\S\+\s\+\([0-9]*\s\)\?\s*IN\s\+SOA\s\+"
|
||||
FirstSOALineAndFollowing="/""$INSOASpec""/,\$!d;"
|
||||
RemoveComments=":a;s/;.*$//g;"
|
||||
RemoveLineBreaks=":a;N;\$!ba;s/\n//g;"
|
||||
SearchPrintSerial="s/""$INSOASpec""\S\+\s\+\S\+\s\+\((\s\)\?\s*\([0-9]*\).*/\3/i"
|
||||
|
||||
ZoneSerial=$(sed -e "$FirstSOALineAndFollowing""$RemoveComments""$RemoveLineBreaks""$SearchPrintSerial" "$1")
|
||||
echo "${ZoneSerial:-0}"
|
||||
}
|
||||
|
||||
ReloadZone() {
|
||||
if [ $DNSSCRIPT_BIND_RELOAD_VER -eq 0 ]; then
|
||||
systemctl reload bind9
|
||||
elif [ $DNSSCRIPT_BIND_RELOAD_VER -eq 1 ]; then
|
||||
rndc reload "$1" IN "$2"
|
||||
else
|
||||
/etc/init.d/named reload
|
||||
fi
|
||||
}
|
|
@ -1,92 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
#Name der Zone
|
||||
DomainZone="d.b.9.2.2.0.6.5.3.4.d.f.ip6.arpa."
|
||||
#Positionen und Namen der Forward Lookup Zone Files
|
||||
ForwardZoneFiles=("/srv/fff-dns/db.fff.community")
|
||||
ReverseZoneFile="/var/lib/bind/db.fd43-5602-29bd"
|
||||
#Temporäres Verzeichnis - muss pro Zone exclusiv sein!
|
||||
TempDir="/tmp/d.b.9.2.2.0.6.5.3.4.d.f.ip6.arpa"
|
||||
#TTL
|
||||
TTL=3600
|
||||
#refresh
|
||||
refresh=2000
|
||||
#retry
|
||||
retry=6400
|
||||
#expire
|
||||
expire=2419200
|
||||
#minimum
|
||||
minimum=86400
|
||||
#contact-mail
|
||||
contact=franken.freifunk.net.
|
||||
#responsible DNS Server by name (for reverseDNS your own)
|
||||
responsible=aquarius.gw.fff.community.
|
||||
|
||||
#################################################################
|
||||
|
||||
function dnsreload {
|
||||
systemctl reload bind9
|
||||
}
|
||||
|
||||
function validate_ip() {
|
||||
local ip=$1
|
||||
local stat=1
|
||||
|
||||
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
|
||||
OIFS=$IFS
|
||||
IFS='.'
|
||||
ip=($ip)
|
||||
IFS=$OIFS
|
||||
[[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \
|
||||
&& ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
|
||||
stat=$?
|
||||
fi
|
||||
return $stat
|
||||
}
|
||||
function reverseIp6 {
|
||||
echo "$1" | \
|
||||
awk -F: 'BEGIN {OFS=""}{ FillCount=9-NF; for(i=1;i<=NF;i++){if(length($i) == 0){if(i==NF) {$i="0000";} else {for(j=1;j<=FillCount;j++){$i=($i "0000");}}} else {$i=substr(("0000" $i), length($i)+1);}}; print}' | \
|
||||
awk '{ i=length; x=substr($0,i,1); for(i--;i!=0;i--)x=x "\." substr($0,i,1);}END{print x}'
|
||||
}
|
||||
|
||||
|
||||
mkdir -p $TempDir
|
||||
Serials=()
|
||||
for ForwardZoneFile in "${ForwardZoneFiles[@]}"
|
||||
do
|
||||
ZoneName=$(cat $ForwardZoneFile | grep SOA | awk '{ print $1 }' | head -n 1)
|
||||
named-compilezone -o "$TempDir/$ZoneName" $ZoneName $ForwardZoneFile >/dev/null 2>&1
|
||||
serial=$(cat "$TempDir/$ZoneName" | grep SOA | awk '{ print $7 }' | head -n 1)
|
||||
Serials+=( "$serial" )
|
||||
done
|
||||
|
||||
Serials=( $( for i in ${Serials[@]}; do echo "$i"; done | sort -rn ) )
|
||||
serial=${Serials[0]}
|
||||
|
||||
echo "$DomainZone $TTL IN SOA $responsible $contact $serial $refresh $retry $expire $minimum" > "$TempDir/$DomainZone"
|
||||
echo "$DomainZone $TTL IN NS $responsible" >> "$TempDir/$DomainZone"
|
||||
for ForwardZoneFile in $(ls $TempDir)
|
||||
do
|
||||
Hosts=($(cat "$TempDir/$ForwardZoneFile" | grep -v SOA | grep -Fv "*" | awk '{ print $1 }'))
|
||||
IPs=$(cat "$TempDir/$ForwardZoneFile" | grep -v SOA | grep -Fv "*" | awk '{ print $5 }')
|
||||
i=0
|
||||
for IP in $IPs; do
|
||||
if rdns=$(sipcalc -r "$IP" | grep -F "ip6.arpa."); then
|
||||
echo "$rdns $TTL IN PTR ${Hosts[$i]}" >> "$TempDir/$DomainZone"
|
||||
fi
|
||||
i=$((i+1))
|
||||
done
|
||||
done
|
||||
|
||||
if [ -f $ReverseZoneFile ]; then
|
||||
oldSerial=$(grep SOA $ReverseZoneFile | awk 'NR==1{print $7}')
|
||||
else
|
||||
oldSerial=0
|
||||
fi
|
||||
|
||||
if [ $serial -gt $oldSerial ]
|
||||
then
|
||||
named-compilezone -o $ReverseZoneFile $DomainZone "$TempDir/$DomainZone" >/dev/null 2>&1
|
||||
dnsreload
|
||||
fi
|
||||
rm -r $TempDir
|
|
@ -1,23 +1,94 @@
|
|||
#!/bin/sh
|
||||
|
||||
. ./dns-functions.sh
|
||||
|
||||
# exit script when command fails
|
||||
set -e
|
||||
|
||||
if [ $# -ne 1 ]; then
|
||||
echo "Usage: $0 <git-directory>" >&2
|
||||
exit 1
|
||||
export DNSSCRIPT_CONTACT_EMAIL=franken.freifunk.net.
|
||||
export DNSSCRIPT_SERVER_NAME=fff-gw-herpf01.fff.community.
|
||||
UpdateScriptsFolder="/srv/fff-scripts/"
|
||||
ZoneFilesFolder="/var/lib/bind"
|
||||
CommunityDomain="fff.community"
|
||||
|
||||
# Einkommentieren und für eigene Hood setzen
|
||||
#HoodSubDomain="herpf" # File unter "$ZoneFilesFolder""db.""$HoodSubDomain"".""$CommunityDomain"
|
||||
#HoodSubIPv4="250" # nur /24er Netze
|
||||
#HoodSubIPv6="62" # nur /64er Netze
|
||||
|
||||
# 0 -> Debian o.a. systemctl reload bind9
|
||||
# 1 -> rndc benutzen um nur die jeweilige Zone neu zu laden (empfohlen; rndc muss eingerichtet werden)
|
||||
# 2 -> für OpenWRT /etc/init.d/named reload
|
||||
#
|
||||
export DNSSCRIPT_BIND_RELOAD_VER=1
|
||||
|
||||
# Wenn rndc benutzt wird den internen und externen View setzen
|
||||
InternalView="icvpn-internal-view"
|
||||
ExternalView="external-view"
|
||||
|
||||
MasterFileRemoteLocation="https://git.freifunk-franken.de/freifunk-franken/dns/raw/branch/master/db.fff.community"
|
||||
|
||||
# TTL Refresh Retry Expire Minimum
|
||||
TTLReReExMi="3600 2000 6400 2419200 86400"
|
||||
|
||||
# ForwardZones Schema: "<Zone>/<Zonendatei>" ; optional mehrfach " ""<ZoneX>/<ZonendateiX>" Keine Leerzeichen im Ordner/File erlaubt
|
||||
ForwardZones="$CommunityDomain""/""$ZoneFilesFolder""db.""$CommunityDomain"
|
||||
|
||||
|
||||
#############################################################
|
||||
|
||||
MasterFile="$ZoneFilesFolder""db.""$CommunityDomain"
|
||||
|
||||
|
||||
PreFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")"
|
||||
curl "$MasterFileRemoteLocation" --output "$MasterFile"
|
||||
PostFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")"
|
||||
|
||||
if [ $((PostFetchMasterSerial)) -gt $((PreFetchMasterSerial)) ]; then
|
||||
ReloadZone "$CommunityDomain" "$InternalView"
|
||||
fi
|
||||
|
||||
# navigate to directory given as parameter
|
||||
cd $1
|
||||
|
||||
oldhash=$(git rev-parse HEAD)
|
||||
git pull -q --ff-only
|
||||
# Update für master-zones
|
||||
RZone="50.10.in-addr.arpa."
|
||||
RFile="$ZoneFilesFolder""db.50.10"
|
||||
"$UpdateScriptsFolder"update-rdnszone.sh "$RZone" "$ForwardZones" "$RFile" "$TTLReReExMi" "$InternalView"
|
||||
|
||||
/srv/fff-scripts/10-50-reverse.sh
|
||||
/srv/fff-scripts/10-83-reverse.sh
|
||||
/srv/fff-scripts/fd43-5602-29bd-reverse.sh
|
||||
RZone="83.10.in-addr.arpa."
|
||||
RFile="$ZoneFilesFolder""db.83.10"
|
||||
"$UpdateScriptsFolder"update-rdnszone.sh "$RZone" "$ForwardZones" "$RFile" "$TTLReReExMi" "$InternalView"
|
||||
|
||||
if [ "$oldhash" != "$(git rev-parse HEAD)" ]; then
|
||||
/bin/systemctl reload bind9
|
||||
RZone="d.b.9.2.2.0.6.5.3.4.d.f.ip6.arpa."
|
||||
RFile="$ZoneFilesFolder""db.fd43-5602-29bd"
|
||||
"$UpdateScriptsFolder"update-rdnszone.sh "$RZone" "$ForwardZones" "$RFile" "$TTLReReExMi" "$InternalView"
|
||||
|
||||
if [ -n "$ExternalView" ]; then
|
||||
# Split-View
|
||||
InternFile="$MasterFile"
|
||||
ExternFile="$ZoneFilesFolder""dbextern.""$CommunityDomain"
|
||||
Domain="$CommunityDomain"
|
||||
"$UpdateScriptsFolder"update-extzone.sh "$InternFile" "$ExternFile" "$Domain" "$ExternalView"
|
||||
fi
|
||||
|
||||
|
||||
if [ -n "$HoodSubDomain" ]; then
|
||||
# Update für lokale Zone; ForwardZones wird hier um die SubDomain erweitert
|
||||
ForwardZones="$ForwardZones $HoodSubDomain"".""$CommunityDomain""/""$ZoneFilesFolder""db.""$HoodSubDomain"".""$CommunityDomain"
|
||||
|
||||
RZone="$HoodSubIPv4"".50.10.in-addr.arpa."
|
||||
RFile="$ZoneFilesFolder""db.""$HoodSubIPv4"".50.10"
|
||||
"$UpdateScriptsFolder"update-rdnszone.sh "$RZone" "$ForwardZones" "$RFile" "$TTLReReExMi" "$InternalView"
|
||||
|
||||
HoodSubIPv6Reverse="$(echo "$HoodSubIPv6" | awk '{$i=substr(("0000" $i), length($i)+1); print}' | awk '{ i=length; x=substr($0,i,1); for(i--;i!=0;i--)x=x "." substr($0,i,1);}END{print x}')"
|
||||
RZone="$HoodSubIPv6Reverse"".d.b.9.2.2.0.6.5.3.4.d.f.ip6.arpa."
|
||||
RFile="$ZoneFilesFolder""db.fd43-5602-29bd-""$HoodSubIPv6"
|
||||
"$UpdateScriptsFolder"update-rdnszone.sh "$RZone" "$ForwardZones" "$RFile" "$TTLReReExMi" "$InternalView"
|
||||
|
||||
if [ -n "$ExternalView" ]; then
|
||||
# Split-View
|
||||
InternFile="$ZoneFilesFolder""db.""$HoodSubDomain"".""$CommunityDomain"
|
||||
ExternFile="$ZoneFilesFolder""dbextern.""$HoodSubDomain"".""$CommunityDomain"
|
||||
Domain="$HoodSubDomain"".""$CommunityDomain"
|
||||
"$UpdateScriptsFolder"update-extzone.sh "$InternFile" "$ExternFile" "$Domain" "$ExternalView"
|
||||
fi
|
||||
fi
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
#!/bin/sh
|
||||
|
||||
. ./dns-functions.sh
|
||||
|
||||
InternalZoneFile="$1"
|
||||
ExternalZoneFile="$2"
|
||||
ExternalZone="$3"
|
||||
ExternalView="$4"
|
||||
|
||||
SerialIntern="$(GetZoneFileSerial "$InternalZoneFile")"
|
||||
if [ -f "$ExternalZoneFile" ]; then
|
||||
SerialExtern="$(GetZoneFileSerial "$ExternalZoneFile")"
|
||||
else
|
||||
SerialExtern=0
|
||||
fi
|
||||
|
||||
if [ $SerialIntern -gt $SerialExtern ]; then
|
||||
sed '/.*\s\(10.\|[fF][cdCD][0-9a-fA-F]\{2\}:\)\S*\s*\(;.*\)\?/d' "$InternalZoneFile" > "$ExternalZoneFile"
|
||||
ReloadZone "$ExternalZone" "$ExternalView"
|
||||
fi
|
|
@ -0,0 +1,93 @@
|
|||
#!/bin/sh
|
||||
|
||||
. ./dns-functions.sh
|
||||
|
||||
ReverseDomain="$1"
|
||||
ReverseZone="${ReverseDomain%*.}"
|
||||
ForwardZones="$2"
|
||||
ReverseZoneFile="$3"
|
||||
TempDir="/tmp/""$ReverseZone"
|
||||
TTL="${4%% *}"
|
||||
ReReExMi="${4#* }"
|
||||
View="$5"
|
||||
|
||||
GetIPEntries() {
|
||||
if [ -z "$RZoneIsIPv6" ]; then
|
||||
IPPattern="[aA]\s\+\([0-9\.]\+\)"
|
||||
else
|
||||
IPPattern="[aA]\{4\}\s\+\([0-9a-f:]\+\)"
|
||||
fi
|
||||
|
||||
sed -ne "s/^\s*\(\S\+\)\s\+\([0-9]*\s\)\?\s*IN\s\+""$IPPattern"".*/\1\/\3/p" "$TempDir/$ForwardZoneFile"
|
||||
}
|
||||
|
||||
ReverseEntry() {
|
||||
if [ -z "$RZoneIsIPv6" ]; then
|
||||
echo "$(echo "$1" | awk 'BEGIN { FS = "." } ; { print $4 "." $3 "." $2 "." $1 }')"".in-addr.arpa."
|
||||
else
|
||||
echo "$(echo "$1" | \
|
||||
awk -F: 'BEGIN {OFS=""}{ FillCount=9-NF; for(i=1;i<=NF;i++){if(length($i) == 0){if(i==NF) {$i="0000";} else {for(j=1;j<=FillCount;j++){$i=($i "0000");}}} else {$i=substr(("0000" $i), length($i)+1);}}; print}' | \
|
||||
awk '{ i=length; x=substr($0,i,1); for(i--;i!=0;i--)x=x "." substr($0,i,1);}END{print x}')"".ip6.arpa."
|
||||
fi
|
||||
}
|
||||
|
||||
if [ -z "${ReverseDomain##*.in-addr.arpa.}" ]; then
|
||||
RZoneIsIPv6=""
|
||||
elif [ -z "${ReverseDomain##*.ip6.arpa.}" ]; then
|
||||
RZoneIsIPv6=1
|
||||
else
|
||||
echo "No valid ReverseDomain" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
mkdir -p "$TempDir"
|
||||
|
||||
for ForwardZone in $ForwardZones; do
|
||||
ZoneName="${ForwardZone%%/*}"
|
||||
ZoneFile="${ForwardZone#*/}"
|
||||
named-checkzone -f text -i local -o "$TempDir/$ZoneName" -D "$ZoneName" "$ZoneFile" >/dev/null 2>&1
|
||||
Serial="$(GetZoneFileSerial "$TempDir/$ZoneName")"
|
||||
NewReverseSerial=$((Serial + NewReverseSerial))
|
||||
ZoneRevNS="$(sed -ne 's/^\s*\S\+\s\+\([0-9]*\s\)\?\s*IN\s\+NS\s\+\(\S\+\)\s*.*;\s*Reverse:\s*\([^;]*\)$/\2\/\3/p' "$ZoneFile")"
|
||||
ZoneRevNS="$(echo "$ZoneRevNS" | sed -e 's/\(.*[^\.]\)\//\1\.'"$ZoneName"'\.\//' )"
|
||||
SubNSEntries="$SubNSEntries""$ZoneRevNS"
|
||||
done
|
||||
|
||||
if [ -f "$ReverseZoneFile" ]; then
|
||||
OldSerial=$(GetZoneFileSerial "$ReverseZoneFile")
|
||||
else
|
||||
OldSerial=0
|
||||
fi
|
||||
|
||||
if [ $NewReverseSerial -gt $OldSerial ]; then
|
||||
echo "$ReverseDomain $TTL IN SOA $DNSSCRIPT_SERVER_NAME $DNSSCRIPT_CONTACT_EMAIL $NewReverseSerial $ReReExMi" > "$TempDir/$ReverseZone"
|
||||
echo "$ReverseDomain $TTL IN NS $DNSSCRIPT_SERVER_NAME" >> "$TempDir/$ReverseZone"
|
||||
|
||||
echo "$SubNSEntries" | while read -r SubNSEntry; do
|
||||
for SubReverseDomain in ${SubNSEntry#*/}; do
|
||||
if [ -n "$SubReverseDomain" ] && [ -z "${SubReverseDomain##*$ReverseDomain}" ]; then
|
||||
echo "$SubReverseDomain $TTL IN NS ${SubNSEntry%/*}" >> "$TempDir/$ReverseZone"
|
||||
fi
|
||||
done
|
||||
done
|
||||
|
||||
for ForwardZoneFile in $(ls $TempDir); do
|
||||
|
||||
IPEntries="$(GetIPEntries)"
|
||||
|
||||
for IPEntry in $IPEntries; do
|
||||
IP="${IPEntry#*/}"
|
||||
# Gültigkeit der IP-Adressen named-checkzone bereits geprüft
|
||||
IP=$(ReverseEntry "$IP")
|
||||
if [ -z "${IP##*$ReverseDomain}" ]; then
|
||||
Host="${IPEntry%/*}"
|
||||
echo "$IP $TTL IN PTR $Host" >> "$TempDir/$ReverseZone"
|
||||
fi
|
||||
done
|
||||
done
|
||||
|
||||
named-checkzone -o "$ReverseZoneFile" "$ReverseDomain" "$TempDir/$ReverseZone" # >/dev/null 2>&1
|
||||
ReloadZone "$ReverseDomain" "$View"
|
||||
fi
|
||||
|
||||
rm -r "$TempDir"
|
Loading…
Reference in New Issue