From 15685409041d9ed265756ecfe907e0a72e14a2d9 Mon Sep 17 00:00:00 2001
From: Blackyfff <blackyfff@noreply.git.freifunk-franken.de>
Date: Mon, 4 Jan 2021 20:53:39 +0100
Subject: [PATCH] =?UTF-8?q?Umgestellt=20auf=20ash+posix;=20external-view?=
 =?UTF-8?q?=20m=C3=B6glich;=20Reload=20konfigurierbar=20nach=20System;=20E?=
 =?UTF-8?q?igene=20Subdomain=20mit=20mehreren=20Subreversedomains=20m?=
 =?UTF-8?q?=C3=B6glich;=20Alles=20Zonefiles=20m=C3=BCssen=20in=20einem=20O?=
 =?UTF-8?q?rdner=20liegen=20(Forward&Reverse);=20Beschreibung=20aktualisie?=
 =?UTF-8?q?rt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 10-50-reverse.sh          |  83 ---------------------------
 10-83-reverse.sh          |  89 -----------------------------
 README.md                 | 114 ++++++++++++++++++++++++++++++++++----
 dns-functions.sh          |  22 ++++++++
 fd43-5602-29bd-reverse.sh |  92 ------------------------------
 update-dns.sh             |  95 +++++++++++++++++++++++++++----
 update-extzone.sh         |  20 +++++++
 update-rdnszone.sh        |  93 +++++++++++++++++++++++++++++++
 8 files changed, 321 insertions(+), 287 deletions(-)
 delete mode 100644 10-50-reverse.sh
 delete mode 100755 10-83-reverse.sh
 create mode 100644 dns-functions.sh
 delete mode 100755 fd43-5602-29bd-reverse.sh
 mode change 100755 => 100644 update-dns.sh
 create mode 100644 update-extzone.sh
 create mode 100644 update-rdnszone.sh

diff --git a/10-50-reverse.sh b/10-50-reverse.sh
deleted file mode 100644
index e0a8ccb..0000000
--- a/10-50-reverse.sh
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/bin/sh
-
-DomainZone="50.10.in-addr.arpa."
-#ForwardZoneFiles="/srv/fff-dns/db.fff.community"
-#ReverseZoneFile="/var/lib/bind/db.50.10"
-ForwardZoneFiles="/etc/bind/db.herpf.fff.community"
-ReverseZoneFile="/etc/bind/db.250.50.10"
-#Temporäres Verzeichnis - muss pro Zone exclusiv sein!
-TempDir="/tmp/250.50.10.in-addr.arpa"
-TTL=3600
-refresh=2000
-retry=6400
-expire=2419200
-minimum=86400
-ContactEMail=franken.freifunk.net.
-ReverseServerName=aquarius.gw.fff.community.
-
-#################################################################
-
-function GetZoneFileSerial() {
-	local INSOAPrefix="^\s*\S\+\s\+\([0-9]*\s\)\?\s*IN\s\+SOA\s\+"
-	local FirstSOALineAndFollowing="/""$INSOAPrefix""/,\$!d;"
-	local RemoveComments=":a;s/;.*$//g;"
-	local RemoveLineBreaks=":a;N;\$!ba;s/\n//g;"
-	local SearchPrintSerial="s/""$INSOAPrefix""\S\+\s\+\S\+\s\+\((\s\)\?\s*\([0-9]*\).*/\3/i"
-
-	local Serial=$(sed -e "$FirstSOALineAndFollowing""$RemoveComments""$RemoveLineBreaks""$SearchPrintSerial" "$1")
-	echo "$Serial"
-}
-
-function DNSReload {
-	if [[ -n "$Userndc" ]]; then
-		rndc reload "$DomainZone" IN "icvpn-internal-view"
-	else
-		systemctl reload bind9
-	fi
-}
-
-function ValidateIPv4() {
-	[[ -n "$(echo "$1" | sed -e '/^\(\(25[0-5]\|\(2[0-4]\|1[0-9]\|[1-9]\)\?[0-9]\)\.\)\{0,3\}\(25[0-5]\|\(2[0-4]\|1[0-9]\|[1-9]\)\?[0-9]\)$/!d')" ]]
-	return $?
-}
-
-
-mkdir -p $TempDir
-
-for ForwardZoneFile in $ForwardZoneFiles
-do
-	ZoneName="$DomainZone" #$(sed -ne 's/\(\S\+\)\s\+IN\s\+SOA\s\+\S\+.*/\1/p' "$ForwardZoneFile")
-	named-checkzone -o "$TempDir/$ZoneName" -D $ZoneName $ForwardZoneFile >/dev/null 2>&1
-	Serial=$(GetZoneFileSerial "$TempDir/$ZoneName")
-	NewSerial=$((Serial+NewSerial))	
-done
-
-echo "$DomainZone $TTL IN SOA $ReverseServerName $ContactEMail $NewSerial $refresh $retry $expire $minimum" > "$TempDir/$DomainZone"
-echo "$DomainZone $TTL IN NS $ReverseServerName" >> "$TempDir/$DomainZone"
-for ForwardZoneFile in $(ls $TempDir)
-do
-	Hosts=($(cat "$TempDir/$ForwardZoneFile" | grep -v SOA | awk '{ print $1 }'))
-	IPs=$(cat "$TempDir/$ForwardZoneFile" | grep -v SOA | awk '{ print $5 }')
-	i=0
-	for IP in $IPs
-	do
-		if ValidateIPv4 $IP
-		then
-			echo $(echo $IP | awk 'BEGIN { FS = "." } ; { print $4 "." $3 "." $2 "." $1 }')".in-addr.arpa." $TTL IN PTR ${Hosts[$i]} >> "$TempDir/$DomainZone"
-		fi
-		i=$((i+1))
-	done
-done
-
-if [[ -f $ReverseZoneFile ]]; then
-		OldSerial="$(GetZoneFileSerial '$ReverseZoneFile')"
-else
-		OldSerial=0
-fi
-
-if [[ $NewSerial -gt $OldSerial ]]
-then
-	named-compilezone -o $ReverseZoneFile $DomainZone "$TempDir/$DomainZone" >/dev/null 2>&1
-	DNSReload
-fi
-rm -r $TempDir
diff --git a/10-83-reverse.sh b/10-83-reverse.sh
deleted file mode 100755
index c687b0e..0000000
--- a/10-83-reverse.sh
+++ /dev/null
@@ -1,89 +0,0 @@
-#!/bin/bash
-
-#Name der Zone
-DomainZone="83.10.in-addr.arpa."
-#Positionen und Namen der Forward Lookup Zone Files
-ForwardZoneFiles=("/srv/fff-dns/db.fff.community")
-ReverseZoneFile="/var/lib/bind/db.83.10"
-#Temporäres Verzeichnis - muss pro Zone exclusiv sein!
-TempDir="/tmp/83.10.in-addr.arpa"
-#TTL
-TTL=3600
-#refresh
-refresh=2000
-#retry
-retry=6400
-#expire
-expire=2419200
-#minimum
-minimum=86400
-#contact-mail
-contact=franken.freifunk.net.
-#responsible DNS Server by name (for reverseDNS your own)
-responsible=aquarius.gw.fff.community.
-
-#################################################################
-
-function dnsreload {
-	systemctl reload bind9
-}
-
-function validate_ip() {
-	local  ip=$1
-	local  stat=1
-
-	if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-		OIFS=$IFS
-		IFS='.'
-		ip=($ip)
-		IFS=$OIFS
-		[[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \
-			&& ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
-		stat=$?
-	fi
-	return $stat
-}
-
-
-mkdir -p $TempDir
-Serials=()
-for ForwardZoneFile in "${ForwardZoneFiles[@]}"
-do
-	ZoneName=$(cat $ForwardZoneFile | grep SOA | awk '{ print $1 }' | head -n 1)
-	named-compilezone -o "$TempDir/$ZoneName" $ZoneName $ForwardZoneFile >/dev/null 2>&1
-	serial=$(cat "$TempDir/$ZoneName" | grep SOA | awk '{ print $7 }' | head -n 1)
-	Serials+=( "$serial" )
-done
-
-Serials=( $( for i in ${Serials[@]}; do echo "$i"; done | sort -rn ) )
-serial=${Serials[0]}
-
-echo "$DomainZone $TTL IN SOA $responsible $contact $serial $refresh $retry $expire $minimum" > "$TempDir/$DomainZone"
-echo "$DomainZone $TTL IN NS $responsible" >> "$TempDir/$DomainZone"
-for ForwardZoneFile in $(ls $TempDir)
-do
-	Hosts=($(cat "$TempDir/$ForwardZoneFile" | grep -v SOA | awk '{ print $1 }'))
-	IPs=$(cat "$TempDir/$ForwardZoneFile" | grep -v SOA | awk '{ print $5 }')
-	i=0
-	for IP in $IPs
-	do
-		if validate_ip $IP
-		then
-			echo $(echo $IP | awk 'BEGIN { FS = "." } ; { print $4 "." $3 "." $2 "." $1 }')".in-addr.arpa." $TTL IN PTR ${Hosts[$i]} >> "$TempDir/$DomainZone"
-		fi
-		i=$((i+1))
-	done
-done
-
-if [ -f $ReverseZoneFile ]; then
-		oldSerial=$(grep SOA $ReverseZoneFile | awk 'NR==1{print $7}')
-else
-		oldSerial=0
-fi
-
-if [ $serial -gt $oldSerial ]
-then
-	named-compilezone -o $ReverseZoneFile $DomainZone "$TempDir/$DomainZone" >/dev/null 2>&1
-	dnsreload
-fi
-rm -r $TempDir
diff --git a/README.md b/README.md
index f7864b5..5f79f4f 100644
--- a/README.md
+++ b/README.md
@@ -1,29 +1,36 @@
 
 # fff-scripts
-Dieses Git enthält eine Sammlung an Scripten zur Aktualisierung des Zone-git für fff.community.
-Außerdem gibt es Skripte, die aus der Forward-Zone eine passende Reverse-Zone für unsere internen RFC 1918 und RFC 4193 Adressen erzeugen.
+Dieses Git enthält eine Sammlung an Scripten zur Aktualisierung der Zonendatei für fff.community.
+Außerdem gibt es Skripte, die aus der Forward-Zone und optional eigener Subdomain passende Reverse-Zones für unsere internen RFC 1918 und RFC 4193 Adressen erzeugen.
 
 ## Installation
-#### Zone-git klonen
-Zuerst muss das [dns-git](https://git.freifunk-franken.de/freifunk-franken/dns) geclont werden. Dieses enthält die Zonendatei für fff.community. Wohin dieses git geklont wird, ist egal. Der DNS Server muss Lesezugriff darauf haben.
-```
-git clone https://git.freifunk-franken.de/freifunk-franken/dns.git /srv/fff-dns
-```
+
+#### Systemanforderungen
+
+curl
+named-checkzone (z.B. bei bind oder bind-tools enthalten)
+
 
 #### dns-scripts klonen
-Dann können die Skripte geklont werden. Dabei ist aktuell noch die Position wichtig, da das Skript derzeit absolulte Pfade verwendet.
+Die Scripte müssen geklont werden, oder anderweitig in einem Ordner auf dem Server abgelegt werden. Dabei ist aktuell noch die Position wichtig, da das Skript derzeit absolulte Pfade verwendet (oder den Pfad in update-dns.sh anpassen)
 ```
 git clone https://git.freifunk-franken.de/freifunk-franken/dns-scripts.git /srv/fff-scripts
 ```
 
+#### konfigurieren
+In der Datei update-dns.sh kann die Verwaltung einer Subdomain incl. Reversezone aktiviert werden.
+
+
 #### Cron anlegen
-Schließlich muss noch ein Cron angelegt werden, der regelmäßig das Skript aufruft, welches das Zone-git aktualisiert und die Reverse-Skripte aufruft:
+Schließlich muss noch ein Cron angelegt werden, der regelmäßig das Skript aufruft, welches die Zonendatei aktualisiert und die Reverse-Skripte aufruft:
 ```
-1-59/5 *   * * *   /srv/fff-scripts/update-dns.sh /srv/fff-dns
+1-59/5 *   * * *   /srv/fff-scripts/update-dns.sh
 ```
 
 #### DNS-Server konfigurieren
 Dann muss nur noch der DNS Server, z.B. `bind`, für die entsprechenden Zonen eingerichtet werden:
+
+Einfachste Konfiguration:
 ```
 $ cat named.conf.local 
 [..]
@@ -51,4 +58,89 @@ zone "fff.community" {
 };
 
 [..]
-```
\ No newline at end of file
+```
+
+mit Split-View und eigener Subdomain:
+
+```
+$ cat named.conf.local 
+[..]
+
+acl icvpnlocal {
+	10.0.0.0/8;
+	172.16.0.0/12;
+	fd00::/8;
+};
+acl icvpnrange {
+	icvpnlocal;
+	# Die via babel/bird verteilten IPv6-Netze mit src-prefix, diese sollten per Script as der fff-table aktuell gehalten werden
+	#z.B. 2a00:1aa0:ffff::/48;
+};
+
+[..]
+view "icvpn-internal-view" {    
+	match-clients { icvpnrange; localhost; };
+
+    [..] # eigene Optionen
+
+	zone "<EIGENE SUBDOMAIN>.fff.community" {
+		type master;
+		file "/var/lib/bind/db.<EIGENE SUBDOMAIN>.fff.community";
+	};
+	
+	zone "<EIGENES IPv4SUBNETZ>.50.10.in-addr.arpa" {
+		type master;
+		file "/var/lib/bind/db.<EIGENES IPv4SUBNETZ>.50.10";
+	};
+	
+	zone "<EIGENES IPv6SUBNETZ>.d.b.9.2.2.0.6.5.3.4.d.f.ip6.arpa" {
+		type master;
+		file "/var/lib/bind/db.fd43-5602-29bd-<EIGENES IPv6SUBNETZ>";
+	};
+	
+	
+	zone "fff.community" {
+		type master;
+		file "/var/lib/bind/db.fff.community";
+	};
+	
+	zone "50.10.in-addr.arpa" {
+		type master;
+		file "/var/lib/bind/db.50.10";
+	};
+	
+	zone "83.10.in-addr.arpa" {
+		type master;
+		file "/var/lib/bind/db.83.10";
+	};
+	
+	zone "d.b.9.2.2.0.6.5.3.4.d.f.ip6.arpa" {
+		type master;
+		file "/var/lib/bind/db.fd43-5602-29bd";
+	};
+	
+	include "/var/lib/bind/icvpn-zones.conf"; # Nicht vergessen ;)
+
+    [..]	
+};
+
+view "external-view" {
+	match-clients { any; };
+    [..] # eigene Optionen
+	
+	zone "<EIGENE SUBDOMAIN>.fff.community" {
+		type master;
+		file "/var/lib/bind/dbextern.<EIGENE SUBDOMAIN>.fff.community";
+	};
+	
+	zone "fff.community" {
+		type master;
+		file "/var/lib/bind/dbextern.fff.community";
+	};
+    
+    [..]	
+};
+
+
+[..]
+```
diff --git a/dns-functions.sh b/dns-functions.sh
new file mode 100644
index 0000000..051928b
--- /dev/null
+++ b/dns-functions.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+GetZoneFileSerial() {
+	INSOASpec="^\s*\S\+\s\+\([0-9]*\s\)\?\s*IN\s\+SOA\s\+"
+	FirstSOALineAndFollowing="/""$INSOASpec""/,\$!d;"
+	RemoveComments=":a;s/;.*$//g;"
+	RemoveLineBreaks=":a;N;\$!ba;s/\n//g;"
+	SearchPrintSerial="s/""$INSOASpec""\S\+\s\+\S\+\s\+\((\s\)\?\s*\([0-9]*\).*/\3/i"
+	
+	ZoneSerial=$(sed -e "$FirstSOALineAndFollowing""$RemoveComments""$RemoveLineBreaks""$SearchPrintSerial" "$1")
+	echo "${ZoneSerial:-0}"
+}
+
+ReloadZone() {
+	if [ $DNSSCRIPT_BIND_RELOAD_VER -eq 0 ]; then
+		systemctl reload bind9
+	elif [ $DNSSCRIPT_BIND_RELOAD_VER -eq 1 ]; then
+		rndc reload "$1" IN "$2"
+	else
+		/etc/init.d/named reload
+	fi
+}
diff --git a/fd43-5602-29bd-reverse.sh b/fd43-5602-29bd-reverse.sh
deleted file mode 100755
index f943623..0000000
--- a/fd43-5602-29bd-reverse.sh
+++ /dev/null
@@ -1,92 +0,0 @@
-#!/bin/bash
-
-#Name der Zone
-DomainZone="d.b.9.2.2.0.6.5.3.4.d.f.ip6.arpa."
-#Positionen und Namen der Forward Lookup Zone Files
-ForwardZoneFiles=("/srv/fff-dns/db.fff.community")
-ReverseZoneFile="/var/lib/bind/db.fd43-5602-29bd"
-#Temporäres Verzeichnis - muss pro Zone exclusiv sein!
-TempDir="/tmp/d.b.9.2.2.0.6.5.3.4.d.f.ip6.arpa"
-#TTL
-TTL=3600
-#refresh
-refresh=2000
-#retry
-retry=6400
-#expire
-expire=2419200
-#minimum
-minimum=86400
-#contact-mail
-contact=franken.freifunk.net.
-#responsible DNS Server by name (for reverseDNS your own)
-responsible=aquarius.gw.fff.community.
-
-#################################################################
-
-function dnsreload {
-	systemctl reload bind9
-}
-
-function validate_ip() {
-	local  ip=$1
-	local  stat=1
-
-	if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-		OIFS=$IFS
-		IFS='.'
-		ip=($ip)
-		IFS=$OIFS
-		[[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \
-			&& ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
-		stat=$?
-	fi
-	return $stat
-}
-function reverseIp6 {
-	echo "$1" | \
-	awk -F: 'BEGIN {OFS=""}{ FillCount=9-NF; for(i=1;i<=NF;i++){if(length($i) == 0){if(i==NF) {$i="0000";} else {for(j=1;j<=FillCount;j++){$i=($i "0000");}}} else {$i=substr(("0000" $i), length($i)+1);}}; print}' | \
-	awk '{ i=length; x=substr($0,i,1); for(i--;i!=0;i--)x=x "\." substr($0,i,1);}END{print x}'
-}
-
-
-mkdir -p $TempDir
-Serials=()
-for ForwardZoneFile in "${ForwardZoneFiles[@]}"
-do
-	ZoneName=$(cat $ForwardZoneFile | grep SOA | awk '{ print $1 }' | head -n 1)
-	named-compilezone -o "$TempDir/$ZoneName" $ZoneName $ForwardZoneFile >/dev/null 2>&1
-	serial=$(cat "$TempDir/$ZoneName" | grep SOA | awk '{ print $7 }' | head -n 1)
-	Serials+=( "$serial" )
-done
-
-Serials=( $( for i in ${Serials[@]}; do echo "$i"; done | sort -rn ) )
-serial=${Serials[0]}
-
-echo "$DomainZone $TTL IN SOA $responsible $contact $serial $refresh $retry $expire $minimum" > "$TempDir/$DomainZone"
-echo "$DomainZone $TTL IN NS $responsible" >> "$TempDir/$DomainZone"
-for ForwardZoneFile in $(ls $TempDir)
-do
-	Hosts=($(cat "$TempDir/$ForwardZoneFile" | grep -v SOA | grep -Fv "*" | awk '{ print $1 }'))
-	IPs=$(cat "$TempDir/$ForwardZoneFile" | grep -v SOA | grep -Fv "*" | awk '{ print $5 }')
-	i=0
-	for IP in $IPs; do
-		if rdns=$(sipcalc -r "$IP" | grep -F "ip6.arpa."); then
-			echo "$rdns $TTL IN PTR ${Hosts[$i]}" >> "$TempDir/$DomainZone"
-		fi
-		i=$((i+1))
-	done
-done
-
-if [ -f $ReverseZoneFile ]; then
-		oldSerial=$(grep SOA $ReverseZoneFile | awk 'NR==1{print $7}')
-else
-		oldSerial=0
-fi
-
-if [ $serial -gt $oldSerial ]
-then
-	named-compilezone -o $ReverseZoneFile $DomainZone "$TempDir/$DomainZone" >/dev/null 2>&1
-	dnsreload
-fi
-rm -r $TempDir
diff --git a/update-dns.sh b/update-dns.sh
old mode 100755
new mode 100644
index dadc1e2..a8cb75d
--- a/update-dns.sh
+++ b/update-dns.sh
@@ -1,23 +1,94 @@
 #!/bin/sh
 
+. ./dns-functions.sh
+
 # exit script when command fails
 set -e
 
-if [ $# -ne 1 ]; then
-	echo "Usage: $0 <git-directory>" >&2
-	exit 1
+export DNSSCRIPT_CONTACT_EMAIL=franken.freifunk.net.
+export DNSSCRIPT_SERVER_NAME=fff-gw-herpf01.fff.community.
+UpdateScriptsFolder="/srv/fff-scripts/"
+ZoneFilesFolder="/var/lib/bind"
+CommunityDomain="fff.community"
+
+# Einkommentieren und für eigene Hood setzen
+#HoodSubDomain="herpf" # File unter "$ZoneFilesFolder""db.""$HoodSubDomain"".""$CommunityDomain"
+#HoodSubIPv4="250" # nur /24er Netze
+#HoodSubIPv6="62"  # nur /64er Netze
+
+# 0 -> Debian o.a. systemctl reload bind9
+# 1 -> rndc benutzen um nur die jeweilige Zone neu zu laden (empfohlen; rndc muss eingerichtet werden)
+# 2 -> für OpenWRT /etc/init.d/named reload
+#
+export DNSSCRIPT_BIND_RELOAD_VER=1
+
+# Wenn rndc benutzt wird den internen und externen View setzen
+InternalView="icvpn-internal-view"
+ExternalView="external-view"
+
+MasterFileRemoteLocation="https://git.freifunk-franken.de/freifunk-franken/dns/raw/branch/master/db.fff.community"
+
+# TTL Refresh Retry Expire Minimum
+TTLReReExMi="3600 2000 6400 2419200 86400"
+
+# ForwardZones Schema: "<Zone>/<Zonendatei>" ; optional mehrfach " ""<ZoneX>/<ZonendateiX>" Keine Leerzeichen im Ordner/File erlaubt
+ForwardZones="$CommunityDomain""/""$ZoneFilesFolder""db.""$CommunityDomain"
+
+
+#############################################################
+
+MasterFile="$ZoneFilesFolder""db.""$CommunityDomain"
+
+
+PreFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")"
+curl "$MasterFileRemoteLocation" --output "$MasterFile"
+PostFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")"
+
+if [ $((PostFetchMasterSerial)) -gt $((PreFetchMasterSerial)) ]; then
+	ReloadZone "$CommunityDomain" "$InternalView"
 fi
 
-# navigate to directory given as parameter
-cd $1
 
-oldhash=$(git rev-parse HEAD)
-git pull -q --ff-only
+# Update für master-zones
+RZone="50.10.in-addr.arpa."
+RFile="$ZoneFilesFolder""db.50.10"
+"$UpdateScriptsFolder"update-rdnszone.sh "$RZone" "$ForwardZones" "$RFile" "$TTLReReExMi" "$InternalView"
 
-/srv/fff-scripts/10-50-reverse.sh
-/srv/fff-scripts/10-83-reverse.sh
-/srv/fff-scripts/fd43-5602-29bd-reverse.sh
+RZone="83.10.in-addr.arpa."
+RFile="$ZoneFilesFolder""db.83.10"
+"$UpdateScriptsFolder"update-rdnszone.sh "$RZone" "$ForwardZones" "$RFile" "$TTLReReExMi" "$InternalView"
 
-if [ "$oldhash" != "$(git rev-parse HEAD)" ]; then
-	/bin/systemctl reload bind9
+RZone="d.b.9.2.2.0.6.5.3.4.d.f.ip6.arpa."
+RFile="$ZoneFilesFolder""db.fd43-5602-29bd"
+"$UpdateScriptsFolder"update-rdnszone.sh "$RZone" "$ForwardZones" "$RFile" "$TTLReReExMi" "$InternalView"
+
+if [ -n "$ExternalView" ]; then
+	# Split-View
+	InternFile="$MasterFile"
+	ExternFile="$ZoneFilesFolder""dbextern.""$CommunityDomain"
+	Domain="$CommunityDomain"
+	"$UpdateScriptsFolder"update-extzone.sh "$InternFile" "$ExternFile" "$Domain" "$ExternalView"
+fi
+
+
+if [ -n "$HoodSubDomain" ]; then
+	# Update für lokale Zone; ForwardZones wird hier um die SubDomain erweitert
+	ForwardZones="$ForwardZones $HoodSubDomain"".""$CommunityDomain""/""$ZoneFilesFolder""db.""$HoodSubDomain"".""$CommunityDomain"
+	
+	RZone="$HoodSubIPv4"".50.10.in-addr.arpa."
+	RFile="$ZoneFilesFolder""db.""$HoodSubIPv4"".50.10"
+	"$UpdateScriptsFolder"update-rdnszone.sh "$RZone" "$ForwardZones" "$RFile" "$TTLReReExMi" "$InternalView"
+	
+	HoodSubIPv6Reverse="$(echo "$HoodSubIPv6" | awk '{$i=substr(("0000" $i), length($i)+1); print}' | awk '{ i=length; x=substr($0,i,1); for(i--;i!=0;i--)x=x "." substr($0,i,1);}END{print x}')"
+	RZone="$HoodSubIPv6Reverse"".d.b.9.2.2.0.6.5.3.4.d.f.ip6.arpa."
+	RFile="$ZoneFilesFolder""db.fd43-5602-29bd-""$HoodSubIPv6"
+	"$UpdateScriptsFolder"update-rdnszone.sh "$RZone" "$ForwardZones" "$RFile" "$TTLReReExMi" "$InternalView"
+	
+	if [ -n "$ExternalView" ]; then
+		# Split-View
+		InternFile="$ZoneFilesFolder""db.""$HoodSubDomain"".""$CommunityDomain"
+		ExternFile="$ZoneFilesFolder""dbextern.""$HoodSubDomain"".""$CommunityDomain"
+		Domain="$HoodSubDomain"".""$CommunityDomain"
+		"$UpdateScriptsFolder"update-extzone.sh "$InternFile" "$ExternFile" "$Domain" "$ExternalView"
+	fi
 fi
diff --git a/update-extzone.sh b/update-extzone.sh
new file mode 100644
index 0000000..ce10a3e
--- /dev/null
+++ b/update-extzone.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+. ./dns-functions.sh
+
+InternalZoneFile="$1"
+ExternalZoneFile="$2"
+ExternalZone="$3"
+ExternalView="$4"
+
+SerialIntern="$(GetZoneFileSerial "$InternalZoneFile")"
+if [ -f "$ExternalZoneFile" ]; then
+	SerialExtern="$(GetZoneFileSerial "$ExternalZoneFile")"
+else
+	SerialExtern=0
+fi
+
+if [ $SerialIntern -gt $SerialExtern ]; then
+	sed '/.*\s\(10.\|[fF][cdCD][0-9a-fA-F]\{2\}:\)\S*\s*\(;.*\)\?/d' "$InternalZoneFile" > "$ExternalZoneFile"
+	ReloadZone "$ExternalZone" "$ExternalView"
+fi
diff --git a/update-rdnszone.sh b/update-rdnszone.sh
new file mode 100644
index 0000000..d041638
--- /dev/null
+++ b/update-rdnszone.sh
@@ -0,0 +1,93 @@
+#!/bin/sh
+
+. ./dns-functions.sh
+
+ReverseDomain="$1"
+ReverseZone="${ReverseDomain%*.}"
+ForwardZones="$2"
+ReverseZoneFile="$3"
+TempDir="/tmp/""$ReverseZone"
+TTL="${4%% *}"
+ReReExMi="${4#* }"
+View="$5"
+
+GetIPEntries() {
+	if [ -z "$RZoneIsIPv6" ]; then
+		IPPattern="[aA]\s\+\([0-9\.]\+\)"
+	else
+		IPPattern="[aA]\{4\}\s\+\([0-9a-f:]\+\)"
+	fi
+	
+	sed -ne "s/^\s*\(\S\+\)\s\+\([0-9]*\s\)\?\s*IN\s\+""$IPPattern"".*/\1\/\3/p" "$TempDir/$ForwardZoneFile"
+}
+
+ReverseEntry() {
+	if [ -z "$RZoneIsIPv6" ]; then
+		echo "$(echo "$1" | awk 'BEGIN { FS = "." } ; { print $4 "." $3 "." $2 "." $1 }')"".in-addr.arpa."
+	else
+		echo "$(echo "$1" | \
+		awk -F: 'BEGIN {OFS=""}{ FillCount=9-NF; for(i=1;i<=NF;i++){if(length($i) == 0){if(i==NF) {$i="0000";} else {for(j=1;j<=FillCount;j++){$i=($i "0000");}}} else {$i=substr(("0000" $i), length($i)+1);}}; print}' | \
+		awk '{ i=length; x=substr($0,i,1); for(i--;i!=0;i--)x=x "." substr($0,i,1);}END{print x}')"".ip6.arpa."
+	fi
+}
+
+if [ -z "${ReverseDomain##*.in-addr.arpa.}" ]; then
+	RZoneIsIPv6=""
+elif [ -z "${ReverseDomain##*.ip6.arpa.}" ]; then
+	RZoneIsIPv6=1
+else
+	echo "No valid ReverseDomain" 1>&2
+	exit 1
+fi
+
+mkdir -p "$TempDir"
+
+for ForwardZone in $ForwardZones; do
+	ZoneName="${ForwardZone%%/*}"
+	ZoneFile="${ForwardZone#*/}"
+	named-checkzone -f text -i local -o "$TempDir/$ZoneName" -D "$ZoneName" "$ZoneFile" >/dev/null 2>&1
+	Serial="$(GetZoneFileSerial "$TempDir/$ZoneName")"
+	NewReverseSerial=$((Serial + NewReverseSerial))
+	ZoneRevNS="$(sed -ne 's/^\s*\S\+\s\+\([0-9]*\s\)\?\s*IN\s\+NS\s\+\(\S\+\)\s*.*;\s*Reverse:\s*\([^;]*\)$/\2\/\3/p' "$ZoneFile")"
+	ZoneRevNS="$(echo "$ZoneRevNS" | sed -e 's/\(.*[^\.]\)\//\1\.'"$ZoneName"'\.\//' )"
+	SubNSEntries="$SubNSEntries""$ZoneRevNS"
+done
+
+if [ -f "$ReverseZoneFile" ]; then
+	OldSerial=$(GetZoneFileSerial "$ReverseZoneFile")
+else
+	OldSerial=0
+fi
+
+if [ $NewReverseSerial -gt $OldSerial ]; then
+	echo "$ReverseDomain $TTL IN SOA $DNSSCRIPT_SERVER_NAME $DNSSCRIPT_CONTACT_EMAIL $NewReverseSerial $ReReExMi" > "$TempDir/$ReverseZone"
+	echo "$ReverseDomain $TTL IN NS $DNSSCRIPT_SERVER_NAME" >> "$TempDir/$ReverseZone"
+	
+	echo "$SubNSEntries" | while read -r SubNSEntry; do
+		for SubReverseDomain in ${SubNSEntry#*/}; do
+			if [ -n "$SubReverseDomain" ] && [ -z "${SubReverseDomain##*$ReverseDomain}" ]; then
+				echo "$SubReverseDomain $TTL IN NS ${SubNSEntry%/*}" >> "$TempDir/$ReverseZone"
+			fi
+		done
+	done 
+	
+	for ForwardZoneFile in $(ls $TempDir); do
+	
+		IPEntries="$(GetIPEntries)"
+		
+		for IPEntry in $IPEntries; do
+			IP="${IPEntry#*/}"
+			# Gültigkeit der IP-Adressen named-checkzone bereits geprüft
+			IP=$(ReverseEntry "$IP")
+			if [ -z "${IP##*$ReverseDomain}" ]; then
+				Host="${IPEntry%/*}"
+				echo "$IP $TTL IN PTR $Host" >> "$TempDir/$ReverseZone"
+			fi
+		done
+	done
+	
+	named-checkzone -o "$ReverseZoneFile" "$ReverseDomain" "$TempDir/$ReverseZone" # >/dev/null 2>&1
+	ReloadZone "$ReverseDomain" "$View"
+fi
+
+rm -r "$TempDir"