option to exclude master-zone; support DNSSEC; fix GlueRecords
Signed-off-by: Blackyfff <blackyfff@noreply.git.freifunk-franken.de>
This commit is contained in:
parent
fbd2c603ae
commit
298c353968
|
@ -17,13 +17,16 @@ InsertZoneToIncludeFile() {
|
|||
{
|
||||
echo "zone \"""$1""\" {"
|
||||
echo " type master;"
|
||||
[ -n "$4" ] && echo " dnssec-policy $4"";"
|
||||
echo " file \"""$2""\";"
|
||||
echo "};"
|
||||
} > "$3"
|
||||
else
|
||||
[ -n "$4" ] && Extra=" dnssec-policy $4"";\n" || Extra=""
|
||||
|
||||
sed -i "1i\
|
||||
zone \"""$1""\" {\n\
|
||||
type master;\n\
|
||||
type master;\n""$Extra\
|
||||
file \"""$2""\";\n\
|
||||
};" "$3"
|
||||
fi
|
||||
|
@ -107,12 +110,11 @@ NormalizeZoneFileFormatting() {
|
|||
}
|
||||
GetOwnGlueRecords() {
|
||||
ServerName="$DNSSCRIPT_SERVER_NAME"
|
||||
if [ -n "${ServerName##*$1}" ]; then
|
||||
ServerName="$ServerName""$1"
|
||||
if [ -z "${ServerName##*$2}" ]; then
|
||||
ServerName="${ServerName%.$2}"
|
||||
sed -ne 's/^\s*'"$(GetServernameSEDEntry "$1")"'\s\+[Ii][Nn]\s\+\([Aa]\|[Aa]\{4\}\)\s\+\(.*\)$/'"$ServerName"'\tIN \2\t\3/p' "$3" | \
|
||||
NormalizeZoneFileFormatting
|
||||
fi
|
||||
ServerName="$ServerName""."
|
||||
sed -ne 's/^\s*'"$(GetServernameSEDEntry "$1")"'\s\+[Ii][Nn]\s\+\([Aa]\|[Aa]\{4\}\)\s\+\(.*\)$/'"$ServerName"'\tIN \2\t\3/p' "$2" | \
|
||||
NormalizeZoneFileFormatting
|
||||
}
|
||||
GetOwnHoods() {
|
||||
Entries="$(sed -ne "s/^\s*\(\S*\).*\s\+[Ii][Nn]\s\+[Nn][Ss]\s\+""$(GetServernameSEDEntry "$1")""\s*;\s*Subnets:\s*\([^;]*\)/\1 \3/p" "$2")"
|
||||
|
|
|
@ -5,12 +5,15 @@ set -e
|
|||
|
||||
# Communityconfig
|
||||
CommunityDomain="fff.community"
|
||||
CommunityExternDomain="extern.fff.community"
|
||||
CommunitySubnets="10.50.0/16 10.83.0/16 fd43:5602:29bd::/48"
|
||||
RemoteLocation="https://git.freifunk-franken.de/freifunk-franken/dns/raw/branch/master/"
|
||||
DNSSECPolicy=""
|
||||
ServeMasterZone=0
|
||||
|
||||
# Serverconfig
|
||||
export DNSSCRIPT_CONTACT_EMAIL=info.freifunk-herpf.de.
|
||||
# DNSSCRIPT_SERVER_NAME must be the server given in community zone files NS entry
|
||||
# DNSSCRIPT_SERVER_NAME must be the server given in community zone files NS entry (Full Hostname, w/o trailing dot)
|
||||
export DNSSCRIPT_SERVER_NAME=dns.herpf.fff.community
|
||||
UpdateScriptsFolder="/usr/lib/ffdns/"
|
||||
ZoneFilesFolder="/etc/bind/fff/"
|
||||
|
@ -33,7 +36,7 @@ ExternalView="external-view"
|
|||
TTLReReExMi="3600 2000 6400 2419200 86400"
|
||||
|
||||
# ForwardZones: "<Zone>/<Zonendatei>" ; optionaly multiple " ""<ZoneX>/<ZonendateiX>" no spaces in full filename
|
||||
ForwardZones="$CommunityDomain""/""$ZoneFilesFolder""db.""$CommunityDomain"
|
||||
ForwardZones="$CommunityDomain""/""$ZoneFilesFolder""db.icvpn-internal-view.""$CommunityDomain"
|
||||
|
||||
|
||||
#############################################################
|
||||
|
@ -41,43 +44,58 @@ cd "$UpdateScriptsFolder"
|
|||
|
||||
. ./dns-functions.sh
|
||||
|
||||
MasterFile="$ZoneFilesFolder""db.""$CommunityDomain"
|
||||
BindInternalConfTmp="/tmp/""$CommunityDomain""-internal.conf"
|
||||
BindExternalConfTmp="/tmp/""$CommunityDomain""-external.conf"
|
||||
FirstInternal="$( echo "$InternalViews" | sed -ne 's/^\(\S\+\)\s.*$/\1/p')"
|
||||
MasterFile="$ZoneFilesFolder""db.""$FirstInternal"".""$CommunityDomain"
|
||||
BindIcvpnAclTmp="/tmp/icvpn-acl.conf"
|
||||
BindInternalConf="$BindIncludeFileFolder""$CommunityDomain""-internal.conf"
|
||||
BindExternalConf="$BindIncludeFileFolder""$CommunityDomain""-external.conf"
|
||||
BindIcvpnAcl="$BindIncludeFileFolder""icvpn-acl.conf"
|
||||
|
||||
for IView in $InternalViews; do
|
||||
rm -f "/tmp/""$IView"".conf"
|
||||
done
|
||||
rm -f "/tmp/""$ExternalView"".conf"
|
||||
|
||||
PreFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")"
|
||||
curl -s -S -f "$RemoteLocation""db.""$CommunityDomain" --output "$MasterFile"
|
||||
PostFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")"
|
||||
|
||||
if [ $((PostFetchMasterSerial)) -gt $((PreFetchMasterSerial)) ]; then
|
||||
ReloadZone "$CommunityDomain" "$InternalViews"
|
||||
fi
|
||||
|
||||
rm -f "$BindInternalConfTmp"
|
||||
rm -f "$BindExternalConfTmp"
|
||||
InsertZoneToIncludeFile "$CommunityDomain" "$MasterFile" "$BindInternalConfTmp"
|
||||
InsertZoneToIncludeFile "extern.""$CommunityDomain" "$ZoneFilesFolder""dbextern.""$CommunityDomain" "$BindInternalConfTmp"
|
||||
InsertZoneToIncludeFile "$CommunityDomain" "$ZoneFilesFolder""dbextern.""$CommunityDomain" "$BindExternalConfTmp"
|
||||
InsertZoneToIncludeFile "extern.""$CommunityDomain" "$ZoneFilesFolder""dbextern.""$CommunityDomain" "$BindExternalConfTmp"
|
||||
|
||||
for Subnet in $CommunitySubnets; do
|
||||
ReverseDomains="$(GetReverseDomains "$Subnet")"
|
||||
for RDomain in $ReverseDomains; do
|
||||
ReverseZoneFile="$(GetReverseZoneFileFromZone "${RDomain%*.}")"
|
||||
! curl -s -f "$RemoteLocation""static.""$ReverseZoneFile" \
|
||||
--output "$ZoneFilesFolder""static.""$ReverseZoneFile" && \
|
||||
rm -f "$ZoneFilesFolder""static.""$ReverseZoneFile"
|
||||
./update-rdnszone.sh "$RDomain" "$ForwardZones" "$ZoneFilesFolder""$ReverseZoneFile" "$TTLReReExMi" "$InternalViews"
|
||||
InsertZoneToIncludeFile "${RDomain%*.}" "$ZoneFilesFolder""$ReverseZoneFile" "$BindInternalConfTmp"
|
||||
if [ $ServeMasterZone -ne 0 ]; then
|
||||
PostFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")"
|
||||
if [ $((PostFetchMasterSerial)) -gt $((PreFetchMasterSerial)) ]; then
|
||||
ReloadZone "$CommunityDomain" "$InternalViews"
|
||||
fi
|
||||
|
||||
for Subnet in $CommunitySubnets; do
|
||||
ReverseDomains="$(GetReverseDomains "$Subnet")"
|
||||
for RDomain in $ReverseDomains; do
|
||||
ReverseZoneFile="$(GetReverseZoneFileFromZone "${RDomain%*.}")"
|
||||
! curl -s -f "$RemoteLocation""static.""$ReverseZoneFile" \
|
||||
--output "$ZoneFilesFolder""static.""$ReverseZoneFile" && \
|
||||
rm -f "$ZoneFilesFolder""static.""$ReverseZoneFile"
|
||||
./update-rdnszone.sh "$RDomain" "$ForwardZones" "$ZoneFilesFolder""$ReverseZoneFile" "$TTLReReExMi" "$InternalViews"
|
||||
for IView in $InternalViews; do
|
||||
InsertZoneToIncludeFile "${RDomain%*.}" "$ZoneFilesFolder""$ReverseZoneFile" "/tmp/""$IView"".conf"
|
||||
done
|
||||
done
|
||||
done
|
||||
done
|
||||
|
||||
ExternFile="$ZoneFilesFolder""dbextern.""$CommunityDomain"
|
||||
./update-extzone.sh "$MasterFile" "$ExternFile" "$CommunityDomain" "$ExternalView"
|
||||
ExternFile="$ZoneFilesFolder""db.""$ExternalView"".""$CommunityDomain"
|
||||
./update-extzone.sh "$MasterFile" "$ExternFile" "$CommunityDomain" "$ExternalView"
|
||||
|
||||
for IView in $InternalViews; do
|
||||
InternViewMasterZone="$ZoneFilesFolder""db.""$IView"".""$CommunityDomain"
|
||||
[ -f "$InternViewMasterZone" ] || ln -s "$MasterFile" "$InternViewMasterZone"
|
||||
InsertZoneToIncludeFile "$CommunityDomain" "$InternViewMasterZone" "/tmp/""$IView"".conf" "$DNSSECPolicy"
|
||||
done
|
||||
InsertZoneToIncludeFile "$CommunityDomain" "$ExternFile" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy"
|
||||
if [ -n "$CommunityExternDomain" ]; then
|
||||
for IView in $InternalViews; do
|
||||
InternViewExternZone="$ZoneFilesFolder""db.""$IView"".""$CommunityExternDomain"
|
||||
[ -f "$InternViewExternZone" ] || ln -s "$ExternFile" "$InternViewExternZone"
|
||||
InsertZoneToIncludeFile "$CommunityExternDomain" "$InternViewExternZone" "/tmp/""$IView"".conf" "$DNSSECPolicy"
|
||||
done
|
||||
ExternViewExternZone="$ZoneFilesFolder""db.""$ExternalView"".""$CommunityExternDomain"
|
||||
[ -f "$ExternViewExternZone" ] || ln -s "$ExternFile" "$ExternViewExternZone"
|
||||
InsertZoneToIncludeFile "$CommunityExternDomain" "$ExternViewExternZone" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy"
|
||||
fi
|
||||
fi
|
||||
|
||||
# set shorter TTL for Hoods
|
||||
TTLReReExMi="420 360 180 1800 360"
|
||||
|
@ -87,7 +105,7 @@ Hoods="$(GetOwnHoods "$CommunityDomain" "$MasterFile")"
|
|||
for Hood in $Hoods; do
|
||||
HoodDomain="${Hood%%\#*}"".""$CommunityDomain"
|
||||
Subnets="$(echo "${Hood#*\#}" | sed -e 's/#/ /g')"
|
||||
HoodZoneFile="$ZoneFilesFolder""db.""$HoodDomain"
|
||||
HoodZoneFile="$ZoneFilesFolder""db.""$FirstInternal"".""$HoodDomain"
|
||||
if [ ! -f "$HoodZoneFile" ]; then
|
||||
{
|
||||
echo "\$TTL ${TTLReReExMi%% *}"
|
||||
|
@ -99,48 +117,65 @@ for Hood in $Hoods; do
|
|||
echo " ""$(echo "$TTLReReExMi" | awk '{print $5}')"" ) ; Negative Cache TTL"
|
||||
echo ";"
|
||||
echo "@ IN NS $DNSSCRIPT_SERVER_NAME""."""
|
||||
GetOwnGlueRecords "$CommunityDomain" "$MasterFile"
|
||||
GetOwnGlueRecords "$CommunityDomain" "$HoodDomain" "$MasterFile"
|
||||
echo ";"
|
||||
} > "$HoodZoneFile"
|
||||
fi
|
||||
./update-hoodzone.sh "$HoodZoneFile" "$HoodDomain" "$Subnets" "$InternalViews"
|
||||
|
||||
InsertZoneToIncludeFile "$HoodDomain" "$HoodZoneFile" "$BindInternalConfTmp"
|
||||
InsertZoneToIncludeFile "${Hood%%\#*}"".extern.""$CommunityDomain" "$ZoneFilesFolder""dbextern.""$HoodDomain" "$BindInternalConfTmp"
|
||||
InsertZoneToIncludeFile "$HoodDomain" "$ZoneFilesFolder""dbextern.""$HoodDomain" "$BindExternalConfTmp"
|
||||
InsertZoneToIncludeFile "${Hood%%\#*}"".extern.""$CommunityDomain" "$ZoneFilesFolder""dbextern.""$HoodDomain" "$BindExternalConfTmp"
|
||||
|
||||
HoodForwardZones="$ForwardZones $HoodDomain""/""$HoodZoneFile"
|
||||
for Subnet in $Subnets; do
|
||||
ReverseDomains="$(GetReverseDomains "$Subnet")"
|
||||
for RDomain in $ReverseDomains; do
|
||||
ReverseZoneFileFullPath="$ZoneFilesFolder""$(GetReverseZoneFileFromZone "${RDomain%*.}")"
|
||||
./update-rdnszone.sh "$RDomain" "$HoodForwardZones" "$ReverseZoneFileFullPath" "$TTLReReExMi" "$InternalViews"
|
||||
InsertZoneToIncludeFile "${RDomain%*.}" "$ReverseZoneFileFullPath" "$BindInternalConfTmp"
|
||||
for IView in $InternalViews; do
|
||||
InsertZoneToIncludeFile "${RDomain%*.}" "$ReverseZoneFileFullPath" "/tmp/""$IView"".conf"
|
||||
done
|
||||
done
|
||||
done
|
||||
|
||||
ExternFile="$ZoneFilesFolder""dbextern.""$HoodDomain"
|
||||
ExternFile="$ZoneFilesFolder""db.""$ExternalView"".""$HoodDomain"
|
||||
./update-extzone.sh "$HoodZoneFile" "$ExternFile" "$HoodDomain" "$ExternalView"
|
||||
|
||||
for IView in $InternalViews; do
|
||||
InternViewMasterZone="$ZoneFilesFolder""db.""$IView"".""$HoodDomain"
|
||||
[ -f "$InternViewMasterZone" ] || ln -s "$HoodZoneFile" "$InternViewMasterZone"
|
||||
InsertZoneToIncludeFile "$HoodDomain" "$InternViewMasterZone" "/tmp/""$IView"".conf" "$DNSSECPolicy"
|
||||
done
|
||||
InsertZoneToIncludeFile "$HoodDomain" "$ExternFile" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy"
|
||||
|
||||
if [ -n "$CommunityExternDomain" ]; then
|
||||
HoodExternDomain="${Hood%%\#*}"".""$CommunityExternDomain"
|
||||
for IView in $InternalViews; do
|
||||
InternViewExternZone="$ZoneFilesFolder""db.""$IView"".""$HoodExternDomain"
|
||||
[ -f "$InternViewExternZone" ] || ln -s "$ExternFile" "$InternViewExternZone"
|
||||
InsertZoneToIncludeFile "$HoodExternDomain" "$InternViewExternZone" "/tmp/""$IView"".conf" "$DNSSECPolicy"
|
||||
done
|
||||
ExternViewExternZone="$ZoneFilesFolder""db.""$ExternalView"".""$HoodExternDomain"
|
||||
[ -f "$ExternViewExternZone" ] || ln -s "$ExternFile" "$ExternViewExternZone"
|
||||
InsertZoneToIncludeFile "$HoodExternDomain" "$ExternViewExternZone" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy"
|
||||
fi
|
||||
done
|
||||
|
||||
./update-public-acl.sh "$BindIcvpnAclTmp" "$RemoteLocation" "$RoutingTables"
|
||||
|
||||
ReConfigBind=1
|
||||
ReConfigBind=0
|
||||
UpdateBindConfig() {
|
||||
if [ -f "$1" ] && ! cmp -s "$1" "$2"; then
|
||||
mv "$1" "$2"
|
||||
ReConfigBind=0
|
||||
ReConfigBind=1
|
||||
else
|
||||
rm -f "$1"
|
||||
fi
|
||||
}
|
||||
|
||||
UpdateBindConfig "$BindIcvpnAclTmp" "$BindIcvpnAcl"
|
||||
UpdateBindConfig "$BindInternalConfTmp" "$BindInternalConf"
|
||||
UpdateBindConfig "$BindExternalConfTmp" "$BindExternalConf"
|
||||
for IView in $InternalViews; do
|
||||
UpdateBindConfig "/tmp/""$IView"".conf" "$BindIncludeFileFolder""$IView"".conf"
|
||||
done
|
||||
UpdateBindConfig "/tmp/""$ExternalView"".conf" "$BindIncludeFileFolder""$ExternalView"".conf"
|
||||
|
||||
if [ $ReConfigBind -eq 0 ] || [ -f "/tmp/dnsscript-forcereconf" ]; then
|
||||
if [ $ReConfigBind -ne 0 ] || [ -f "/tmp/dnsscript-forcereconf" ]; then
|
||||
if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then
|
||||
systemctl restart bind9
|
||||
elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 1 ]; then
|
||||
|
|
Loading…
Reference in New Issue