configurable Temp-Folder; DNSSEC for master-zone with multiple synchronising servers
Signed-off-by: Blackyfff <blackyfff@noreply.git.freifunk-franken.de>
This commit is contained in:
parent
092e2f9994
commit
2a5069d0b1
|
|
@ -7,6 +7,8 @@ Weiterhin werden bei eigener Subdomain die momentan vergebenen Adressen von dnsm
|
|||
Das ermöglicht eine Namensauflösung für Freifunk-Teilnehmer ohne manuelle Konfiguration.
|
||||
Damit kann jeder Freifunk-Teilnehmer ein gültiges TLS-Zertifikat bekommen, sofern DHCPv6 am Gateway aktiviert ist.
|
||||
|
||||
DNSSEC wird für jede Zone unterstützt, allerdings nur für die Hauptzone mit mehreren Servern. Für Subdomainserver darf mit DNSSEC nur jeweils ein Server authorativ sein.
|
||||
|
||||
## Installation
|
||||
|
||||
#### Systemanforderungen
|
||||
|
|
@ -72,7 +74,7 @@ view "icvpn-internal-view" {
|
|||
[..] # eigene Optionen
|
||||
|
||||
|
||||
include "/etc/bind/fff.community-internal.conf"; # auto-generated
|
||||
include "/etc/bind/icvpn-internal-view.conf"; # auto-generated
|
||||
|
||||
include "/etc/bind/icvpn-zones.conf"; # Nicht vergessen ;)
|
||||
|
||||
|
|
@ -83,7 +85,7 @@ view "external-view" {
|
|||
match-clients { any; };
|
||||
[..] # eigene Optionen
|
||||
|
||||
include "/etc/bind/fff.community-external.conf"; # auto-generated
|
||||
include "/etc/bind/external-view.conf"; # auto-generated
|
||||
|
||||
[..]
|
||||
};
|
||||
|
|
|
|||
|
|
@ -31,6 +31,17 @@ zone \"""$1""\" {\n\
|
|||
};" "$3"
|
||||
fi
|
||||
}
|
||||
GetAllSubNameservers() {
|
||||
Domain="$(echo "$1" | sed -e 's/\./\\\./g')"
|
||||
SubDomain="$(echo "$2" | sed -e 's/\./\\\./g')"
|
||||
sed -ne 's/^\s*'"$SubDomain"'\(\.'"$Domain"'\.\)\?\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\s\+\(\S\+\)/\3/p' "$3" | \
|
||||
sed -e 's/\([^.]\)$/\1\.'"$1"'\./g;s/\.$//g'
|
||||
}
|
||||
GetAllZoneNameservers() {
|
||||
Domain="""$(echo "$1" | sed -e 's/\./\\\./g')"
|
||||
sed -ne 's/^\s*\(@\|'"$Domain"'\.\)\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\s\+\(\S\+\)/\3/p' "$2" | \
|
||||
sed -e 's/\([^.]\)$/\1\.'"$1"'\./g;s/\.$//g'
|
||||
}
|
||||
GetReverseZoneFileFromZone() {
|
||||
echo "db.""$(echo "$1" | awk -F. '{ printf $(NF-2);for(i=NF-3;i>0;--i) printf "."$i}')"
|
||||
}
|
||||
|
|
@ -103,7 +114,7 @@ GetServernameSEDEntry() {
|
|||
echo "$ServerName" | sed -r 's/\./\\\./g'
|
||||
}
|
||||
NormalizeZoneFileFormatting() {
|
||||
awk 'BEGIN{FS="\t"}{l=length($1);f=substr(" ", 1+length($1));
|
||||
awk 'BEGIN{FS="\t"}{l=length($1);f=substr(" ", 1+length($1));
|
||||
s=substr(" ", 1+length($2));
|
||||
x=substr($0,length($1)+length($2)+3);
|
||||
print $1 f " " $2 s " " x}'
|
||||
|
|
@ -160,6 +171,76 @@ IPv4IsInSubnet() {
|
|||
fi
|
||||
|
||||
return $AreEqual
|
||||
|
||||
}
|
||||
GetOwnKeysForZone () {
|
||||
DNSSECKeyFolder="$1"
|
||||
Domain="$2"
|
||||
if [ -n "$DNSSECKeyFolder" ];then
|
||||
for OwnKeyFile in "$DNSSECKeyFolder""K""$Domain"".+"*".key"; do
|
||||
sed -ne '/^;/d;s/^'"$Domain"'\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Nn][Ss][Kk][Ee][Yy]\s\+\(.*\)$/_dnsseckeys\.'"$Domain"'\.\tIN TXT\t\"\2\"/p' "$OwnKeyFile" | \
|
||||
NormalizeZoneFileFormatting
|
||||
done
|
||||
fi
|
||||
}
|
||||
UpdateDNSSECEntryCache () {
|
||||
Domain="$1"
|
||||
ZoneTempFolder="$2"
|
||||
CachedZoneFile="$3"
|
||||
DNSSECKeyFolder="$4"
|
||||
UpdateMaster=0
|
||||
|
||||
Nameservers="$(GetAllZoneNameservers "$Domain" "$CachedZoneFile")"
|
||||
|
||||
mkdir -p "$ZoneTempFolder"
|
||||
for KeyFile in "$ZoneTempFolder"*; do
|
||||
[ "$KeyFile" = "$ZoneTempFolder""*" ] || \
|
||||
mv "$KeyFile" "$ZoneTempFolder""Old""${KeyFile##*"$ZoneTempFolder"}"
|
||||
done
|
||||
for Nameserver in $Nameservers; do
|
||||
if [ "$Nameserver" = "$DNSSCRIPT_SERVER_NAME" ]; then
|
||||
DNSKEYS="$( GetOwnKeysForZone "$DNSSECKeyFolder" "$Domain" )"
|
||||
else
|
||||
DNSKEYS="$(delv @"$Nameserver" _dnsseckeys."$Domain" TXT 2>/dev/null | \
|
||||
sed -ne '/^;/d;s/^.*\sIN\s\+TXT\s\+"\(.*\)"$/'"$Domain"'.\tIN DNSKEY\t\1/p' | \
|
||||
NormalizeZoneFileFormatting )"
|
||||
fi
|
||||
if [ -n "$DNSKEYS" ] && [ "$DNSKEYS" != "$(cat "$ZoneTempFolder""OldKeys.""$Nameserver" 2>/dev/null)" ]; then
|
||||
echo "$DNSKEYS" > "$ZoneTempFolder""Keys.""$Nameserver"
|
||||
UpdateMaster=1
|
||||
elif [ -f "$ZoneTempFolder""OldKeys.""$Nameserver" ]; then
|
||||
mv "$ZoneTempFolder""OldKeys.""$Nameserver" "$ZoneTempFolder""Keys.""$Nameserver"
|
||||
fi
|
||||
done
|
||||
|
||||
SEDDomain="$(echo "$Domain" | sed -e 's/\./\\\./g')"
|
||||
ChildServers="$( sed -ne '/^\s*\(@\|'"$SEDDomain"'\.\)\s/!s/^\s*\(\S\+\)\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\s\+\(\S\+\);\?.*$/\1#\3/p' "$CachedZoneFile" | \
|
||||
sed -e 's/\([^.]\)$/\1\.'"$Domain"'\./g;s/\.$//g;s/\([^.]\)#/\1\.'"$Domain"'\.#/g;s/\.#/#/g' )"
|
||||
for ChildServer in $ChildServers; do
|
||||
DNSKEYS="$(delv @"${ChildServer##*\#}" "${ChildServer%%\#*}" CDS 2>/dev/null | \
|
||||
sed -ne '/^;/d;s/^.*\sIN\s\+CDS\s\+\(.*\)$/'"${ChildServer%%\#*}"'.\tIN DS\t\1/p' | \
|
||||
NormalizeZoneFileFormatting )"
|
||||
|
||||
if [ -n "$DNSKEYS" ]; then
|
||||
DNSKEYS="$(echo "$DNSKEYS" | sed -e '/\sIN\s\+DS\s\+0\s\+0\s\+0\s\+0/d')"
|
||||
if [ "$DNSKEYS" != "$(cat "$ZoneTempFolder""OldChildKeys.""$ChildServer" 2>/dev/null)" ]; then
|
||||
[ -z "$DNSKEYS" ] || echo "$DNSKEYS" > "$ZoneTempFolder""ChildKeys.""$ChildServer"
|
||||
UpdateMaster=1
|
||||
elif [ -n "$DNSKEYS" ]; then
|
||||
mv "$ZoneTempFolder""OldChildKeys.""$ChildServer" "$ZoneTempFolder""ChildKeys.""$ChildServer"
|
||||
elif [ -f "$ZoneTempFolder""OldKeys.""$Nameserver" ]; then
|
||||
UpdateMaster=1
|
||||
fi
|
||||
elif [ -f "$ZoneTempFolder""OldChildKeys.""$Nameserver" ]; then
|
||||
mv "$ZoneTempFolder""OldChildKeys.""$ChildServer" "$ZoneTempFolder""ChildKeys.""$ChildServer"
|
||||
fi
|
||||
done
|
||||
|
||||
for KeyFile in "$ZoneTempFolder""Old"*; do
|
||||
[ "$KeyFile" = "$ZoneTempFolder""Old*" ] || \
|
||||
rm -f "$KeyFile"
|
||||
done
|
||||
echo "$UpdateMaster"
|
||||
}
|
||||
ReloadZone() {
|
||||
if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then
|
||||
|
|
|
|||
169
update-dns.sh
169
update-dns.sh
|
|
@ -5,11 +5,10 @@ set -e
|
|||
|
||||
# Communityconfig
|
||||
CommunityDomain="fff.community"
|
||||
CommunityExternDomain="extern.fff.community"
|
||||
CommunityExternPrefix="extern"
|
||||
CommunitySubnets="10.50.0/16 10.83.0/16 fd43:5602:29bd::/48"
|
||||
RemoteLocation="https://git.freifunk-franken.de/freifunk-franken/dns/raw/branch/master/"
|
||||
DNSSECPolicy=""
|
||||
ServeMasterZone=0
|
||||
DNSSECPolicy="herpf"
|
||||
|
||||
# Serverconfig
|
||||
export DNSSCRIPT_CONTACT_EMAIL=info.freifunk-herpf.de.
|
||||
|
|
@ -18,8 +17,10 @@ export DNSSCRIPT_SERVER_NAME=dns.herpf.fff.community
|
|||
UpdateScriptsFolder="/usr/lib/ffdns/"
|
||||
ZoneFilesFolder="/etc/bind/fff/"
|
||||
BindIncludeFileFolder="/etc/bind/"
|
||||
DNSSECKeyFolder="/etc/bind/keys/"
|
||||
TempFolder="/tmp/dnsscripts/"
|
||||
# specify the bird/babel or other routing table[s]
|
||||
# if RoutingTables is empty, the ICVPN-ACL-List will be fetched remotely (for servers that are no gateways)
|
||||
# if RoutingTables is empty, the ICVPN-ACL-List will be fetched remotely (for servers that are no gateway)
|
||||
RoutingTables="10"
|
||||
|
||||
# -1 -> disable bind [restart|reload]
|
||||
|
|
@ -28,7 +29,6 @@ RoutingTables="10"
|
|||
# 2 -> OpenWRT /etc/init.d/named [reload|restart]
|
||||
export DNSSCRIPT_BIND_RELOAD_VER=0
|
||||
|
||||
# only necessary when rndc is used
|
||||
InternalViews="icvpn-internal-view icvpn-internal-dns64-view"
|
||||
ExternalView="external-view"
|
||||
|
||||
|
|
@ -45,24 +45,74 @@ cd "$UpdateScriptsFolder"
|
|||
. ./dns-functions.sh
|
||||
|
||||
FirstInternal="$( echo "$InternalViews" | sed -ne 's/^\(\S\+\)\s.*$/\1/p')"
|
||||
MasterFile="$ZoneFilesFolder""db.""$FirstInternal"".""$CommunityDomain"
|
||||
BindIcvpnAclTmp="/tmp/icvpn-acl.conf"
|
||||
BindIcvpnAclTmp="$TempFolder""icvpn-acl.conf"
|
||||
BindIcvpnAcl="$BindIncludeFileFolder""icvpn-acl.conf"
|
||||
[ -z "$CommunityExternPrefix" ] || CommunityExternDomain="$CommunityExternPrefix"".""$CommunityDomain"
|
||||
|
||||
mkdir -p "$TempFolder""cache"
|
||||
|
||||
for IView in $InternalViews; do
|
||||
rm -f "/tmp/""$IView"".conf"
|
||||
rm -f "$TempFolder""$IView"".conf"
|
||||
done
|
||||
rm -f "/tmp/""$ExternalView"".conf"
|
||||
rm -f "$TempFolder""$ExternalView"".conf"
|
||||
|
||||
PreFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")"
|
||||
curl -s -S -f "$RemoteLocation""db.""$CommunityDomain" --output "$MasterFile"
|
||||
|
||||
if [ $ServeMasterZone -ne 0 ]; then
|
||||
PostFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")"
|
||||
if [ $((PostFetchMasterSerial)) -gt $((PreFetchMasterSerial)) ]; then
|
||||
ReloadZone "$CommunityDomain" "$InternalViews"
|
||||
CachedMasterFile="$TempFolder""cache/db.""$CommunityDomain"
|
||||
PreFetchMasterSerial="$(GetZoneFileSerial "$CachedMasterFile")"
|
||||
curl -s -S -f "$RemoteLocation""db.""$CommunityDomain" --output "$CachedMasterFile"
|
||||
PostFetchMasterSerial="$(GetZoneFileSerial "$CachedMasterFile")"
|
||||
ServeMasterZone="$( GetAllZoneNameservers "$CommunityDomain" "$CachedMasterFile" | awk '{for(i=NF;i>0;--i) if($i=="'"$DNSSCRIPT_SERVER_NAME"'") {printf 1}}')"
|
||||
if [ -n "$CommunityExternDomain" ]; then
|
||||
if [ -n "$ServeMasterZone" ]; then
|
||||
ServeExtZone="1"
|
||||
else
|
||||
ServeExtZone="$( GetAllSubNameservers "$CommunityDomain" "$CommunityExternPrefix" "$CachedMasterFile" | awk '{for(i=NF;i>0;--i) if($i=="'"$DNSSCRIPT_SERVER_NAME"'") {printf 1}}')"
|
||||
fi
|
||||
else
|
||||
ServeExtZone=""
|
||||
fi
|
||||
|
||||
if [ -n "$ServeMasterZone" ] || [ -n "$ServeExtZone" ]; then
|
||||
sed -i -e '/^\s*_dnsseckeys\./d' "$CachedMasterFile"
|
||||
FileForExternGeneration="$CachedMasterFile"
|
||||
if [ -n "$ExternalView" ]; then
|
||||
ExternFile="$ZoneFilesFolder""db.""$ExternalView"".""$CommunityDomain"
|
||||
else
|
||||
ExternFile="$ZoneFilesFolder""db.""$CommunityExternDomain"
|
||||
fi
|
||||
LocalMasterSerial=$((PostFetchMasterSerial))
|
||||
if [ -n "$ServeMasterZone" ]; then
|
||||
MasterFile="$ZoneFilesFolder""db.""$FirstInternal"".""$CommunityDomain"
|
||||
FileForExternGeneration="$MasterFile"
|
||||
UpdateMaster=0
|
||||
ZoneTempFolder="$TempFolder""cache/""$CommunityDomain""/"
|
||||
|
||||
UpdateMaster="$(UpdateDNSSECEntryCache "$CommunityDomain" "$ZoneTempFolder" "$CachedMasterFile" "$DNSSECKeyFolder")"
|
||||
[ $((PostFetchMasterSerial)) -le $((PreFetchMasterSerial)) ] || UpdateMaster=1
|
||||
|
||||
if [ $UpdateMaster -ne 0 ]; then
|
||||
cp -f "$CachedMasterFile" "$CachedMasterFile""I"
|
||||
for KeyFile in "$ZoneTempFolder"*; do
|
||||
[ "$KeyFile" = "$ZoneTempFolder""*" ] || \
|
||||
cat "$KeyFile" >> "$CachedMasterFile""I"
|
||||
done
|
||||
LocalMasterSerial="$(GetZoneFileSerial "$MasterFile")"
|
||||
|
||||
if [ $((PostFetchMasterSerial)) -le $((LocalMasterSerial)) ]; then
|
||||
LocalMasterSerial=$((LocalMasterSerial+1))
|
||||
sed -i -e 's/^\(\s*\)'"$PostFetchMasterSerial"'\(\s*;\s*[Ss]erial.*\)$/\1'"$LocalMasterSerial"'\3/g' "$CachedMasterFile""I"
|
||||
sed -i -e 's/^\(\s*\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\s\+\S\+\s\+\S\+\s\+\)'"$PostFetchMasterSerial"'\(\s\+.*\)$/\1'"$LocalMasterSerial"'\3/g' "$CachedMasterFile""I"
|
||||
else
|
||||
LocalMasterSerial=$((PostFetchMasterSerial))
|
||||
fi
|
||||
mv "$CachedMasterFile""I" "$MasterFile"
|
||||
ReloadZone "$CommunityDomain" "$InternalViews"
|
||||
|
||||
for IView in $InternalViews; do
|
||||
InternViewMasterZone="$ZoneFilesFolder""db.""$IView"".""$CommunityDomain"
|
||||
[ -f "$InternViewMasterZone" ] || ln -s "$MasterFile" "$InternViewMasterZone"
|
||||
InsertZoneToIncludeFile "$CommunityDomain" "$InternViewMasterZone" "$TempFolder""$IView"".conf" "$DNSSECPolicy"
|
||||
done
|
||||
fi
|
||||
for Subnet in $CommunitySubnets; do
|
||||
ReverseDomains="$(GetReverseDomains "$Subnet")"
|
||||
for RDomain in $ReverseDomains; do
|
||||
|
|
@ -72,29 +122,72 @@ if [ $ServeMasterZone -ne 0 ]; then
|
|||
rm -f "$ZoneFilesFolder""static.""$ReverseZoneFile"
|
||||
./update-rdnszone.sh "$RDomain" "$ForwardZones" "$ZoneFilesFolder""$ReverseZoneFile" "$TTLReReExMi" "$InternalViews"
|
||||
for IView in $InternalViews; do
|
||||
InsertZoneToIncludeFile "${RDomain%*.}" "$ZoneFilesFolder""$ReverseZoneFile" "/tmp/""$IView"".conf"
|
||||
InsertZoneToIncludeFile "${RDomain%*.}" "$ZoneFilesFolder""$ReverseZoneFile" "$TempFolder""$IView"".conf"
|
||||
done
|
||||
done
|
||||
done
|
||||
ExternFile="$ZoneFilesFolder""db.""$ExternalView"".""$CommunityDomain"
|
||||
./update-extzone.sh "$MasterFile" "$ExternFile" "$CommunityDomain" "$ExternalView" "$CommunityExternDomain" "$InternalViews"
|
||||
if [ -n "$ExternalView" ]; then
|
||||
InsertZoneToIncludeFile "$CommunityDomain" "$ExternFile" "$TempFolder""$ExternalView"".conf" "$DNSSECPolicy"
|
||||
fi
|
||||
fi
|
||||
|
||||
for IView in $InternalViews; do
|
||||
InternViewMasterZone="$ZoneFilesFolder""db.""$IView"".""$CommunityDomain"
|
||||
[ -f "$InternViewMasterZone" ] || ln -s "$MasterFile" "$InternViewMasterZone"
|
||||
InsertZoneToIncludeFile "$CommunityDomain" "$InternViewMasterZone" "/tmp/""$IView"".conf" "$DNSSECPolicy"
|
||||
UpdateExternView=0
|
||||
if [ -n "$ExternalView" ] || [ -n "$ServeExtZone" ]; then
|
||||
SerialExtern="$(GetZoneFileSerial "$ExternFile")"
|
||||
if [ $((LocalMasterSerial)) -gt $((SerialExtern)) ]; then
|
||||
sed -e '/^[^;]*\s\(10.\|[fF][cdCD][0-9a-fA-F]\{2\}:\)\S*\s*\(;.*\)\?$/d; \
|
||||
s/^[^;^@]*\s\+\([^;]*\)\s[Ii][Nn]\s\+[Ss][Oo][Aa]\s/@ \1 IN SOA /g' "$FileForExternGeneration" \
|
||||
> "$ExternFile"
|
||||
UpdateExternView=1
|
||||
[ -z "$ExternalView" ] || ReloadZone "$CommunityExternDomain" "$ExternalView"
|
||||
fi
|
||||
fi
|
||||
|
||||
UpdateExternDomain=0
|
||||
if [ -n "$ServeExtZone" ]; then
|
||||
MasterExtDomainFile="$ZoneFilesFolder""db.""$FirstInternal"".""$CommunityExternDomain"
|
||||
ZoneTempFolder="$TempFolder""cache/""$CommunityExternDomain""/"
|
||||
cp -f "$ExternFile" "$CachedMasterFile""E"
|
||||
sed -i -e '/^\s*_dnsseckeys\./d' "$CachedMasterFile""E"
|
||||
[ -n "$(sed -e '/^\s*\(@\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\)\s/!d' "$CachedMasterFile""E")" ] || \
|
||||
sed -i -e 's/^\s*\(@\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\)\s\+\S\+\s\+\S\+\s/\1 '"$DNSSCRIPT_SERVER_NAME"'. '"$DNSSCRIPT_CONTACT_EMAIL"' /g' "$CachedMasterFile""E"
|
||||
|
||||
sed -i -e 's/^\s*'"$CommunityExternPrefix"'\s/@ /g;/^\s*@\s\+[Ii][Nn]\s\+[Dd][Ss]\s/d' "$CachedMasterFile""E"
|
||||
|
||||
UpdateExternDomain="$(UpdateDNSSECEntryCache "$CommunityExternDomain" "$ZoneTempFolder" "$CachedMasterFile""E" "$DNSSECKeyFolder")"
|
||||
[ $UpdateExternView -eq 0 ] || UpdateExternDomain=1
|
||||
|
||||
if [ $UpdateExternDomain -ne 0 ]; then
|
||||
for KeyFile in "$ZoneTempFolder"*; do
|
||||
[ "$KeyFile" = "$ZoneTempFolder""*" ] || \
|
||||
cat "$KeyFile" >> "$CachedMasterFile""E"
|
||||
done
|
||||
InsertZoneToIncludeFile "$CommunityDomain" "$ExternFile" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy"
|
||||
if [ -n "$CommunityExternDomain" ]; then
|
||||
LocalExtDomainMasterSerial="$(GetZoneFileSerial "$MasterExtDomainFile")"
|
||||
|
||||
if [ $((LocalMasterSerial)) -le $((LocalExtDomainMasterSerial)) ]; then
|
||||
LocalExtDomainMasterSerial=$((LocalExtDomainMasterSerial+1))
|
||||
sed -i -e 's/^\(\s*\)'"$LocalMasterSerial"'\(\s*;\s*[Ss]erial.*\)$/\1'"$LocalExtDomainMasterSerial"'\3/g' "$CachedMasterFile""E"
|
||||
sed -i -e 's/^\(\s*\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\s\+\S\+\s\+\S\+\s\+\)'"$LocalMasterSerial"'\(\s\+.*\)$/\1'"$LocalExtDomainMasterSerial"'\3/g' "$CachedMasterFile""E"
|
||||
fi
|
||||
mv "$CachedMasterFile""E" "$MasterExtDomainFile"
|
||||
ReloadZone "$CommunityExternDomain" "$InternalViews"
|
||||
fi
|
||||
for IView in $InternalViews; do
|
||||
InternViewExternZone="$ZoneFilesFolder""db.""$IView"".""$CommunityExternDomain"
|
||||
[ -f "$InternViewExternZone" ] || ln -s "$ExternFile" "$InternViewExternZone"
|
||||
InsertZoneToIncludeFile "$CommunityExternDomain" "$InternViewExternZone" "/tmp/""$IView"".conf" "$DNSSECPolicy"
|
||||
[ -f "$InternViewExternZone" ] || ln -s "$MasterExtDomainFile" "$InternViewExternZone"
|
||||
InsertZoneToIncludeFile "$CommunityExternDomain" "$InternViewExternZone" "$TempFolder""$IView"".conf" "$DNSSECPolicy"
|
||||
done
|
||||
if [ -n "$ExternalView" ]; then
|
||||
ExternViewExternZone="$ZoneFilesFolder""db.""$ExternalView"".""$CommunityExternDomain"
|
||||
[ -f "$ExternViewExternZone" ] || ln -s "$ExternFile" "$ExternViewExternZone"
|
||||
InsertZoneToIncludeFile "$CommunityExternDomain" "$ExternViewExternZone" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy"
|
||||
[ -f "$ExternViewExternZone" ] || ln -s "$MasterExtDomainFile" "$ExternViewExternZone"
|
||||
InsertZoneToIncludeFile "$CommunityExternDomain" "$ExternViewExternZone" "$TempFolder""$ExternalView"".conf" "$DNSSECPolicy"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -z "$MasterFile" ]; then
|
||||
MasterFile="$ZoneFilesFolder""db.""$FirstInternal"".""$CommunityDomain"
|
||||
cp -f "$CachedMasterFile" "$MasterFile"
|
||||
fi
|
||||
|
||||
# set shorter TTL for Hoods
|
||||
|
|
@ -130,7 +223,7 @@ for Hood in $Hoods; do
|
|||
ReverseZoneFileFullPath="$ZoneFilesFolder""$(GetReverseZoneFileFromZone "${RDomain%*.}")"
|
||||
./update-rdnszone.sh "$RDomain" "$HoodForwardZones" "$ReverseZoneFileFullPath" "$TTLReReExMi" "$InternalViews"
|
||||
for IView in $InternalViews; do
|
||||
InsertZoneToIncludeFile "${RDomain%*.}" "$ReverseZoneFileFullPath" "/tmp/""$IView"".conf"
|
||||
InsertZoneToIncludeFile "${RDomain%*.}" "$ReverseZoneFileFullPath" "$TempFolder""$IView"".conf"
|
||||
done
|
||||
done
|
||||
done
|
||||
|
|
@ -145,19 +238,19 @@ for Hood in $Hoods; do
|
|||
for IView in $InternalViews; do
|
||||
InternViewMasterZone="$ZoneFilesFolder""db.""$IView"".""$HoodDomain"
|
||||
[ -f "$InternViewMasterZone" ] || ln -s "$HoodZoneFile" "$InternViewMasterZone"
|
||||
InsertZoneToIncludeFile "$HoodDomain" "$InternViewMasterZone" "/tmp/""$IView"".conf" "$DNSSECPolicy"
|
||||
InsertZoneToIncludeFile "$HoodDomain" "$InternViewMasterZone" "$TempFolder""$IView"".conf" "$DNSSECPolicy"
|
||||
done
|
||||
InsertZoneToIncludeFile "$HoodDomain" "$ExternFile" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy"
|
||||
InsertZoneToIncludeFile "$HoodDomain" "$ExternFile" "$TempFolder""$ExternalView"".conf" "$DNSSECPolicy"
|
||||
|
||||
if [ -n "$HoodExternDomain" ]; then
|
||||
for IView in $InternalViews; do
|
||||
InternViewExternZone="$ZoneFilesFolder""db.""$IView"".""$HoodExternDomain"
|
||||
InternViewExternZone="$ZoneFilesFolder""db.""$IView"".""${Hood%%\#*}"".""$CommunityExternDomain"
|
||||
[ -f "$InternViewExternZone" ] || ln -s "$ExternFile" "$InternViewExternZone"
|
||||
InsertZoneToIncludeFile "$HoodExternDomain" "$InternViewExternZone" "/tmp/""$IView"".conf" "$DNSSECPolicy"
|
||||
InsertZoneToIncludeFile "${Hood%%\#*}"".""$CommunityExternDomain" "$InternViewExternZone" "$TempFolder""$IView"".conf" "$DNSSECPolicy"
|
||||
done
|
||||
ExternViewExternZone="$ZoneFilesFolder""db.""$ExternalView"".""$HoodExternDomain"
|
||||
ExternViewExternZone="$ZoneFilesFolder""db.""$ExternalView"".""${Hood%%\#*}"".""$CommunityExternDomain"
|
||||
[ -f "$ExternViewExternZone" ] || ln -s "$ExternFile" "$ExternViewExternZone"
|
||||
InsertZoneToIncludeFile "$HoodExternDomain" "$ExternViewExternZone" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy"
|
||||
InsertZoneToIncludeFile "${Hood%%\#*}"".""$CommunityExternDomain" "$ExternViewExternZone" "$TempFolder""$ExternalView"".conf" "$DNSSECPolicy"
|
||||
fi
|
||||
done
|
||||
|
||||
|
|
@ -175,9 +268,9 @@ UpdateBindConfig() {
|
|||
|
||||
UpdateBindConfig "$BindIcvpnAclTmp" "$BindIcvpnAcl"
|
||||
for IView in $InternalViews; do
|
||||
UpdateBindConfig "/tmp/""$IView"".conf" "$BindIncludeFileFolder""$IView"".conf"
|
||||
UpdateBindConfig "$TempFolder""$IView"".conf" "$BindIncludeFileFolder""$IView"".conf"
|
||||
done
|
||||
UpdateBindConfig "/tmp/""$ExternalView"".conf" "$BindIncludeFileFolder""$ExternalView"".conf"
|
||||
UpdateBindConfig "$TempFolder""$ExternalView"".conf" "$BindIncludeFileFolder""$ExternalView"".conf"
|
||||
|
||||
if [ $ReConfigBind -ne 0 ] || [ -f "/tmp/dnsscript-forcereconf" ]; then
|
||||
if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then
|
||||
|
|
|
|||
Loading…
Reference in New Issue