configurable Temp-Folder; DNSSEC for master-zone with multiple synchronising servers
Signed-off-by: Blackyfff <blackyfff@noreply.git.freifunk-franken.de>
This commit is contained in:
parent
092e2f9994
commit
2a5069d0b1
|
@ -7,6 +7,8 @@ Weiterhin werden bei eigener Subdomain die momentan vergebenen Adressen von dnsm
|
||||||
Das ermöglicht eine Namensauflösung für Freifunk-Teilnehmer ohne manuelle Konfiguration.
|
Das ermöglicht eine Namensauflösung für Freifunk-Teilnehmer ohne manuelle Konfiguration.
|
||||||
Damit kann jeder Freifunk-Teilnehmer ein gültiges TLS-Zertifikat bekommen, sofern DHCPv6 am Gateway aktiviert ist.
|
Damit kann jeder Freifunk-Teilnehmer ein gültiges TLS-Zertifikat bekommen, sofern DHCPv6 am Gateway aktiviert ist.
|
||||||
|
|
||||||
|
DNSSEC wird für jede Zone unterstützt, allerdings nur für die Hauptzone mit mehreren Servern. Für Subdomainserver darf mit DNSSEC nur jeweils ein Server authorativ sein.
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
#### Systemanforderungen
|
#### Systemanforderungen
|
||||||
|
@ -72,7 +74,7 @@ view "icvpn-internal-view" {
|
||||||
[..] # eigene Optionen
|
[..] # eigene Optionen
|
||||||
|
|
||||||
|
|
||||||
include "/etc/bind/fff.community-internal.conf"; # auto-generated
|
include "/etc/bind/icvpn-internal-view.conf"; # auto-generated
|
||||||
|
|
||||||
include "/etc/bind/icvpn-zones.conf"; # Nicht vergessen ;)
|
include "/etc/bind/icvpn-zones.conf"; # Nicht vergessen ;)
|
||||||
|
|
||||||
|
@ -83,7 +85,7 @@ view "external-view" {
|
||||||
match-clients { any; };
|
match-clients { any; };
|
||||||
[..] # eigene Optionen
|
[..] # eigene Optionen
|
||||||
|
|
||||||
include "/etc/bind/fff.community-external.conf"; # auto-generated
|
include "/etc/bind/external-view.conf"; # auto-generated
|
||||||
|
|
||||||
[..]
|
[..]
|
||||||
};
|
};
|
||||||
|
|
|
@ -31,6 +31,17 @@ zone \"""$1""\" {\n\
|
||||||
};" "$3"
|
};" "$3"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
GetAllSubNameservers() {
|
||||||
|
Domain="$(echo "$1" | sed -e 's/\./\\\./g')"
|
||||||
|
SubDomain="$(echo "$2" | sed -e 's/\./\\\./g')"
|
||||||
|
sed -ne 's/^\s*'"$SubDomain"'\(\.'"$Domain"'\.\)\?\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\s\+\(\S\+\)/\3/p' "$3" | \
|
||||||
|
sed -e 's/\([^.]\)$/\1\.'"$1"'\./g;s/\.$//g'
|
||||||
|
}
|
||||||
|
GetAllZoneNameservers() {
|
||||||
|
Domain="""$(echo "$1" | sed -e 's/\./\\\./g')"
|
||||||
|
sed -ne 's/^\s*\(@\|'"$Domain"'\.\)\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\s\+\(\S\+\)/\3/p' "$2" | \
|
||||||
|
sed -e 's/\([^.]\)$/\1\.'"$1"'\./g;s/\.$//g'
|
||||||
|
}
|
||||||
GetReverseZoneFileFromZone() {
|
GetReverseZoneFileFromZone() {
|
||||||
echo "db.""$(echo "$1" | awk -F. '{ printf $(NF-2);for(i=NF-3;i>0;--i) printf "."$i}')"
|
echo "db.""$(echo "$1" | awk -F. '{ printf $(NF-2);for(i=NF-3;i>0;--i) printf "."$i}')"
|
||||||
}
|
}
|
||||||
|
@ -103,7 +114,7 @@ GetServernameSEDEntry() {
|
||||||
echo "$ServerName" | sed -r 's/\./\\\./g'
|
echo "$ServerName" | sed -r 's/\./\\\./g'
|
||||||
}
|
}
|
||||||
NormalizeZoneFileFormatting() {
|
NormalizeZoneFileFormatting() {
|
||||||
awk 'BEGIN{FS="\t"}{l=length($1);f=substr(" ", 1+length($1));
|
awk 'BEGIN{FS="\t"}{l=length($1);f=substr(" ", 1+length($1));
|
||||||
s=substr(" ", 1+length($2));
|
s=substr(" ", 1+length($2));
|
||||||
x=substr($0,length($1)+length($2)+3);
|
x=substr($0,length($1)+length($2)+3);
|
||||||
print $1 f " " $2 s " " x}'
|
print $1 f " " $2 s " " x}'
|
||||||
|
@ -160,6 +171,76 @@ IPv4IsInSubnet() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
return $AreEqual
|
return $AreEqual
|
||||||
|
|
||||||
|
}
|
||||||
|
GetOwnKeysForZone () {
|
||||||
|
DNSSECKeyFolder="$1"
|
||||||
|
Domain="$2"
|
||||||
|
if [ -n "$DNSSECKeyFolder" ];then
|
||||||
|
for OwnKeyFile in "$DNSSECKeyFolder""K""$Domain"".+"*".key"; do
|
||||||
|
sed -ne '/^;/d;s/^'"$Domain"'\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Nn][Ss][Kk][Ee][Yy]\s\+\(.*\)$/_dnsseckeys\.'"$Domain"'\.\tIN TXT\t\"\2\"/p' "$OwnKeyFile" | \
|
||||||
|
NormalizeZoneFileFormatting
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
UpdateDNSSECEntryCache () {
|
||||||
|
Domain="$1"
|
||||||
|
ZoneTempFolder="$2"
|
||||||
|
CachedZoneFile="$3"
|
||||||
|
DNSSECKeyFolder="$4"
|
||||||
|
UpdateMaster=0
|
||||||
|
|
||||||
|
Nameservers="$(GetAllZoneNameservers "$Domain" "$CachedZoneFile")"
|
||||||
|
|
||||||
|
mkdir -p "$ZoneTempFolder"
|
||||||
|
for KeyFile in "$ZoneTempFolder"*; do
|
||||||
|
[ "$KeyFile" = "$ZoneTempFolder""*" ] || \
|
||||||
|
mv "$KeyFile" "$ZoneTempFolder""Old""${KeyFile##*"$ZoneTempFolder"}"
|
||||||
|
done
|
||||||
|
for Nameserver in $Nameservers; do
|
||||||
|
if [ "$Nameserver" = "$DNSSCRIPT_SERVER_NAME" ]; then
|
||||||
|
DNSKEYS="$( GetOwnKeysForZone "$DNSSECKeyFolder" "$Domain" )"
|
||||||
|
else
|
||||||
|
DNSKEYS="$(delv @"$Nameserver" _dnsseckeys."$Domain" TXT 2>/dev/null | \
|
||||||
|
sed -ne '/^;/d;s/^.*\sIN\s\+TXT\s\+"\(.*\)"$/'"$Domain"'.\tIN DNSKEY\t\1/p' | \
|
||||||
|
NormalizeZoneFileFormatting )"
|
||||||
|
fi
|
||||||
|
if [ -n "$DNSKEYS" ] && [ "$DNSKEYS" != "$(cat "$ZoneTempFolder""OldKeys.""$Nameserver" 2>/dev/null)" ]; then
|
||||||
|
echo "$DNSKEYS" > "$ZoneTempFolder""Keys.""$Nameserver"
|
||||||
|
UpdateMaster=1
|
||||||
|
elif [ -f "$ZoneTempFolder""OldKeys.""$Nameserver" ]; then
|
||||||
|
mv "$ZoneTempFolder""OldKeys.""$Nameserver" "$ZoneTempFolder""Keys.""$Nameserver"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
SEDDomain="$(echo "$Domain" | sed -e 's/\./\\\./g')"
|
||||||
|
ChildServers="$( sed -ne '/^\s*\(@\|'"$SEDDomain"'\.\)\s/!s/^\s*\(\S\+\)\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\s\+\(\S\+\);\?.*$/\1#\3/p' "$CachedZoneFile" | \
|
||||||
|
sed -e 's/\([^.]\)$/\1\.'"$Domain"'\./g;s/\.$//g;s/\([^.]\)#/\1\.'"$Domain"'\.#/g;s/\.#/#/g' )"
|
||||||
|
for ChildServer in $ChildServers; do
|
||||||
|
DNSKEYS="$(delv @"${ChildServer##*\#}" "${ChildServer%%\#*}" CDS 2>/dev/null | \
|
||||||
|
sed -ne '/^;/d;s/^.*\sIN\s\+CDS\s\+\(.*\)$/'"${ChildServer%%\#*}"'.\tIN DS\t\1/p' | \
|
||||||
|
NormalizeZoneFileFormatting )"
|
||||||
|
|
||||||
|
if [ -n "$DNSKEYS" ]; then
|
||||||
|
DNSKEYS="$(echo "$DNSKEYS" | sed -e '/\sIN\s\+DS\s\+0\s\+0\s\+0\s\+0/d')"
|
||||||
|
if [ "$DNSKEYS" != "$(cat "$ZoneTempFolder""OldChildKeys.""$ChildServer" 2>/dev/null)" ]; then
|
||||||
|
[ -z "$DNSKEYS" ] || echo "$DNSKEYS" > "$ZoneTempFolder""ChildKeys.""$ChildServer"
|
||||||
|
UpdateMaster=1
|
||||||
|
elif [ -n "$DNSKEYS" ]; then
|
||||||
|
mv "$ZoneTempFolder""OldChildKeys.""$ChildServer" "$ZoneTempFolder""ChildKeys.""$ChildServer"
|
||||||
|
elif [ -f "$ZoneTempFolder""OldKeys.""$Nameserver" ]; then
|
||||||
|
UpdateMaster=1
|
||||||
|
fi
|
||||||
|
elif [ -f "$ZoneTempFolder""OldChildKeys.""$Nameserver" ]; then
|
||||||
|
mv "$ZoneTempFolder""OldChildKeys.""$ChildServer" "$ZoneTempFolder""ChildKeys.""$ChildServer"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
for KeyFile in "$ZoneTempFolder""Old"*; do
|
||||||
|
[ "$KeyFile" = "$ZoneTempFolder""Old*" ] || \
|
||||||
|
rm -f "$KeyFile"
|
||||||
|
done
|
||||||
|
echo "$UpdateMaster"
|
||||||
}
|
}
|
||||||
ReloadZone() {
|
ReloadZone() {
|
||||||
if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then
|
if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then
|
||||||
|
|
169
update-dns.sh
169
update-dns.sh
|
@ -5,11 +5,10 @@ set -e
|
||||||
|
|
||||||
# Communityconfig
|
# Communityconfig
|
||||||
CommunityDomain="fff.community"
|
CommunityDomain="fff.community"
|
||||||
CommunityExternDomain="extern.fff.community"
|
CommunityExternPrefix="extern"
|
||||||
CommunitySubnets="10.50.0/16 10.83.0/16 fd43:5602:29bd::/48"
|
CommunitySubnets="10.50.0/16 10.83.0/16 fd43:5602:29bd::/48"
|
||||||
RemoteLocation="https://git.freifunk-franken.de/freifunk-franken/dns/raw/branch/master/"
|
RemoteLocation="https://git.freifunk-franken.de/freifunk-franken/dns/raw/branch/master/"
|
||||||
DNSSECPolicy=""
|
DNSSECPolicy="herpf"
|
||||||
ServeMasterZone=0
|
|
||||||
|
|
||||||
# Serverconfig
|
# Serverconfig
|
||||||
export DNSSCRIPT_CONTACT_EMAIL=info.freifunk-herpf.de.
|
export DNSSCRIPT_CONTACT_EMAIL=info.freifunk-herpf.de.
|
||||||
|
@ -18,8 +17,10 @@ export DNSSCRIPT_SERVER_NAME=dns.herpf.fff.community
|
||||||
UpdateScriptsFolder="/usr/lib/ffdns/"
|
UpdateScriptsFolder="/usr/lib/ffdns/"
|
||||||
ZoneFilesFolder="/etc/bind/fff/"
|
ZoneFilesFolder="/etc/bind/fff/"
|
||||||
BindIncludeFileFolder="/etc/bind/"
|
BindIncludeFileFolder="/etc/bind/"
|
||||||
|
DNSSECKeyFolder="/etc/bind/keys/"
|
||||||
|
TempFolder="/tmp/dnsscripts/"
|
||||||
# specify the bird/babel or other routing table[s]
|
# specify the bird/babel or other routing table[s]
|
||||||
# if RoutingTables is empty, the ICVPN-ACL-List will be fetched remotely (for servers that are no gateways)
|
# if RoutingTables is empty, the ICVPN-ACL-List will be fetched remotely (for servers that are no gateway)
|
||||||
RoutingTables="10"
|
RoutingTables="10"
|
||||||
|
|
||||||
# -1 -> disable bind [restart|reload]
|
# -1 -> disable bind [restart|reload]
|
||||||
|
@ -28,7 +29,6 @@ RoutingTables="10"
|
||||||
# 2 -> OpenWRT /etc/init.d/named [reload|restart]
|
# 2 -> OpenWRT /etc/init.d/named [reload|restart]
|
||||||
export DNSSCRIPT_BIND_RELOAD_VER=0
|
export DNSSCRIPT_BIND_RELOAD_VER=0
|
||||||
|
|
||||||
# only necessary when rndc is used
|
|
||||||
InternalViews="icvpn-internal-view icvpn-internal-dns64-view"
|
InternalViews="icvpn-internal-view icvpn-internal-dns64-view"
|
||||||
ExternalView="external-view"
|
ExternalView="external-view"
|
||||||
|
|
||||||
|
@ -45,24 +45,74 @@ cd "$UpdateScriptsFolder"
|
||||||
. ./dns-functions.sh
|
. ./dns-functions.sh
|
||||||
|
|
||||||
FirstInternal="$( echo "$InternalViews" | sed -ne 's/^\(\S\+\)\s.*$/\1/p')"
|
FirstInternal="$( echo "$InternalViews" | sed -ne 's/^\(\S\+\)\s.*$/\1/p')"
|
||||||
MasterFile="$ZoneFilesFolder""db.""$FirstInternal"".""$CommunityDomain"
|
BindIcvpnAclTmp="$TempFolder""icvpn-acl.conf"
|
||||||
BindIcvpnAclTmp="/tmp/icvpn-acl.conf"
|
|
||||||
BindIcvpnAcl="$BindIncludeFileFolder""icvpn-acl.conf"
|
BindIcvpnAcl="$BindIncludeFileFolder""icvpn-acl.conf"
|
||||||
|
[ -z "$CommunityExternPrefix" ] || CommunityExternDomain="$CommunityExternPrefix"".""$CommunityDomain"
|
||||||
|
|
||||||
|
mkdir -p "$TempFolder""cache"
|
||||||
|
|
||||||
for IView in $InternalViews; do
|
for IView in $InternalViews; do
|
||||||
rm -f "/tmp/""$IView"".conf"
|
rm -f "$TempFolder""$IView"".conf"
|
||||||
done
|
done
|
||||||
rm -f "/tmp/""$ExternalView"".conf"
|
rm -f "$TempFolder""$ExternalView"".conf"
|
||||||
|
|
||||||
PreFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")"
|
CachedMasterFile="$TempFolder""cache/db.""$CommunityDomain"
|
||||||
curl -s -S -f "$RemoteLocation""db.""$CommunityDomain" --output "$MasterFile"
|
PreFetchMasterSerial="$(GetZoneFileSerial "$CachedMasterFile")"
|
||||||
|
curl -s -S -f "$RemoteLocation""db.""$CommunityDomain" --output "$CachedMasterFile"
|
||||||
if [ $ServeMasterZone -ne 0 ]; then
|
PostFetchMasterSerial="$(GetZoneFileSerial "$CachedMasterFile")"
|
||||||
PostFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")"
|
ServeMasterZone="$( GetAllZoneNameservers "$CommunityDomain" "$CachedMasterFile" | awk '{for(i=NF;i>0;--i) if($i=="'"$DNSSCRIPT_SERVER_NAME"'") {printf 1}}')"
|
||||||
if [ $((PostFetchMasterSerial)) -gt $((PreFetchMasterSerial)) ]; then
|
if [ -n "$CommunityExternDomain" ]; then
|
||||||
ReloadZone "$CommunityDomain" "$InternalViews"
|
if [ -n "$ServeMasterZone" ]; then
|
||||||
|
ServeExtZone="1"
|
||||||
|
else
|
||||||
|
ServeExtZone="$( GetAllSubNameservers "$CommunityDomain" "$CommunityExternPrefix" "$CachedMasterFile" | awk '{for(i=NF;i>0;--i) if($i=="'"$DNSSCRIPT_SERVER_NAME"'") {printf 1}}')"
|
||||||
fi
|
fi
|
||||||
|
else
|
||||||
|
ServeExtZone=""
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "$ServeMasterZone" ] || [ -n "$ServeExtZone" ]; then
|
||||||
|
sed -i -e '/^\s*_dnsseckeys\./d' "$CachedMasterFile"
|
||||||
|
FileForExternGeneration="$CachedMasterFile"
|
||||||
|
if [ -n "$ExternalView" ]; then
|
||||||
|
ExternFile="$ZoneFilesFolder""db.""$ExternalView"".""$CommunityDomain"
|
||||||
|
else
|
||||||
|
ExternFile="$ZoneFilesFolder""db.""$CommunityExternDomain"
|
||||||
|
fi
|
||||||
|
LocalMasterSerial=$((PostFetchMasterSerial))
|
||||||
|
if [ -n "$ServeMasterZone" ]; then
|
||||||
|
MasterFile="$ZoneFilesFolder""db.""$FirstInternal"".""$CommunityDomain"
|
||||||
|
FileForExternGeneration="$MasterFile"
|
||||||
|
UpdateMaster=0
|
||||||
|
ZoneTempFolder="$TempFolder""cache/""$CommunityDomain""/"
|
||||||
|
|
||||||
|
UpdateMaster="$(UpdateDNSSECEntryCache "$CommunityDomain" "$ZoneTempFolder" "$CachedMasterFile" "$DNSSECKeyFolder")"
|
||||||
|
[ $((PostFetchMasterSerial)) -le $((PreFetchMasterSerial)) ] || UpdateMaster=1
|
||||||
|
|
||||||
|
if [ $UpdateMaster -ne 0 ]; then
|
||||||
|
cp -f "$CachedMasterFile" "$CachedMasterFile""I"
|
||||||
|
for KeyFile in "$ZoneTempFolder"*; do
|
||||||
|
[ "$KeyFile" = "$ZoneTempFolder""*" ] || \
|
||||||
|
cat "$KeyFile" >> "$CachedMasterFile""I"
|
||||||
|
done
|
||||||
|
LocalMasterSerial="$(GetZoneFileSerial "$MasterFile")"
|
||||||
|
|
||||||
|
if [ $((PostFetchMasterSerial)) -le $((LocalMasterSerial)) ]; then
|
||||||
|
LocalMasterSerial=$((LocalMasterSerial+1))
|
||||||
|
sed -i -e 's/^\(\s*\)'"$PostFetchMasterSerial"'\(\s*;\s*[Ss]erial.*\)$/\1'"$LocalMasterSerial"'\3/g' "$CachedMasterFile""I"
|
||||||
|
sed -i -e 's/^\(\s*\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\s\+\S\+\s\+\S\+\s\+\)'"$PostFetchMasterSerial"'\(\s\+.*\)$/\1'"$LocalMasterSerial"'\3/g' "$CachedMasterFile""I"
|
||||||
|
else
|
||||||
|
LocalMasterSerial=$((PostFetchMasterSerial))
|
||||||
|
fi
|
||||||
|
mv "$CachedMasterFile""I" "$MasterFile"
|
||||||
|
ReloadZone "$CommunityDomain" "$InternalViews"
|
||||||
|
|
||||||
|
for IView in $InternalViews; do
|
||||||
|
InternViewMasterZone="$ZoneFilesFolder""db.""$IView"".""$CommunityDomain"
|
||||||
|
[ -f "$InternViewMasterZone" ] || ln -s "$MasterFile" "$InternViewMasterZone"
|
||||||
|
InsertZoneToIncludeFile "$CommunityDomain" "$InternViewMasterZone" "$TempFolder""$IView"".conf" "$DNSSECPolicy"
|
||||||
|
done
|
||||||
|
fi
|
||||||
for Subnet in $CommunitySubnets; do
|
for Subnet in $CommunitySubnets; do
|
||||||
ReverseDomains="$(GetReverseDomains "$Subnet")"
|
ReverseDomains="$(GetReverseDomains "$Subnet")"
|
||||||
for RDomain in $ReverseDomains; do
|
for RDomain in $ReverseDomains; do
|
||||||
|
@ -72,29 +122,72 @@ if [ $ServeMasterZone -ne 0 ]; then
|
||||||
rm -f "$ZoneFilesFolder""static.""$ReverseZoneFile"
|
rm -f "$ZoneFilesFolder""static.""$ReverseZoneFile"
|
||||||
./update-rdnszone.sh "$RDomain" "$ForwardZones" "$ZoneFilesFolder""$ReverseZoneFile" "$TTLReReExMi" "$InternalViews"
|
./update-rdnszone.sh "$RDomain" "$ForwardZones" "$ZoneFilesFolder""$ReverseZoneFile" "$TTLReReExMi" "$InternalViews"
|
||||||
for IView in $InternalViews; do
|
for IView in $InternalViews; do
|
||||||
InsertZoneToIncludeFile "${RDomain%*.}" "$ZoneFilesFolder""$ReverseZoneFile" "/tmp/""$IView"".conf"
|
InsertZoneToIncludeFile "${RDomain%*.}" "$ZoneFilesFolder""$ReverseZoneFile" "$TempFolder""$IView"".conf"
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
ExternFile="$ZoneFilesFolder""db.""$ExternalView"".""$CommunityDomain"
|
if [ -n "$ExternalView" ]; then
|
||||||
./update-extzone.sh "$MasterFile" "$ExternFile" "$CommunityDomain" "$ExternalView" "$CommunityExternDomain" "$InternalViews"
|
InsertZoneToIncludeFile "$CommunityDomain" "$ExternFile" "$TempFolder""$ExternalView"".conf" "$DNSSECPolicy"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
for IView in $InternalViews; do
|
UpdateExternView=0
|
||||||
InternViewMasterZone="$ZoneFilesFolder""db.""$IView"".""$CommunityDomain"
|
if [ -n "$ExternalView" ] || [ -n "$ServeExtZone" ]; then
|
||||||
[ -f "$InternViewMasterZone" ] || ln -s "$MasterFile" "$InternViewMasterZone"
|
SerialExtern="$(GetZoneFileSerial "$ExternFile")"
|
||||||
InsertZoneToIncludeFile "$CommunityDomain" "$InternViewMasterZone" "/tmp/""$IView"".conf" "$DNSSECPolicy"
|
if [ $((LocalMasterSerial)) -gt $((SerialExtern)) ]; then
|
||||||
|
sed -e '/^[^;]*\s\(10.\|[fF][cdCD][0-9a-fA-F]\{2\}:\)\S*\s*\(;.*\)\?$/d; \
|
||||||
|
s/^[^;^@]*\s\+\([^;]*\)\s[Ii][Nn]\s\+[Ss][Oo][Aa]\s/@ \1 IN SOA /g' "$FileForExternGeneration" \
|
||||||
|
> "$ExternFile"
|
||||||
|
UpdateExternView=1
|
||||||
|
[ -z "$ExternalView" ] || ReloadZone "$CommunityExternDomain" "$ExternalView"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
UpdateExternDomain=0
|
||||||
|
if [ -n "$ServeExtZone" ]; then
|
||||||
|
MasterExtDomainFile="$ZoneFilesFolder""db.""$FirstInternal"".""$CommunityExternDomain"
|
||||||
|
ZoneTempFolder="$TempFolder""cache/""$CommunityExternDomain""/"
|
||||||
|
cp -f "$ExternFile" "$CachedMasterFile""E"
|
||||||
|
sed -i -e '/^\s*_dnsseckeys\./d' "$CachedMasterFile""E"
|
||||||
|
[ -n "$(sed -e '/^\s*\(@\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\)\s/!d' "$CachedMasterFile""E")" ] || \
|
||||||
|
sed -i -e 's/^\s*\(@\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\)\s\+\S\+\s\+\S\+\s/\1 '"$DNSSCRIPT_SERVER_NAME"'. '"$DNSSCRIPT_CONTACT_EMAIL"' /g' "$CachedMasterFile""E"
|
||||||
|
|
||||||
|
sed -i -e 's/^\s*'"$CommunityExternPrefix"'\s/@ /g;/^\s*@\s\+[Ii][Nn]\s\+[Dd][Ss]\s/d' "$CachedMasterFile""E"
|
||||||
|
|
||||||
|
UpdateExternDomain="$(UpdateDNSSECEntryCache "$CommunityExternDomain" "$ZoneTempFolder" "$CachedMasterFile""E" "$DNSSECKeyFolder")"
|
||||||
|
[ $UpdateExternView -eq 0 ] || UpdateExternDomain=1
|
||||||
|
|
||||||
|
if [ $UpdateExternDomain -ne 0 ]; then
|
||||||
|
for KeyFile in "$ZoneTempFolder"*; do
|
||||||
|
[ "$KeyFile" = "$ZoneTempFolder""*" ] || \
|
||||||
|
cat "$KeyFile" >> "$CachedMasterFile""E"
|
||||||
done
|
done
|
||||||
InsertZoneToIncludeFile "$CommunityDomain" "$ExternFile" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy"
|
LocalExtDomainMasterSerial="$(GetZoneFileSerial "$MasterExtDomainFile")"
|
||||||
if [ -n "$CommunityExternDomain" ]; then
|
|
||||||
|
if [ $((LocalMasterSerial)) -le $((LocalExtDomainMasterSerial)) ]; then
|
||||||
|
LocalExtDomainMasterSerial=$((LocalExtDomainMasterSerial+1))
|
||||||
|
sed -i -e 's/^\(\s*\)'"$LocalMasterSerial"'\(\s*;\s*[Ss]erial.*\)$/\1'"$LocalExtDomainMasterSerial"'\3/g' "$CachedMasterFile""E"
|
||||||
|
sed -i -e 's/^\(\s*\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\s\+\S\+\s\+\S\+\s\+\)'"$LocalMasterSerial"'\(\s\+.*\)$/\1'"$LocalExtDomainMasterSerial"'\3/g' "$CachedMasterFile""E"
|
||||||
|
fi
|
||||||
|
mv "$CachedMasterFile""E" "$MasterExtDomainFile"
|
||||||
|
ReloadZone "$CommunityExternDomain" "$InternalViews"
|
||||||
|
fi
|
||||||
for IView in $InternalViews; do
|
for IView in $InternalViews; do
|
||||||
InternViewExternZone="$ZoneFilesFolder""db.""$IView"".""$CommunityExternDomain"
|
InternViewExternZone="$ZoneFilesFolder""db.""$IView"".""$CommunityExternDomain"
|
||||||
[ -f "$InternViewExternZone" ] || ln -s "$ExternFile" "$InternViewExternZone"
|
[ -f "$InternViewExternZone" ] || ln -s "$MasterExtDomainFile" "$InternViewExternZone"
|
||||||
InsertZoneToIncludeFile "$CommunityExternDomain" "$InternViewExternZone" "/tmp/""$IView"".conf" "$DNSSECPolicy"
|
InsertZoneToIncludeFile "$CommunityExternDomain" "$InternViewExternZone" "$TempFolder""$IView"".conf" "$DNSSECPolicy"
|
||||||
done
|
done
|
||||||
|
if [ -n "$ExternalView" ]; then
|
||||||
ExternViewExternZone="$ZoneFilesFolder""db.""$ExternalView"".""$CommunityExternDomain"
|
ExternViewExternZone="$ZoneFilesFolder""db.""$ExternalView"".""$CommunityExternDomain"
|
||||||
[ -f "$ExternViewExternZone" ] || ln -s "$ExternFile" "$ExternViewExternZone"
|
[ -f "$ExternViewExternZone" ] || ln -s "$MasterExtDomainFile" "$ExternViewExternZone"
|
||||||
InsertZoneToIncludeFile "$CommunityExternDomain" "$ExternViewExternZone" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy"
|
InsertZoneToIncludeFile "$CommunityExternDomain" "$ExternViewExternZone" "$TempFolder""$ExternalView"".conf" "$DNSSECPolicy"
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$MasterFile" ]; then
|
||||||
|
MasterFile="$ZoneFilesFolder""db.""$FirstInternal"".""$CommunityDomain"
|
||||||
|
cp -f "$CachedMasterFile" "$MasterFile"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# set shorter TTL for Hoods
|
# set shorter TTL for Hoods
|
||||||
|
@ -130,7 +223,7 @@ for Hood in $Hoods; do
|
||||||
ReverseZoneFileFullPath="$ZoneFilesFolder""$(GetReverseZoneFileFromZone "${RDomain%*.}")"
|
ReverseZoneFileFullPath="$ZoneFilesFolder""$(GetReverseZoneFileFromZone "${RDomain%*.}")"
|
||||||
./update-rdnszone.sh "$RDomain" "$HoodForwardZones" "$ReverseZoneFileFullPath" "$TTLReReExMi" "$InternalViews"
|
./update-rdnszone.sh "$RDomain" "$HoodForwardZones" "$ReverseZoneFileFullPath" "$TTLReReExMi" "$InternalViews"
|
||||||
for IView in $InternalViews; do
|
for IView in $InternalViews; do
|
||||||
InsertZoneToIncludeFile "${RDomain%*.}" "$ReverseZoneFileFullPath" "/tmp/""$IView"".conf"
|
InsertZoneToIncludeFile "${RDomain%*.}" "$ReverseZoneFileFullPath" "$TempFolder""$IView"".conf"
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
@ -145,19 +238,19 @@ for Hood in $Hoods; do
|
||||||
for IView in $InternalViews; do
|
for IView in $InternalViews; do
|
||||||
InternViewMasterZone="$ZoneFilesFolder""db.""$IView"".""$HoodDomain"
|
InternViewMasterZone="$ZoneFilesFolder""db.""$IView"".""$HoodDomain"
|
||||||
[ -f "$InternViewMasterZone" ] || ln -s "$HoodZoneFile" "$InternViewMasterZone"
|
[ -f "$InternViewMasterZone" ] || ln -s "$HoodZoneFile" "$InternViewMasterZone"
|
||||||
InsertZoneToIncludeFile "$HoodDomain" "$InternViewMasterZone" "/tmp/""$IView"".conf" "$DNSSECPolicy"
|
InsertZoneToIncludeFile "$HoodDomain" "$InternViewMasterZone" "$TempFolder""$IView"".conf" "$DNSSECPolicy"
|
||||||
done
|
done
|
||||||
InsertZoneToIncludeFile "$HoodDomain" "$ExternFile" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy"
|
InsertZoneToIncludeFile "$HoodDomain" "$ExternFile" "$TempFolder""$ExternalView"".conf" "$DNSSECPolicy"
|
||||||
|
|
||||||
if [ -n "$HoodExternDomain" ]; then
|
if [ -n "$HoodExternDomain" ]; then
|
||||||
for IView in $InternalViews; do
|
for IView in $InternalViews; do
|
||||||
InternViewExternZone="$ZoneFilesFolder""db.""$IView"".""$HoodExternDomain"
|
InternViewExternZone="$ZoneFilesFolder""db.""$IView"".""${Hood%%\#*}"".""$CommunityExternDomain"
|
||||||
[ -f "$InternViewExternZone" ] || ln -s "$ExternFile" "$InternViewExternZone"
|
[ -f "$InternViewExternZone" ] || ln -s "$ExternFile" "$InternViewExternZone"
|
||||||
InsertZoneToIncludeFile "$HoodExternDomain" "$InternViewExternZone" "/tmp/""$IView"".conf" "$DNSSECPolicy"
|
InsertZoneToIncludeFile "${Hood%%\#*}"".""$CommunityExternDomain" "$InternViewExternZone" "$TempFolder""$IView"".conf" "$DNSSECPolicy"
|
||||||
done
|
done
|
||||||
ExternViewExternZone="$ZoneFilesFolder""db.""$ExternalView"".""$HoodExternDomain"
|
ExternViewExternZone="$ZoneFilesFolder""db.""$ExternalView"".""${Hood%%\#*}"".""$CommunityExternDomain"
|
||||||
[ -f "$ExternViewExternZone" ] || ln -s "$ExternFile" "$ExternViewExternZone"
|
[ -f "$ExternViewExternZone" ] || ln -s "$ExternFile" "$ExternViewExternZone"
|
||||||
InsertZoneToIncludeFile "$HoodExternDomain" "$ExternViewExternZone" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy"
|
InsertZoneToIncludeFile "${Hood%%\#*}"".""$CommunityExternDomain" "$ExternViewExternZone" "$TempFolder""$ExternalView"".conf" "$DNSSECPolicy"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
@ -175,9 +268,9 @@ UpdateBindConfig() {
|
||||||
|
|
||||||
UpdateBindConfig "$BindIcvpnAclTmp" "$BindIcvpnAcl"
|
UpdateBindConfig "$BindIcvpnAclTmp" "$BindIcvpnAcl"
|
||||||
for IView in $InternalViews; do
|
for IView in $InternalViews; do
|
||||||
UpdateBindConfig "/tmp/""$IView"".conf" "$BindIncludeFileFolder""$IView"".conf"
|
UpdateBindConfig "$TempFolder""$IView"".conf" "$BindIncludeFileFolder""$IView"".conf"
|
||||||
done
|
done
|
||||||
UpdateBindConfig "/tmp/""$ExternalView"".conf" "$BindIncludeFileFolder""$ExternalView"".conf"
|
UpdateBindConfig "$TempFolder""$ExternalView"".conf" "$BindIncludeFileFolder""$ExternalView"".conf"
|
||||||
|
|
||||||
if [ $ReConfigBind -ne 0 ] || [ -f "/tmp/dnsscript-forcereconf" ]; then
|
if [ $ReConfigBind -ne 0 ] || [ -f "/tmp/dnsscript-forcereconf" ]; then
|
||||||
if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then
|
if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then
|
||||||
|
|
Loading…
Reference in New Issue