freifunk-franken
/
dns-scripts
6
1
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

configurable Temp-Folder; DNSSEC for master-zone with multiple synchronising servers 

Signed-off-by: Blackyfff <blackyfff@noreply.git.freifunk-franken.de>
This commit is contained in:
Blackyfff 2021-03-10 00:02:15 +01:00
parent 092e2f9994
commit 2a5069d0b1
3 changed files with 217 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -7,6 +7,8 @@ Weiterhin werden bei eigener Subdomain die momentan vergebenen Adressen von dnsm
Das ermöglicht eine Namensauflösung für Freifunk-Teilnehmer ohne manuelle Konfiguration. Das ermöglicht eine Namensauflösung für Freifunk-Teilnehmer ohne manuelle Konfiguration.
Damit kann jeder Freifunk-Teilnehmer ein gültiges TLS-Zertifikat bekommen, sofern DHCPv6 am Gateway aktiviert ist. Damit kann jeder Freifunk-Teilnehmer ein gültiges TLS-Zertifikat bekommen, sofern DHCPv6 am Gateway aktiviert ist.
DNSSEC wird für jede Zone unterstützt, allerdings nur für die Hauptzone mit mehreren Servern. Für Subdomainserver darf mit DNSSEC nur jeweils ein Server authorativ sein.
## Installation ## Installation
#### Systemanforderungen #### Systemanforderungen
@ -72,7 +74,7 @@ view "icvpn-internal-view" {
[..] # eigene Optionen [..] # eigene Optionen
include "/etc/bind/fff.community-internal.conf"; # auto-generated include "/etc/bind/icvpn-internal-view.conf"; # auto-generated
include "/etc/bind/icvpn-zones.conf"; # Nicht vergessen ;) include "/etc/bind/icvpn-zones.conf"; # Nicht vergessen ;)
@ -83,7 +85,7 @@ view "external-view" {
match-clients { any; }; match-clients { any; };
[..] # eigene Optionen [..] # eigene Optionen
include "/etc/bind/fff.community-external.conf"; # auto-generated include "/etc/bind/external-view.conf"; # auto-generated
[..] [..]
}; };

83
dns-functions.sh
View File

@ -31,6 +31,17 @@ zone \"""$1""\" {\n\
};" "$3" };" "$3"
fi fi
} }
GetAllSubNameservers() {
Domain="$(echo "$1" | sed -e 's/\./\\\./g')"
SubDomain="$(echo "$2" | sed -e 's/\./\\\./g')"
sed -ne 's/^\s*'"$SubDomain"'\(\.'"$Domain"'\.\)\?\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\s\+\(\S\+\)/\3/p' "$3" | \
sed -e 's/\([^.]\)$/\1\.'"$1"'\./g;s/\.$//g'
}
GetAllZoneNameservers() {
Domain="""$(echo "$1" | sed -e 's/\./\\\./g')"
sed -ne 's/^\s*\(@\|'"$Domain"'\.\)\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\s\+\(\S\+\)/\3/p' "$2" | \
sed -e 's/\([^.]\)$/\1\.'"$1"'\./g;s/\.$//g'
}
GetReverseZoneFileFromZone() { GetReverseZoneFileFromZone() {
echo "db.""$(echo "$1" | awk -F. '{ printf $(NF-2);for(i=NF-3;i>0;--i) printf "."$i}')" echo "db.""$(echo "$1" | awk -F. '{ printf $(NF-2);for(i=NF-3;i>0;--i) printf "."$i}')"
} }
@ -103,7 +114,7 @@ GetServernameSEDEntry() {
echo "$ServerName" | sed -r 's/\./\\\./g' echo "$ServerName" | sed -r 's/\./\\\./g'
} }
NormalizeZoneFileFormatting() { NormalizeZoneFileFormatting() {
awk 'BEGIN{FS="\t"}{l=length($1);f=substr(" ", 1+length($1)); awk 'BEGIN{FS="\t"}{l=length($1);f=substr(" ", 1+length($1));
s=substr(" ", 1+length($2)); s=substr(" ", 1+length($2));
x=substr($0,length($1)+length($2)+3); x=substr($0,length($1)+length($2)+3);
print $1 f " " $2 s " " x}' print $1 f " " $2 s " " x}'
@ -160,6 +171,76 @@ IPv4IsInSubnet() {
fi fi
return $AreEqual return $AreEqual
}
GetOwnKeysForZone () {
DNSSECKeyFolder="$1"
Domain="$2"
if [ -n "$DNSSECKeyFolder" ];then
for OwnKeyFile in "$DNSSECKeyFolder""K""$Domain"".+"*".key"; do
sed -ne '/^;/d;s/^'"$Domain"'\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Nn][Ss][Kk][Ee][Yy]\s\+\(.*\)$/_dnsseckeys\.'"$Domain"'\.\tIN TXT\t\"\2\"/p' "$OwnKeyFile" | \
NormalizeZoneFileFormatting
done
fi
}
UpdateDNSSECEntryCache () {
Domain="$1"
ZoneTempFolder="$2"
CachedZoneFile="$3"
DNSSECKeyFolder="$4"
UpdateMaster=0
Nameservers="$(GetAllZoneNameservers "$Domain" "$CachedZoneFile")"
mkdir -p "$ZoneTempFolder"
for KeyFile in "$ZoneTempFolder"*; do
[ "$KeyFile" = "$ZoneTempFolder""*" ] || \
mv "$KeyFile" "$ZoneTempFolder""Old""${KeyFile##*"$ZoneTempFolder"}"
done
for Nameserver in $Nameservers; do
if [ "$Nameserver" = "$DNSSCRIPT_SERVER_NAME" ]; then
DNSKEYS="$( GetOwnKeysForZone "$DNSSECKeyFolder" "$Domain" )"
else
DNSKEYS="$(delv @"$Nameserver" _dnsseckeys."$Domain" TXT 2>/dev/null | \
sed -ne '/^;/d;s/^.*\sIN\s\+TXT\s\+"\(.*\)"$/'"$Domain"'.\tIN DNSKEY\t\1/p' | \
NormalizeZoneFileFormatting )"
fi
if [ -n "$DNSKEYS" ] && [ "$DNSKEYS" != "$(cat "$ZoneTempFolder""OldKeys.""$Nameserver" 2>/dev/null)" ]; then
echo "$DNSKEYS" > "$ZoneTempFolder""Keys.""$Nameserver"
UpdateMaster=1
elif [ -f "$ZoneTempFolder""OldKeys.""$Nameserver" ]; then
mv "$ZoneTempFolder""OldKeys.""$Nameserver" "$ZoneTempFolder""Keys.""$Nameserver"
fi
done
SEDDomain="$(echo "$Domain" | sed -e 's/\./\\\./g')"
ChildServers="$( sed -ne '/^\s*\(@\|'"$SEDDomain"'\.\)\s/!s/^\s*\(\S\+\)\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\s\+\(\S\+\);\?.*$/\1#\3/p' "$CachedZoneFile" | \
sed -e 's/\([^.]\)$/\1\.'"$Domain"'\./g;s/\.$//g;s/\([^.]\)#/\1\.'"$Domain"'\.#/g;s/\.#/#/g' )"
for ChildServer in $ChildServers; do
DNSKEYS="$(delv @"${ChildServer##*\#}" "${ChildServer%%\#*}" CDS 2>/dev/null | \
sed -ne '/^;/d;s/^.*\sIN\s\+CDS\s\+\(.*\)$/'"${ChildServer%%\#*}"'.\tIN DS\t\1/p' | \
NormalizeZoneFileFormatting )"
if [ -n "$DNSKEYS" ]; then
DNSKEYS="$(echo "$DNSKEYS" | sed -e '/\sIN\s\+DS\s\+0\s\+0\s\+0\s\+0/d')"
if [ "$DNSKEYS" != "$(cat "$ZoneTempFolder""OldChildKeys.""$ChildServer" 2>/dev/null)" ]; then
[ -z "$DNSKEYS" ] || echo "$DNSKEYS" > "$ZoneTempFolder""ChildKeys.""$ChildServer"
UpdateMaster=1
elif [ -n "$DNSKEYS" ]; then
mv "$ZoneTempFolder""OldChildKeys.""$ChildServer" "$ZoneTempFolder""ChildKeys.""$ChildServer"
elif [ -f "$ZoneTempFolder""OldKeys.""$Nameserver" ]; then
UpdateMaster=1
fi
elif [ -f "$ZoneTempFolder""OldChildKeys.""$Nameserver" ]; then
mv "$ZoneTempFolder""OldChildKeys.""$ChildServer" "$ZoneTempFolder""ChildKeys.""$ChildServer"
fi
done
for KeyFile in "$ZoneTempFolder""Old"*; do
[ "$KeyFile" = "$ZoneTempFolder""Old*" ] || \
rm -f "$KeyFile"
done
echo "$UpdateMaster"
} }
ReloadZone() { ReloadZone() {
if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then

169
update-dns.sh
View File

@ -5,11 +5,10 @@ set -e
# Communityconfig # Communityconfig
CommunityDomain="fff.community" CommunityDomain="fff.community"
CommunityExternDomain="extern.fff.community" CommunityExternPrefix="extern"
CommunitySubnets="10.50.0/16 10.83.0/16 fd43:5602:29bd::/48" CommunitySubnets="10.50.0/16 10.83.0/16 fd43:5602:29bd::/48"
RemoteLocation="https://git.freifunk-franken.de/freifunk-franken/dns/raw/branch/master/" RemoteLocation="https://git.freifunk-franken.de/freifunk-franken/dns/raw/branch/master/"
DNSSECPolicy="" DNSSECPolicy="herpf"
ServeMasterZone=0
# Serverconfig # Serverconfig
export DNSSCRIPT_CONTACT_EMAIL=info.freifunk-herpf.de. export DNSSCRIPT_CONTACT_EMAIL=info.freifunk-herpf.de.
@ -18,8 +17,10 @@ export DNSSCRIPT_SERVER_NAME=dns.herpf.fff.community
UpdateScriptsFolder="/usr/lib/ffdns/" UpdateScriptsFolder="/usr/lib/ffdns/"
ZoneFilesFolder="/etc/bind/fff/" ZoneFilesFolder="/etc/bind/fff/"
BindIncludeFileFolder="/etc/bind/" BindIncludeFileFolder="/etc/bind/"
DNSSECKeyFolder="/etc/bind/keys/"
TempFolder="/tmp/dnsscripts/"
# specify the bird/babel or other routing table[s] # specify the bird/babel or other routing table[s]
# if RoutingTables is empty, the ICVPN-ACL-List will be fetched remotely (for servers that are no gateways) # if RoutingTables is empty, the ICVPN-ACL-List will be fetched remotely (for servers that are no gateway)
RoutingTables="10" RoutingTables="10"
# -1 -> disable bind [restart|reload] # -1 -> disable bind [restart|reload]
@ -28,7 +29,6 @@ RoutingTables="10"
# 2 -> OpenWRT /etc/init.d/named [reload|restart] # 2 -> OpenWRT /etc/init.d/named [reload|restart]
export DNSSCRIPT_BIND_RELOAD_VER=0 export DNSSCRIPT_BIND_RELOAD_VER=0
# only necessary when rndc is used
InternalViews="icvpn-internal-view icvpn-internal-dns64-view" InternalViews="icvpn-internal-view icvpn-internal-dns64-view"
ExternalView="external-view" ExternalView="external-view"
@ -45,24 +45,74 @@ cd "$UpdateScriptsFolder"
. ./dns-functions.sh . ./dns-functions.sh
FirstInternal="$( echo "$InternalViews" | sed -ne 's/^\(\S\+\)\s.*$/\1/p')" FirstInternal="$( echo "$InternalViews" | sed -ne 's/^\(\S\+\)\s.*$/\1/p')"
MasterFile="$ZoneFilesFolder""db.""$FirstInternal"".""$CommunityDomain" BindIcvpnAclTmp="$TempFolder""icvpn-acl.conf"
BindIcvpnAclTmp="/tmp/icvpn-acl.conf"
BindIcvpnAcl="$BindIncludeFileFolder""icvpn-acl.conf" BindIcvpnAcl="$BindIncludeFileFolder""icvpn-acl.conf"
[ -z "$CommunityExternPrefix" ] || CommunityExternDomain="$CommunityExternPrefix"".""$CommunityDomain"
mkdir -p "$TempFolder""cache"
for IView in $InternalViews; do for IView in $InternalViews; do
rm -f "/tmp/""$IView"".conf" rm -f "$TempFolder""$IView"".conf"
done done
rm -f "/tmp/""$ExternalView"".conf" rm -f "$TempFolder""$ExternalView"".conf"
PreFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")" CachedMasterFile="$TempFolder""cache/db.""$CommunityDomain"
curl -s -S -f "$RemoteLocation""db.""$CommunityDomain" --output "$MasterFile" PreFetchMasterSerial="$(GetZoneFileSerial "$CachedMasterFile")"
curl -s -S -f "$RemoteLocation""db.""$CommunityDomain" --output "$CachedMasterFile"
if [ $ServeMasterZone -ne 0 ]; then PostFetchMasterSerial="$(GetZoneFileSerial "$CachedMasterFile")"
PostFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")" ServeMasterZone="$( GetAllZoneNameservers "$CommunityDomain" "$CachedMasterFile" | awk '{for(i=NF;i>0;--i) if($i=="'"$DNSSCRIPT_SERVER_NAME"'") {printf 1}}')"
if [ $((PostFetchMasterSerial)) -gt $((PreFetchMasterSerial)) ]; then if [ -n "$CommunityExternDomain" ]; then
ReloadZone "$CommunityDomain" "$InternalViews" if [ -n "$ServeMasterZone" ]; then
ServeExtZone="1"
else
ServeExtZone="$( GetAllSubNameservers "$CommunityDomain" "$CommunityExternPrefix" "$CachedMasterFile" | awk '{for(i=NF;i>0;--i) if($i=="'"$DNSSCRIPT_SERVER_NAME"'") {printf 1}}')"
fi fi
else
ServeExtZone=""
fi
if [ -n "$ServeMasterZone" ] || [ -n "$ServeExtZone" ]; then
sed -i -e '/^\s*_dnsseckeys\./d' "$CachedMasterFile"
FileForExternGeneration="$CachedMasterFile"
if [ -n "$ExternalView" ]; then
ExternFile="$ZoneFilesFolder""db.""$ExternalView"".""$CommunityDomain"
else
ExternFile="$ZoneFilesFolder""db.""$CommunityExternDomain"
fi
LocalMasterSerial=$((PostFetchMasterSerial))
if [ -n "$ServeMasterZone" ]; then
MasterFile="$ZoneFilesFolder""db.""$FirstInternal"".""$CommunityDomain"
FileForExternGeneration="$MasterFile"
UpdateMaster=0
ZoneTempFolder="$TempFolder""cache/""$CommunityDomain""/"
UpdateMaster="$(UpdateDNSSECEntryCache "$CommunityDomain" "$ZoneTempFolder" "$CachedMasterFile" "$DNSSECKeyFolder")"
[ $((PostFetchMasterSerial)) -le $((PreFetchMasterSerial)) ] || UpdateMaster=1
if [ $UpdateMaster -ne 0 ]; then
cp -f "$CachedMasterFile" "$CachedMasterFile""I"
for KeyFile in "$ZoneTempFolder"*; do
[ "$KeyFile" = "$ZoneTempFolder""*" ] || \
cat "$KeyFile" >> "$CachedMasterFile""I"
done
LocalMasterSerial="$(GetZoneFileSerial "$MasterFile")"
if [ $((PostFetchMasterSerial)) -le $((LocalMasterSerial)) ]; then
LocalMasterSerial=$((LocalMasterSerial+1))
sed -i -e 's/^\(\s*\)'"$PostFetchMasterSerial"'\(\s*;\s*[Ss]erial.*\)$/\1'"$LocalMasterSerial"'\3/g' "$CachedMasterFile""I"
sed -i -e 's/^\(\s*\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\s\+\S\+\s\+\S\+\s\+\)'"$PostFetchMasterSerial"'\(\s\+.*\)$/\1'"$LocalMasterSerial"'\3/g' "$CachedMasterFile""I"
else
LocalMasterSerial=$((PostFetchMasterSerial))
fi
mv "$CachedMasterFile""I" "$MasterFile"
ReloadZone "$CommunityDomain" "$InternalViews"
for IView in $InternalViews; do
InternViewMasterZone="$ZoneFilesFolder""db.""$IView"".""$CommunityDomain"
[ -f "$InternViewMasterZone" ] || ln -s "$MasterFile" "$InternViewMasterZone"
InsertZoneToIncludeFile "$CommunityDomain" "$InternViewMasterZone" "$TempFolder""$IView"".conf" "$DNSSECPolicy"
done
fi
for Subnet in $CommunitySubnets; do for Subnet in $CommunitySubnets; do
ReverseDomains="$(GetReverseDomains "$Subnet")" ReverseDomains="$(GetReverseDomains "$Subnet")"
for RDomain in $ReverseDomains; do for RDomain in $ReverseDomains; do
@ -72,29 +122,72 @@ if [ $ServeMasterZone -ne 0 ]; then
rm -f "$ZoneFilesFolder""static.""$ReverseZoneFile" rm -f "$ZoneFilesFolder""static.""$ReverseZoneFile"
./update-rdnszone.sh "$RDomain" "$ForwardZones" "$ZoneFilesFolder""$ReverseZoneFile" "$TTLReReExMi" "$InternalViews" ./update-rdnszone.sh "$RDomain" "$ForwardZones" "$ZoneFilesFolder""$ReverseZoneFile" "$TTLReReExMi" "$InternalViews"
for IView in $InternalViews; do for IView in $InternalViews; do
InsertZoneToIncludeFile "${RDomain%*.}" "$ZoneFilesFolder""$ReverseZoneFile" "/tmp/""$IView"".conf" InsertZoneToIncludeFile "${RDomain%*.}" "$ZoneFilesFolder""$ReverseZoneFile" "$TempFolder""$IView"".conf"
done done
done done
done done
ExternFile="$ZoneFilesFolder""db.""$ExternalView"".""$CommunityDomain" if [ -n "$ExternalView" ]; then
./update-extzone.sh "$MasterFile" "$ExternFile" "$CommunityDomain" "$ExternalView" "$CommunityExternDomain" "$InternalViews" InsertZoneToIncludeFile "$CommunityDomain" "$ExternFile" "$TempFolder""$ExternalView"".conf" "$DNSSECPolicy"
fi
fi
for IView in $InternalViews; do UpdateExternView=0
InternViewMasterZone="$ZoneFilesFolder""db.""$IView"".""$CommunityDomain" if [ -n "$ExternalView" ] || [ -n "$ServeExtZone" ]; then
[ -f "$InternViewMasterZone" ] || ln -s "$MasterFile" "$InternViewMasterZone" SerialExtern="$(GetZoneFileSerial "$ExternFile")"
InsertZoneToIncludeFile "$CommunityDomain" "$InternViewMasterZone" "/tmp/""$IView"".conf" "$DNSSECPolicy" if [ $((LocalMasterSerial)) -gt $((SerialExtern)) ]; then
sed -e '/^[^;]*\s\(10.\|[fF][cdCD][0-9a-fA-F]\{2\}:\)\S*\s*\(;.*\)\?$/d; \
s/^[^;^@]*\s\+\([^;]*\)\s[Ii][Nn]\s\+[Ss][Oo][Aa]\s/@ \1 IN SOA /g' "$FileForExternGeneration" \
> "$ExternFile"
UpdateExternView=1
[ -z "$ExternalView" ] || ReloadZone "$CommunityExternDomain" "$ExternalView"
fi
fi
UpdateExternDomain=0
if [ -n "$ServeExtZone" ]; then
MasterExtDomainFile="$ZoneFilesFolder""db.""$FirstInternal"".""$CommunityExternDomain"
ZoneTempFolder="$TempFolder""cache/""$CommunityExternDomain""/"
cp -f "$ExternFile" "$CachedMasterFile""E"
sed -i -e '/^\s*_dnsseckeys\./d' "$CachedMasterFile""E"
[ -n "$(sed -e '/^\s*\(@\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\)\s/!d' "$CachedMasterFile""E")" ] || \
sed -i -e 's/^\s*\(@\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\)\s\+\S\+\s\+\S\+\s/\1 '"$DNSSCRIPT_SERVER_NAME"'. '"$DNSSCRIPT_CONTACT_EMAIL"' /g' "$CachedMasterFile""E"
sed -i -e 's/^\s*'"$CommunityExternPrefix"'\s/@ /g;/^\s*@\s\+[Ii][Nn]\s\+[Dd][Ss]\s/d' "$CachedMasterFile""E"
UpdateExternDomain="$(UpdateDNSSECEntryCache "$CommunityExternDomain" "$ZoneTempFolder" "$CachedMasterFile""E" "$DNSSECKeyFolder")"
[ $UpdateExternView -eq 0 ] || UpdateExternDomain=1
if [ $UpdateExternDomain -ne 0 ]; then
for KeyFile in "$ZoneTempFolder"*; do
[ "$KeyFile" = "$ZoneTempFolder""*" ] || \
cat "$KeyFile" >> "$CachedMasterFile""E"
done done
InsertZoneToIncludeFile "$CommunityDomain" "$ExternFile" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy" LocalExtDomainMasterSerial="$(GetZoneFileSerial "$MasterExtDomainFile")"
if [ -n "$CommunityExternDomain" ]; then
if [ $((LocalMasterSerial)) -le $((LocalExtDomainMasterSerial)) ]; then
LocalExtDomainMasterSerial=$((LocalExtDomainMasterSerial+1))
sed -i -e 's/^\(\s*\)'"$LocalMasterSerial"'\(\s*;\s*[Ss]erial.*\)$/\1'"$LocalExtDomainMasterSerial"'\3/g' "$CachedMasterFile""E"
sed -i -e 's/^\(\s*\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\s\+\S\+\s\+\S\+\s\+\)'"$LocalMasterSerial"'\(\s\+.*\)$/\1'"$LocalExtDomainMasterSerial"'\3/g' "$CachedMasterFile""E"
fi
mv "$CachedMasterFile""E" "$MasterExtDomainFile"
ReloadZone "$CommunityExternDomain" "$InternalViews"
fi
for IView in $InternalViews; do for IView in $InternalViews; do
InternViewExternZone="$ZoneFilesFolder""db.""$IView"".""$CommunityExternDomain" InternViewExternZone="$ZoneFilesFolder""db.""$IView"".""$CommunityExternDomain"
[ -f "$InternViewExternZone" ] || ln -s "$ExternFile" "$InternViewExternZone" [ -f "$InternViewExternZone" ] || ln -s "$MasterExtDomainFile" "$InternViewExternZone"
InsertZoneToIncludeFile "$CommunityExternDomain" "$InternViewExternZone" "/tmp/""$IView"".conf" "$DNSSECPolicy" InsertZoneToIncludeFile "$CommunityExternDomain" "$InternViewExternZone" "$TempFolder""$IView"".conf" "$DNSSECPolicy"
done done
if [ -n "$ExternalView" ]; then
ExternViewExternZone="$ZoneFilesFolder""db.""$ExternalView"".""$CommunityExternDomain" ExternViewExternZone="$ZoneFilesFolder""db.""$ExternalView"".""$CommunityExternDomain"
[ -f "$ExternViewExternZone" ] || ln -s "$ExternFile" "$ExternViewExternZone" [ -f "$ExternViewExternZone" ] || ln -s "$MasterExtDomainFile" "$ExternViewExternZone"
InsertZoneToIncludeFile "$CommunityExternDomain" "$ExternViewExternZone" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy" InsertZoneToIncludeFile "$CommunityExternDomain" "$ExternViewExternZone" "$TempFolder""$ExternalView"".conf" "$DNSSECPolicy"
fi fi
fi
fi
if [ -z "$MasterFile" ]; then
MasterFile="$ZoneFilesFolder""db.""$FirstInternal"".""$CommunityDomain"
cp -f "$CachedMasterFile" "$MasterFile"
fi fi
# set shorter TTL for Hoods # set shorter TTL for Hoods
@ -130,7 +223,7 @@ for Hood in $Hoods; do
ReverseZoneFileFullPath="$ZoneFilesFolder""$(GetReverseZoneFileFromZone "${RDomain%*.}")" ReverseZoneFileFullPath="$ZoneFilesFolder""$(GetReverseZoneFileFromZone "${RDomain%*.}")"
./update-rdnszone.sh "$RDomain" "$HoodForwardZones" "$ReverseZoneFileFullPath" "$TTLReReExMi" "$InternalViews" ./update-rdnszone.sh "$RDomain" "$HoodForwardZones" "$ReverseZoneFileFullPath" "$TTLReReExMi" "$InternalViews"
for IView in $InternalViews; do for IView in $InternalViews; do
InsertZoneToIncludeFile "${RDomain%*.}" "$ReverseZoneFileFullPath" "/tmp/""$IView"".conf" InsertZoneToIncludeFile "${RDomain%*.}" "$ReverseZoneFileFullPath" "$TempFolder""$IView"".conf"
done done
done done
done done
@ -145,19 +238,19 @@ for Hood in $Hoods; do
for IView in $InternalViews; do for IView in $InternalViews; do
InternViewMasterZone="$ZoneFilesFolder""db.""$IView"".""$HoodDomain" InternViewMasterZone="$ZoneFilesFolder""db.""$IView"".""$HoodDomain"
[ -f "$InternViewMasterZone" ] || ln -s "$HoodZoneFile" "$InternViewMasterZone" [ -f "$InternViewMasterZone" ] || ln -s "$HoodZoneFile" "$InternViewMasterZone"
InsertZoneToIncludeFile "$HoodDomain" "$InternViewMasterZone" "/tmp/""$IView"".conf" "$DNSSECPolicy" InsertZoneToIncludeFile "$HoodDomain" "$InternViewMasterZone" "$TempFolder""$IView"".conf" "$DNSSECPolicy"
done done
InsertZoneToIncludeFile "$HoodDomain" "$ExternFile" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy" InsertZoneToIncludeFile "$HoodDomain" "$ExternFile" "$TempFolder""$ExternalView"".conf" "$DNSSECPolicy"
if [ -n "$HoodExternDomain" ]; then if [ -n "$HoodExternDomain" ]; then
for IView in $InternalViews; do for IView in $InternalViews; do
InternViewExternZone="$ZoneFilesFolder""db.""$IView"".""$HoodExternDomain" InternViewExternZone="$ZoneFilesFolder""db.""$IView"".""${Hood%%\#*}"".""$CommunityExternDomain"
[ -f "$InternViewExternZone" ] || ln -s "$ExternFile" "$InternViewExternZone" [ -f "$InternViewExternZone" ] || ln -s "$ExternFile" "$InternViewExternZone"
InsertZoneToIncludeFile "$HoodExternDomain" "$InternViewExternZone" "/tmp/""$IView"".conf" "$DNSSECPolicy" InsertZoneToIncludeFile "${Hood%%\#*}"".""$CommunityExternDomain" "$InternViewExternZone" "$TempFolder""$IView"".conf" "$DNSSECPolicy"
done done
ExternViewExternZone="$ZoneFilesFolder""db.""$ExternalView"".""$HoodExternDomain" ExternViewExternZone="$ZoneFilesFolder""db.""$ExternalView"".""${Hood%%\#*}"".""$CommunityExternDomain"
[ -f "$ExternViewExternZone" ] || ln -s "$ExternFile" "$ExternViewExternZone" [ -f "$ExternViewExternZone" ] || ln -s "$ExternFile" "$ExternViewExternZone"
InsertZoneToIncludeFile "$HoodExternDomain" "$ExternViewExternZone" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy" InsertZoneToIncludeFile "${Hood%%\#*}"".""$CommunityExternDomain" "$ExternViewExternZone" "$TempFolder""$ExternalView"".conf" "$DNSSECPolicy"
fi fi
done done
@ -175,9 +268,9 @@ UpdateBindConfig() {
UpdateBindConfig "$BindIcvpnAclTmp" "$BindIcvpnAcl" UpdateBindConfig "$BindIcvpnAclTmp" "$BindIcvpnAcl"
for IView in $InternalViews; do for IView in $InternalViews; do
UpdateBindConfig "/tmp/""$IView"".conf" "$BindIncludeFileFolder""$IView"".conf" UpdateBindConfig "$TempFolder""$IView"".conf" "$BindIncludeFileFolder""$IView"".conf"
done done
UpdateBindConfig "/tmp/""$ExternalView"".conf" "$BindIncludeFileFolder""$ExternalView"".conf" UpdateBindConfig "$TempFolder""$ExternalView"".conf" "$BindIncludeFileFolder""$ExternalView"".conf"
if [ $ReConfigBind -ne 0 ] || [ -f "/tmp/dnsscript-forcereconf" ]; then if [ $ReConfigBind -ne 0 ] || [ -f "/tmp/dnsscript-forcereconf" ]; then
if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then