switch from inline-signing to update-policy; Rework key-activity and date handling; fix debian sh "echo -e" unavailable; fix external-view sometimes not reloaded; remove acl-list
Signed-off-by: Blackyfff <freifunk@freifunk-herpf.de>
This commit is contained in:
parent
cf7048384c
commit
7c812e994a
|
|
@ -20,13 +20,17 @@ InsertZoneToViews() {
|
|||
ZoneFilesFolder="$2"
|
||||
Domain="$3"
|
||||
SourceFile="$4"
|
||||
TempFolder="$5"
|
||||
DNSSECPolicy="$6"
|
||||
AdditionalZoneConfig="$7"
|
||||
AdditionalZoneConfig="$5"
|
||||
for View in $Views; do
|
||||
ZoneFile="$ZoneFilesFolder""db.""$View"".""$Domain"
|
||||
[ -f "$ZoneFile" ] || ln -s "$SourceFile" "$ZoneFile"
|
||||
InsertZoneToIncludeFile "$Domain" "$ZoneFile" "$TempFolder""$View"".conf" "$DNSSECPolicy" "$AdditionalZoneConfig""$View""."
|
||||
if [ -n "$DNSSCRIPT_DNSSECPolicy" ]; then
|
||||
if [ ! -f "$ZoneFilesFolder""db.""$View"".""$Domain"".signed" ]; then
|
||||
cp -f "$ZoneFile" "$ZoneFilesFolder""db.""$View"".""$Domain"".signed"
|
||||
fi
|
||||
ZoneFile="$ZoneFilesFolder""db.""$View"".""$Domain"".signed"
|
||||
fi
|
||||
InsertZoneToIncludeFile "$Domain" "$ZoneFile" "$DNSSCRIPT_TEMP_FOLDER""$View"".conf" "$DNSSCRIPT_DNSSECPolicy" "$AdditionalZoneConfig""$View""."
|
||||
done
|
||||
}
|
||||
InsertZoneToIncludeFile() {
|
||||
|
|
@ -39,9 +43,13 @@ InsertZoneToIncludeFile() {
|
|||
{
|
||||
echo "zone \"""$1""\" {"
|
||||
echo " type master;"
|
||||
[ -n "$4" ] && echo " dnssec-policy $4"";"
|
||||
[ -n "$4" ] && echo " inline-signing yes;"
|
||||
[ -n "$Additional" ] && echo "$Additional"
|
||||
if [ -n "$4" ]; then
|
||||
echo " dnssec-policy $4"";"
|
||||
echo " update-policy {"
|
||||
echo " grant local subdomain ""$1"". any;"
|
||||
[ -n "$Additional" ] && echo "$Additional"
|
||||
echo " };"
|
||||
fi
|
||||
echo " file \"""$2""\";"
|
||||
echo "};"
|
||||
} > "$3"
|
||||
|
|
@ -49,9 +57,13 @@ InsertZoneToIncludeFile() {
|
|||
{
|
||||
echo "zone \"""$1""\" {"
|
||||
echo " type master;"
|
||||
[ -n "$4" ] && echo " dnssec-policy $4"";"
|
||||
[ -n "$4" ] && echo " inline-signing yes;"
|
||||
[ -n "$Additional" ] && echo "$Additional"
|
||||
if [ -n "$4" ]; then
|
||||
echo " dnssec-policy $4"";"
|
||||
echo " update-policy {"
|
||||
echo " grant local subdomain ""$1"". any;"
|
||||
[ -n "$Additional" ] && echo "$Additional"
|
||||
echo " };"
|
||||
fi
|
||||
echo " file \"""$2""\";"
|
||||
echo "};"
|
||||
} >> "$3"
|
||||
|
|
@ -215,17 +227,19 @@ GetOwnKeysForZone () {
|
|||
if [ -n "$DNSSECKeyFolder" ];then
|
||||
for OwnKeyFile in "$DNSSECKeyFolder""K""$Domain"".+"*".key"; do
|
||||
if ! [ "$OwnKeyFile" = "$DNSSECKeyFolder""K""$Domain"".+*.key" ]; then
|
||||
Removed="$(sed -ne 's/^; Delete: \(\S\{12\}\).*/\1/p' "$OwnKeyFile")"
|
||||
RemovedSeconds="$(date -u -d "$Removed" '+%s' 2>/dev/null)"
|
||||
if [ -z "$RemovedSeconds" ]; then
|
||||
RemovedSeconds="$( echo "$Removed" | sed -ne 's/\(.\{4\}\)\(.\{2\}\)\(.\{2\}\)\(.\{2\}\)\(.\{2\}\).*/\1-\2-\3T\4:\5/p')"
|
||||
RemovedSeconds="$(date -u -d "$RemovedSeconds" '+%s' 2>/dev/null)"
|
||||
fi
|
||||
if [ -n "$RemovedSeconds" ]; then
|
||||
CurDate="$(date -u '+%s')"
|
||||
if [ $((CurDate - RemovedSeconds)) -le 72000 ]; then
|
||||
RemovedSeconds=""
|
||||
Removed="$(sed -ne 's/^; Inactive: \(\S\{12\}\).*/\1/p' "$OwnKeyFile")"
|
||||
if [ -n "$Removed" ]; then
|
||||
RemovedISO="$( echo "$Removed" | sed -ne 's/\(.\{4\}\)\(.\{2\}\)\(.\{2\}\)\(.\{2\}\)\(.\{2\}\).*/\1-\2-\3T\4:\5/p')"
|
||||
RemovedSeconds="$(date -d "$RemovedISO" '+%s' 2>/dev/null)"
|
||||
[ -n "$RemovedSeconds" ] || RemovedSeconds="$(date -u -d "$Removed" '+%s' 2>/dev/null)"
|
||||
if [ -n "$RemovedSeconds" ]; then
|
||||
CurDate="$(date '+%s')"
|
||||
if [ $((RemovedSeconds)) -ge $((CurDate)) ]; then
|
||||
RemovedSeconds=""
|
||||
fi
|
||||
fi
|
||||
else
|
||||
RemovedSeconds=""
|
||||
fi
|
||||
if [ -z "$RemovedSeconds" ]; then
|
||||
sed -ne '/^;/d;s/^'"$Domain"'\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Nn][Ss][Kk][Ee][Yy]\s\+\(.*\)$/_dnsseckeys\.'"$Domain"'\.\tIN TXT\t\"\2\"/p' "$OwnKeyFile" | \
|
||||
|
|
@ -241,7 +255,6 @@ UpdateDNSSECEntryCache () {
|
|||
CachedZoneFile="$3"
|
||||
DNSSECKeyFolder="$4"
|
||||
UpstreamIP="$5"
|
||||
TempFolder="$6"
|
||||
|
||||
[ -z "$UpstreamIP" ] || UpstreamIP="-b""$UpstreamIP"
|
||||
|
||||
|
|
@ -257,7 +270,7 @@ UpdateDNSSECEntryCache () {
|
|||
if [ "$Nameserver" = "$DNSSCRIPT_SERVER_NAME" ]; then
|
||||
{
|
||||
GetOwnKeysForZone "$DNSSECKeyFolder" "$Domain" | sort
|
||||
GetDSForZone "$DNSSECKeyFolder" "$Domain" "$TempFolder" | NormalizeZoneFileFormatting
|
||||
GetDSForZone "$DNSSECKeyFolder" "$Domain" "$DNSSCRIPT_TEMP_FOLDER" | NormalizeZoneFileFormatting
|
||||
} > "$ZoneTempFolder""Keys.""$Nameserver"
|
||||
else
|
||||
{
|
||||
|
|
@ -305,20 +318,38 @@ UpdateDNSSECEntryCache () {
|
|||
rm -f "$KeyFile"
|
||||
done
|
||||
}
|
||||
|
||||
ReloadZone() {
|
||||
if [ -n "$2" ]; then
|
||||
if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then
|
||||
systemctl reload bind9 >/dev/null
|
||||
elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 1 ]; then
|
||||
ZoneFilesFolder="$3"
|
||||
for Zone in $2; do
|
||||
if ! rndc reload "$1" IN "$Zone" 2>"/tmp/dnsscript_rndcerr" >/dev/null; then
|
||||
if [ -n "$3" ] && grep -q "failed: out of range" "/tmp/dnsscript_rndcerr"; then
|
||||
rndc sync -clean "$1" IN "$Zone" >/dev/null || touch "/tmp/dnsscript-forcereconf"
|
||||
else
|
||||
touch "/tmp/dnsscript-forcereconf"
|
||||
if [ -z "$ZoneFilesFolder" ] || [ -f "$ZoneFilesFolder""db.""$Zone"".""$1" ]; then
|
||||
if [ -n "$DNSSCRIPT_DNSSECPolicy" ] && [ -n "$ZoneFilesFolder" ]; then
|
||||
! rndc freeze "$1" IN "$Zone" >/dev/null
|
||||
UnsignedZonefile="$ZoneFilesFolder""db.""$Zone"".""$1"
|
||||
SignedZonefile="$ZoneFilesFolder""db.""$Zone"".""$1"".signed"
|
||||
NewSerial="$(GetZoneFileSerial "$UnsignedZonefile")"
|
||||
named-checkzone -q -i none -o "$TmpFolder""tmp.zone" "$1" "$UnsignedZonefile"
|
||||
OldSerial="$(GetZoneFileSerial "$SignedZonefile")"
|
||||
if [ $((NewSerial)) -le $((OldSerial)) ]; then
|
||||
OldSerial=$((OldSerial+1))
|
||||
sed -i -e 's/^\(\s*\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\s\+\S\+\s\+\S\+\s\+\)'"$NewSerial"'\(\s\+.*\)$/\1'"$OldSerial"'\3/g' "$TmpFolder""tmp.zone"
|
||||
fi
|
||||
cp -f "$TmpFolder""tmp.zone" "$SignedZonefile"
|
||||
! rndc reload "$1" IN "$Zone" >/dev/null
|
||||
! rndc thaw "$1" IN "$Zone" >/dev/null
|
||||
elif ! rndc reload "$1" IN "$Zone" 2>"/tmp/dnsscript_rndcerr" >/dev/null; then
|
||||
if [ -n "$3" ] && grep -q "failed: out of range" "/tmp/dnsscript_rndcerr"; then
|
||||
rndc sync -clean "$1" IN "$Zone" >/dev/null || touch "/tmp/dnsscript-forcereconf"
|
||||
else
|
||||
touch "/tmp/dnsscript-forcereconf"
|
||||
fi
|
||||
fi
|
||||
rm -f "/tmp/dnsscript_rndcerr"
|
||||
fi
|
||||
rm -f "/tmp/dnsscript_rndcerr"
|
||||
done
|
||||
elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 2 ]; then
|
||||
/etc/init.d/named reload >/dev/null
|
||||
|
|
@ -389,7 +420,7 @@ GetDSForZone () {
|
|||
Protocol="$(echo "$KSK" | sed -e 's/^[^ ]* [^ ]* //g;s/ .*//g')"
|
||||
Algo="$(echo "$KSK" | sed -e 's/^[^ ]* [^ ]* [^ ]* //g;s/ .*//g')"
|
||||
KSK="$(echo "$KSK" | sed -e 's/^[^ ]* [^ ]* [^ ]* [^ ]* //g;s/ //g')"
|
||||
echo -e "_cdskey.""$Domain"".\tIN TXT\t\"""$KeyID"" ""$Algo"" 2 ""$(GetDS "$Domain" "$KeyTag" "$Protocol" "$Algo" "$KSK" "$TmpFolder")""\""
|
||||
echo "_cdskey.""$Domain"". IN TXT \"""$KeyID"" ""$Algo"" 2 ""$(GetDS "$Domain" "$KeyTag" "$Protocol" "$Algo" "$KSK" "$TmpFolder")""\""
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,15 +1,15 @@
|
|||
#!/bin/sh
|
||||
# SPDX-License-Identifier: GPL-3.0
|
||||
#
|
||||
# freifunk-franken dns-scipts (c) 2021-2022 Blackyfff
|
||||
# freifunk-franken dns-scipts (c) 2021-2023 Blackyfff
|
||||
|
||||
SetupCache() {
|
||||
mkdir -p "$TempFolder""cache"
|
||||
mkdir -p "$DNSSCRIPT_TEMP_FOLDER""cache"
|
||||
|
||||
for IView in $InternalViews; do
|
||||
rm -f "$TempFolder""$IView"".conf"
|
||||
rm -f "$DNSSCRIPT_TEMP_FOLDER""$IView"".conf"
|
||||
done
|
||||
rm -f "$TempFolder""$ExternalView"".conf"
|
||||
rm -f "$DNSSCRIPT_TEMP_FOLDER""$ExternalView"".conf"
|
||||
}
|
||||
GetMasterFile() {
|
||||
curl -s -S -f "$RemoteLocation""db.""$MasterDomain" --output "$CachedMasterFile" && \
|
||||
|
|
@ -19,7 +19,7 @@ GetMasterFile() {
|
|||
echo "_dnsscript_version IN TXT ""$DNSSCRIPT_VERSION" | NormalizeZoneFileFormatting
|
||||
} >> "$CachedMasterFile" || :
|
||||
if [ ! -f "$CachedMasterFile" ]; then
|
||||
cp "$ZoneFilesFolder""db.""$FirstInternalView"".""$MasterDomain" "$CachedMasterFile"
|
||||
cp -f "$ZoneFilesFolder""db.""$FirstInternalView"".""$MasterDomain" "$CachedMasterFile"
|
||||
sed -i -e '/^_dnsscript_version.*/,$d' "$CachedMasterFile"
|
||||
echo "_dnsscript_version IN TXT ""$DNSSCRIPT_VERSION" | NormalizeZoneFileFormatting >> "$CachedMasterFile"
|
||||
fi
|
||||
|
|
@ -37,13 +37,14 @@ DoServeOnlyExternZone() {
|
|||
}
|
||||
RemoveDNSSECKeysFromCacheFile() {
|
||||
sed -i -e '/^\s*_dnsseckeys\./d' "$CachedMasterFile"
|
||||
sed -i -e '/^\s*_cdskey\./d' "$CachedMasterFile"
|
||||
}
|
||||
UpdateMasterZone() {
|
||||
LocalMasterSerial=$((PostFetchMasterSerial))
|
||||
if [ -n "$ServeMasterZone" ]; then
|
||||
ZoneTempFolder="$TempFolder""cache/""$MasterDomain""/"
|
||||
ZoneTempFolder="$DNSSCRIPT_TEMP_FOLDER""cache/""$MasterDomain""/"
|
||||
|
||||
UpdateMaster="$(UpdateDNSSECEntryCache "$MasterDomain" "$ZoneTempFolder" "$CachedMasterFile" "$DNSSECKeyFolder" "$InternalUpstreamIP" "$TempFolder")"
|
||||
UpdateMaster="$(UpdateDNSSECEntryCache "$MasterDomain" "$ZoneTempFolder" "$CachedMasterFile" "$DNSSECKeyFolder" "$InternalUpstreamIP" )"
|
||||
|
||||
if [ $((PostFetchMasterSerial)) -gt $((PreFetchMasterSerial)) ] || [ -n "$UpdateMaster" ] || [ ! -f "$MasterFile" ]; then
|
||||
cp -f "$CachedMasterFile" "$CachedMasterFile""I"
|
||||
|
|
@ -64,16 +65,14 @@ UpdateMasterZone() {
|
|||
ReloadZone "$MasterDomain" "$InternalViews" "$ZoneFilesFolder"
|
||||
|
||||
fi
|
||||
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$MasterDomain" "$MasterFile" "$TempFolder" "$DNSSECPolicy"
|
||||
if [ -n "$ExternalView" ]; then
|
||||
InsertZoneToIncludeFile "$MasterDomain" "$ExternFile" "$TempFolder""$ExternalView"".conf" "$DNSSECPolicy"
|
||||
fi
|
||||
|
||||
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$MasterDomain" "$MasterFile"
|
||||
fi
|
||||
|
||||
echo "$LocalMasterSerial"
|
||||
}
|
||||
UpdateExternal() {
|
||||
CachedZoneFile="$TempFolder""cache/db.""$InternalDomain""E"
|
||||
CachedZoneFile="$DNSSCRIPT_TEMP_FOLDER""cache/db.""$InternalDomain""E"
|
||||
|
||||
UpdateExternView=0
|
||||
if [ -n "$ExternalView" ] || [ -n "$ExternDomain" ]; then
|
||||
|
|
@ -84,23 +83,40 @@ UpdateExternal() {
|
|||
UpdateExternView=1
|
||||
ReloadZone "$InternalDomain" "$ExternalView" "$ZoneFilesFolder"
|
||||
fi
|
||||
|
||||
if [ -n "$ExternalView" ]; then
|
||||
InsertZoneToViews "$ExternalView" "$ZoneFilesFolder" "$InternalDomain" "$InternalZoneFile"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "$ExternDomain" ]; then
|
||||
ExtDomainFile="$ZoneFilesFolder""db.""$FirstInternalView"".""$ExternDomain"
|
||||
ZoneTempFolder="$TempFolder""cache/""$ExternDomain""/"
|
||||
cp -f "$ExternalZoneFile" "$CachedZoneFile"
|
||||
ZoneTempFolder="$DNSSCRIPT_TEMP_FOLDER""cache/""$ExternDomain""/"
|
||||
named-checkzone -q -i none -o "$CachedZoneFile" "$InternalDomain" "$ExternalZoneFile"
|
||||
InternalDomainSed="$(SEDifyHostname "$InternalDomain")"
|
||||
ExternDomainSed="$(SEDifyHostname "$ExternDomain")"
|
||||
|
||||
if [ -n "$(sed -e '/^'"$ExternDomainSed"'\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\s/!d' "$CachedZoneFile")" ]; then
|
||||
sed -i -e '/^'"$InternalDomainSed"'\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\s/d' "$CachedZoneFile"
|
||||
sed -i -e 's/^'"$ExternDomainSed"'\.\(\s\)/@\1/g' "$CachedZoneFile"
|
||||
fi
|
||||
if [ -n "$DNSSECKeyFolder" ]; then
|
||||
sed -i -e '/^\s*_dnsseckeys\./d' "$CachedZoneFile"
|
||||
sed -i -e '/^\s*\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Nn][Ss][Kk][Ee][Yy]/d' "$CachedZoneFile"
|
||||
sed -i -e '/^_cdskey\./d' "$CachedZoneFile"
|
||||
sed -i -e '/^\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Nn][Ss][Kk][Ee][Yy]/d' "$CachedZoneFile"
|
||||
fi
|
||||
|
||||
[ -n "$(sed -e '/^\s*\(@\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\)\s/!d' "$CachedZoneFile")" ] || \
|
||||
sed -i -e 's/^\s*\(@\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\)\s\+\S\+\s\+\S\+\s/\1 '"$DNSSCRIPT_SERVER_NAME"'. '"$DNSSCRIPT_CONTACT_EMAIL"' /g' "$CachedZoneFile"
|
||||
|
||||
sed -i -e 's/^\s*'"$CommunityExternPrefix"'\s/@ /g;/^\s*\(@\|\S\+\.\)\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Ss]\s/d' "$CachedZoneFile"
|
||||
sed -i -e '/^\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Ss]\s/d' "$CachedZoneFile"
|
||||
sed -i -e '/^_dnsseckeys\./d' "$CachedZoneFile"
|
||||
sed -i -e 's/^'"$InternalDomainSed"'\.\(\s\)/@\1/g' "$CachedZoneFile"
|
||||
sed -i -e 's/^\(\S\+\)\.'"$InternalDomainSed"'\.\(\s\)/\1\2/g' "$CachedZoneFile"
|
||||
|
||||
UpdateExternDomain="$(UpdateDNSSECEntryCache "$ExternDomain" "$ZoneTempFolder" "$CachedZoneFile" "$DNSSECKeyFolder" "$InternalUpstreamIP" "$TempFolder")"
|
||||
echo "\$TTL ${TTLReReExMi%% *}" >> "$CachedZoneFile"
|
||||
|
||||
UpdateExternDomain="$(UpdateDNSSECEntryCache "$ExternDomain" "$ZoneTempFolder" "$CachedZoneFile" "$DNSSECKeyFolder" "$InternalUpstreamIP" )"
|
||||
|
||||
if [ $UpdateExternView -ne 0 ] || [ -n "$UpdateExternDomain" ]; then
|
||||
for KeyFile in "$ZoneTempFolder"*; do
|
||||
[ "$KeyFile" = "$ZoneTempFolder""*" ] || \
|
||||
|
|
@ -117,9 +133,8 @@ UpdateExternal() {
|
|||
ReloadZone "$ExternDomain" "$InternalViews" "$ZoneFilesFolder"
|
||||
ReloadZone "$ExternDomain" "$ExternalView" "$ZoneFilesFolder"
|
||||
fi
|
||||
|
||||
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$ExternDomain" "$ExtDomainFile" "$TempFolder" "$DNSSECPolicy"
|
||||
InsertZoneToViews "$ExternalView" "$ZoneFilesFolder" "$ExternDomain" "$ExtDomainFile" "$TempFolder" "$DNSSECPolicy"
|
||||
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$ExternDomain" "$ExtDomainFile"
|
||||
InsertZoneToViews "$ExternalView" "$ZoneFilesFolder" "$ExternDomain" "$ExtDomainFile"
|
||||
fi
|
||||
}
|
||||
UpdateReverseZones() {
|
||||
|
|
@ -134,7 +149,7 @@ UpdateReverseZones() {
|
|||
fi
|
||||
./update-rdnszone.sh "$RDomain" "$2" "$ZoneFilesFolder""$ReverseZoneFile" "$TTLReReExMi" "$InternalViews"
|
||||
for IView in $InternalViews; do
|
||||
InsertZoneToIncludeFile "${RDomain%*.}" "$ZoneFilesFolder""$ReverseZoneFile" "$TempFolder""$IView"".conf"
|
||||
InsertZoneToIncludeFile "${RDomain%*.}" "$ZoneFilesFolder""$ReverseZoneFile" "$DNSSCRIPT_TEMP_FOLDER""$IView"".conf"
|
||||
done
|
||||
done
|
||||
done
|
||||
|
|
|
|||
|
|
@ -16,6 +16,10 @@ export DNSSCRIPT_VERSION="0.9.5"
|
|||
export DNSSCRIPT_CONTACT_EMAIL
|
||||
export DNSSCRIPT_SERVER_NAME
|
||||
export DNSSCRIPT_BIND_RELOAD_VER
|
||||
DNSSCRIPT_DNSSECPolicy="$DNSSECPolicy"
|
||||
export DNSSCRIPT_DNSSECPolicy
|
||||
DNSSCRIPT_TEMP_FOLDER="$TempFolder"
|
||||
export DNSSCRIPT_TEMP_FOLDER
|
||||
|
||||
cd /usr/lib/ffdns/
|
||||
. ./dns-functions.sh
|
||||
|
|
@ -31,13 +35,11 @@ fi
|
|||
FirstInternalView="$( echo "$InternalViews" | sed -e 's/\s.*//')"
|
||||
# ForwardZones: "<Zone>/<Zonendatei>" ; optionaly multiple " ""<ZoneX>/<ZonendateiX>" no spaces in full filename
|
||||
ForwardZones="$MasterDomain""/""$ZoneFilesFolder""db.""$FirstInternalView"".""$MasterDomain"
|
||||
BindIcvpnAclTmp="$TempFolder""icvpn-acl.conf"
|
||||
BindIcvpnAcl="$GeneratedIncludeFileFolder""icvpn-acl.conf"
|
||||
[ -n "$DNSSECPolicy" ] || DNSSECKeyFolder=""
|
||||
[ -n "$DNSSCRIPT_DNSSECPolicy" ] || DNSSECKeyFolder=""
|
||||
|
||||
SetupCache
|
||||
|
||||
CachedMasterFile="$TempFolder""cache/db.""$MasterDomain"
|
||||
CachedMasterFile="$DNSSCRIPT_TEMP_FOLDER""cache/db.""$MasterDomain"
|
||||
PreFetchMasterSerial="$(GetZoneFileSerial "$CachedMasterFile")"
|
||||
GetMasterFile
|
||||
PostFetchMasterSerial="$(GetZoneFileSerial "$CachedMasterFile")"
|
||||
|
|
@ -100,10 +102,10 @@ for Hood in $Hoods; do
|
|||
echo ";"
|
||||
} > "$HoodZoneFile"
|
||||
fi
|
||||
ZoneTempFolder="$TempFolder""cache/"
|
||||
ZoneTempFolder="$DNSSCRIPT_TEMP_FOLDER""cache/"
|
||||
./update-hoodzone.sh "$HoodZoneFile" "$HoodDomain" "$Subnets" "$InternalViews" "$ZoneTempFolder" "$ZoneFilesFolder"
|
||||
|
||||
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$HoodDomain" "$HoodZoneFile" "$TempFolder" "$DNSSECPolicy" "/etc/ffdns/"
|
||||
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$HoodDomain" "$HoodZoneFile" "/etc/ffdns/"
|
||||
|
||||
HoodForwardZones="$ForwardZones $HoodDomain""/""$HoodZoneFile"
|
||||
UpdateReverseZones "$Subnets" "$HoodForwardZones"
|
||||
|
|
@ -123,9 +125,6 @@ for Hood in $Hoods; do
|
|||
fi
|
||||
|
||||
if [ -n "$ExternFile" ]; then
|
||||
if [ -n "$ExternalView" ]; then
|
||||
InsertZoneToIncludeFile "$HoodDomain" "$ExternFile" "$TempFolder""$ExternalView"".conf" "$DNSSECPolicy"
|
||||
fi
|
||||
InternalZoneFile="$HoodZoneFile"
|
||||
ExternalZoneFile="$ExternFile"
|
||||
InternalDomain="$HoodDomain"
|
||||
|
|
@ -135,8 +134,6 @@ for Hood in $Hoods; do
|
|||
fi
|
||||
done
|
||||
|
||||
./update-public-acl.sh "$BindIcvpnAclTmp" "$RemoteLocation" "$RoutingTables"
|
||||
|
||||
ReConfigBind=0
|
||||
UpdateBindConfig() {
|
||||
if [ -f "$1" ] && ! cmp -s "$1" "$2"; then
|
||||
|
|
@ -147,12 +144,11 @@ UpdateBindConfig() {
|
|||
fi
|
||||
}
|
||||
|
||||
UpdateBindConfig "$BindIcvpnAclTmp" "$BindIcvpnAcl"
|
||||
for IView in $InternalViews; do
|
||||
UpdateBindConfig "$TempFolder""$IView"".conf" "$GeneratedIncludeFileFolder""$IView"".conf"
|
||||
UpdateBindConfig "$DNSSCRIPT_TEMP_FOLDER""$IView"".conf" "$GeneratedIncludeFileFolder""$IView"".conf"
|
||||
done
|
||||
if [ -n "$ExternalView" ]; then
|
||||
UpdateBindConfig "$TempFolder""$ExternalView"".conf" "$GeneratedIncludeFileFolder""$ExternalView"".conf"
|
||||
UpdateBindConfig "$DNSSCRIPT_TEMP_FOLDER""$ExternalView"".conf" "$GeneratedIncludeFileFolder""$ExternalView"".conf"
|
||||
fi
|
||||
|
||||
if [ $ReConfigBind -ne 0 ] || [ -f "/tmp/dnsscript-forcereconf" ]; then
|
||||
|
|
|
|||
|
|
@ -24,12 +24,13 @@ GetLeaseEntriesInSubnet() {
|
|||
done
|
||||
}
|
||||
|
||||
ZoneTempFolder="$ZoneTempFolder""$Domain""/"
|
||||
|
||||
OldSerial="$(GetZoneFileSerial "$ZoneTempFolder""db.""$Domain"".bkp")"
|
||||
NewSerial="$(GetZoneFileSerial "$HoodZoneFile")"
|
||||
ForceUpdate=""
|
||||
[ $((OldSerial)) -gt 0 ] && [ $((OldSerial)) -lt $((NewSerial)) ] && ForceUpdate="1"
|
||||
|
||||
ZoneTempFolder="$ZoneTempFolder""$Domain""/"
|
||||
|
||||
OldLeases="$(sed -e '/^;### Leases ###/,$!d;/^\s*\S\+\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Ss]\s/d' "$HoodZoneFile" | sed 1d)"
|
||||
|
||||
if [ -f "/tmp/dhcp.leases" ]; then
|
||||
|
|
|
|||
|
|
@ -1,87 +0,0 @@
|
|||
#!/bin/sh
|
||||
# SPDX-License-Identifier: GPL-3.0
|
||||
#
|
||||
# freifunk-franken dns-scipts (c) 2021 Blackyfff
|
||||
|
||||
|
||||
. ./dns-functions.sh
|
||||
|
||||
IncludeFile="$1"
|
||||
RemoteLocation="$2"
|
||||
Tables="$3"
|
||||
|
||||
rm -f "$IncludeFile"
|
||||
|
||||
if [ -z "$Tables" ]; then
|
||||
# this is only a rude fallback and not recommended
|
||||
# create your own file on a gateway with the community routing tables and use this one
|
||||
RemoteFile="$(curl -s -S -f "$RemoteACL")"
|
||||
if [ -n "$RemoteFile" ]; then
|
||||
echo "$RemoteFile" > "$IncludeFile"
|
||||
fi
|
||||
else
|
||||
Installed4Routes=""
|
||||
Installed6Routes=""
|
||||
for Table in $Tables; do
|
||||
Installed4Routes="$(echo "$Installed4Routes" && ip -d -4 ro sh ta "$Table")"
|
||||
Installed6Routes="$(echo "$Installed6Routes" && ip -d -6 ro sh ta "$Table")"
|
||||
done
|
||||
PublicSubs="$(echo "$Installed6Routes" | \
|
||||
sed -e '/^unicast default from/!d;s/.* from \(\S\+\).*/\1/g')"
|
||||
Privatev4Prefix="\(192\.168\.\|172\.\(1[6-9]\|2[0-9]\|3[01]\)\.\|10\.\)"
|
||||
Privatev6Prefix="\([fF][cCdD][0-9a-fA-F]\{2\}:\)"
|
||||
Publicv4Singles="$(echo "$Installed4Routes" | \
|
||||
sed -e 's/^\S\+\s\+\(\S\+\)\s.*/\t\1;/g;/^\t'"$Privatev4Prefix"'\|^\t\(unreachable\|default\|0\.\)\|^$/d')"
|
||||
Publicv6Singles="$(echo "$Installed6Routes" | \
|
||||
sed -e 's/^\S\+\s\+\(\S\+\)\s.*/\1/g;/^'"$Privatev6Prefix"'\|^\(unreachable\|default\|::\|64:ff9b::\)\|^$/d')"
|
||||
|
||||
# the following code is not well optimized yet and may take a bit to process
|
||||
# therefore it is not recommended to activate it on hardware-routers
|
||||
# even in other environments it did not speed up bind9 measurable, its just for a smaller acl-file, e.g. for redistribution
|
||||
|
||||
#for Subnet in $PublicSubs; do
|
||||
# SubnetIPFilled="$(FillIPv6Zeroes "$(echo "${Subnet%/*}" | awk '{print tolower($0)}')")"
|
||||
# Mask="${Subnet##*/}"
|
||||
# Statics=$((Mask / 4))
|
||||
# BlockMask=$((Mask % 4))
|
||||
# if [ $BlockMask -ne 0 ]; then
|
||||
# BlockMask=$((4 - BlockMask))
|
||||
# BlockMask=$((-1 << $BlockMask))
|
||||
# SubnetBlock="$(printf %d 0x"$(echo "$SubnetIPFilled" | awk 'BEGIN{FS=""}{printf $'"$((Statics+1))"'}')")"
|
||||
# SubnetBlock=$((SubnetBlock & BlockMask))
|
||||
# fi
|
||||
#
|
||||
# SubnetStaticPart="$(echo "$SubnetIPFilled" | awk 'BEGIN{FS=""}{for(i='"$Statics"';i>0;i--) printf $i;}')"
|
||||
#
|
||||
# for Single in $Publicv6Singles; do
|
||||
# IPFilled="$(FillIPv6Zeroes "$(echo "${Single%/*}" | awk '{print tolower($0)}')")"
|
||||
# MaskIP="$( echo "$Single" | sed -e 's/^[^/]*\(\/\)\?//g')"
|
||||
# MaskIP="${MaskIP:-128}"
|
||||
# IsInSub="$([ $((Mask)) -le $((MaskIP)) ]; echo "$?")"
|
||||
# if [ $IsInSub -eq 0 ]; then
|
||||
# IPStaticPart="$(echo "$IPFilled" | awk 'BEGIN{FS=""}{for(i='"$Statics"';i>0;i--) printf $i;}')"
|
||||
# IsInSub="$([ "$IPStaticPart" = "$SubnetStaticPart" ]; echo "$?")"
|
||||
# fi
|
||||
# if [ $IsInSub -eq 0 ] && [ $BlockMask -ne 0 ]; then
|
||||
# IPBlock="$(printf %d 0x"$(echo "$IPFilled" | awk 'BEGIN{FS=""}{printf $'"$((Statics+1))"'}')")"
|
||||
# IPBlock=$((IPBlock & BlockMask))
|
||||
# IsInSub="$([ $IPBlock -eq $SubnetBlock ]; echo "$?")"
|
||||
# fi
|
||||
#
|
||||
# ! [ $IsInSub -eq 0 ] \
|
||||
# && NewSingles="$( [ -n "$NewSingles" ] && echo "$NewSingles"; echo "$Single")"
|
||||
# done
|
||||
# Publicv6Singles="$NewSingles"
|
||||
# NewSingles=""
|
||||
#done
|
||||
|
||||
{
|
||||
echo "acl icvpnrange {"
|
||||
echo " icvpnlocal;"
|
||||
echo "$PublicSubs" | sed -e 's/\(.*\)/\t\1;/g'
|
||||
echo "$(curl -s -S -f "$RemoteLocation""external.dnsserverips" | sed -e 's/^/\t/g;s/$/;/g')"
|
||||
echo "$Publicv4Singles"
|
||||
echo "$Publicv6Singles" | sed -e 's/\(.*\)/\t\1;/g'
|
||||
echo "};"
|
||||
} > "$IncludeFile"
|
||||
fi
|
||||
Loading…
Reference in New Issue