freifunk-franken
/
dns-scripts
6
1
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

switch from inline-signing to update-policy; Rework key-activity and date handling; fix debian sh "echo -e" unavailable; fix external-view sometimes not reloaded; remove acl-list 

Signed-off-by: Blackyfff <freifunk@freifunk-herpf.de>
This commit is contained in:
Blackyfff 2023-04-02 03:25:21 +02:00
parent cf7048384c
commit 7c812e994a
5 changed files with 110 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
usr/lib/ffdns/dns-functions.sh
View File

@ -20,13 +20,17 @@ InsertZoneToViews() {
ZoneFilesFolder="$2" ZoneFilesFolder="$2"
Domain="$3" Domain="$3"
SourceFile="$4" SourceFile="$4"
TempFolder="$5" AdditionalZoneConfig="$5"
DNSSECPolicy="$6"
AdditionalZoneConfig="$7"
for View in $Views; do for View in $Views; do
ZoneFile="$ZoneFilesFolder""db.""$View"".""$Domain" ZoneFile="$ZoneFilesFolder""db.""$View"".""$Domain"
[ -f "$ZoneFile" ] || ln -s "$SourceFile" "$ZoneFile" [ -f "$ZoneFile" ] || ln -s "$SourceFile" "$ZoneFile"
InsertZoneToIncludeFile "$Domain" "$ZoneFile" "$TempFolder""$View"".conf" "$DNSSECPolicy" "$AdditionalZoneConfig""$View""." if [ -n "$DNSSCRIPT_DNSSECPolicy" ]; then
if [ ! -f "$ZoneFilesFolder""db.""$View"".""$Domain"".signed" ]; then
cp -f "$ZoneFile" "$ZoneFilesFolder""db.""$View"".""$Domain"".signed"
fi
ZoneFile="$ZoneFilesFolder""db.""$View"".""$Domain"".signed"
fi
InsertZoneToIncludeFile "$Domain" "$ZoneFile" "$DNSSCRIPT_TEMP_FOLDER""$View"".conf" "$DNSSCRIPT_DNSSECPolicy" "$AdditionalZoneConfig""$View""."
done done
} }
InsertZoneToIncludeFile() { InsertZoneToIncludeFile() {
@ -39,9 +43,13 @@ InsertZoneToIncludeFile() {
{ {
echo "zone \"""$1""\" {" echo "zone \"""$1""\" {"
echo " type master;" echo " type master;"
[ -n "$4" ] && echo " dnssec-policy $4"";" if [ -n "$4" ]; then
[ -n "$4" ] && echo " inline-signing yes;" echo " dnssec-policy $4"";"
[ -n "$Additional" ] && echo "$Additional" echo " update-policy {"
echo " grant local subdomain ""$1"". any;"
[ -n "$Additional" ] && echo "$Additional"
echo " };"
fi
echo " file \"""$2""\";" echo " file \"""$2""\";"
echo "};" echo "};"
} > "$3" } > "$3"
@ -49,9 +57,13 @@ InsertZoneToIncludeFile() {
{ {
echo "zone \"""$1""\" {" echo "zone \"""$1""\" {"
echo " type master;" echo " type master;"
[ -n "$4" ] && echo " dnssec-policy $4"";" if [ -n "$4" ]; then
[ -n "$4" ] && echo " inline-signing yes;" echo " dnssec-policy $4"";"
[ -n "$Additional" ] && echo "$Additional" echo " update-policy {"
echo " grant local subdomain ""$1"". any;"
[ -n "$Additional" ] && echo "$Additional"
echo " };"
fi
echo " file \"""$2""\";" echo " file \"""$2""\";"
echo "};" echo "};"
} >> "$3" } >> "$3"
@ -215,17 +227,19 @@ GetOwnKeysForZone () {
if [ -n "$DNSSECKeyFolder" ];then if [ -n "$DNSSECKeyFolder" ];then
for OwnKeyFile in "$DNSSECKeyFolder""K""$Domain"".+"*".key"; do for OwnKeyFile in "$DNSSECKeyFolder""K""$Domain"".+"*".key"; do
if ! [ "$OwnKeyFile" = "$DNSSECKeyFolder""K""$Domain"".+*.key" ]; then if ! [ "$OwnKeyFile" = "$DNSSECKeyFolder""K""$Domain"".+*.key" ]; then
Removed="$(sed -ne 's/^; Delete: \(\S\{12\}\).*/\1/p' "$OwnKeyFile")" Removed="$(sed -ne 's/^; Inactive: \(\S\{12\}\).*/\1/p' "$OwnKeyFile")"
RemovedSeconds="$(date -u -d "$Removed" '+%s' 2>/dev/null)" if [ -n "$Removed" ]; then
if [ -z "$RemovedSeconds" ]; then RemovedISO="$( echo "$Removed" | sed -ne 's/\(.\{4\}\)\(.\{2\}\)\(.\{2\}\)\(.\{2\}\)\(.\{2\}\).*/\1-\2-\3T\4:\5/p')"
RemovedSeconds="$( echo "$Removed" | sed -ne 's/\(.\{4\}\)\(.\{2\}\)\(.\{2\}\)\(.\{2\}\)\(.\{2\}\).*/\1-\2-\3T\4:\5/p')" RemovedSeconds="$(date -d "$RemovedISO" '+%s' 2>/dev/null)"
RemovedSeconds="$(date -u -d "$RemovedSeconds" '+%s' 2>/dev/null)" [ -n "$RemovedSeconds" ] || RemovedSeconds="$(date -u -d "$Removed" '+%s' 2>/dev/null)"
fi if [ -n "$RemovedSeconds" ]; then
if [ -n "$RemovedSeconds" ]; then CurDate="$(date '+%s')"
CurDate="$(date -u '+%s')" if [ $((RemovedSeconds)) -ge $((CurDate)) ]; then
if [ $((CurDate - RemovedSeconds)) -le 72000 ]; then RemovedSeconds=""
RemovedSeconds="" fi
fi fi
else
RemovedSeconds=""
fi fi
if [ -z "$RemovedSeconds" ]; then if [ -z "$RemovedSeconds" ]; then
sed -ne '/^;/d;s/^'"$Domain"'\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Nn][Ss][Kk][Ee][Yy]\s\+\(.*\)$/_dnsseckeys\.'"$Domain"'\.\tIN TXT\t\"\2\"/p' "$OwnKeyFile" | \ sed -ne '/^;/d;s/^'"$Domain"'\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Nn][Ss][Kk][Ee][Yy]\s\+\(.*\)$/_dnsseckeys\.'"$Domain"'\.\tIN TXT\t\"\2\"/p' "$OwnKeyFile" | \
@ -241,7 +255,6 @@ UpdateDNSSECEntryCache () {
CachedZoneFile="$3" CachedZoneFile="$3"
DNSSECKeyFolder="$4" DNSSECKeyFolder="$4"
UpstreamIP="$5" UpstreamIP="$5"
TempFolder="$6"
[ -z "$UpstreamIP" ] || UpstreamIP="-b""$UpstreamIP" [ -z "$UpstreamIP" ] || UpstreamIP="-b""$UpstreamIP"
@ -257,7 +270,7 @@ UpdateDNSSECEntryCache () {
if [ "$Nameserver" = "$DNSSCRIPT_SERVER_NAME" ]; then if [ "$Nameserver" = "$DNSSCRIPT_SERVER_NAME" ]; then
{ {
GetOwnKeysForZone "$DNSSECKeyFolder" "$Domain" | sort GetOwnKeysForZone "$DNSSECKeyFolder" "$Domain" | sort
GetDSForZone "$DNSSECKeyFolder" "$Domain" "$TempFolder" | NormalizeZoneFileFormatting GetDSForZone "$DNSSECKeyFolder" "$Domain" "$DNSSCRIPT_TEMP_FOLDER" | NormalizeZoneFileFormatting
} > "$ZoneTempFolder""Keys.""$Nameserver" } > "$ZoneTempFolder""Keys.""$Nameserver"
else else
{ {
@ -305,20 +318,38 @@ UpdateDNSSECEntryCache () {
rm -f "$KeyFile" rm -f "$KeyFile"
done done
} }
ReloadZone() { ReloadZone() {
if [ -n "$2" ]; then if [ -n "$2" ]; then
if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then
systemctl reload bind9 >/dev/null systemctl reload bind9 >/dev/null
elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 1 ]; then elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 1 ]; then
ZoneFilesFolder="$3"
for Zone in $2; do for Zone in $2; do
if ! rndc reload "$1" IN "$Zone" 2>"/tmp/dnsscript_rndcerr" >/dev/null; then if [ -z "$ZoneFilesFolder" ] || [ -f "$ZoneFilesFolder""db.""$Zone"".""$1" ]; then
if [ -n "$3" ] && grep -q "failed: out of range" "/tmp/dnsscript_rndcerr"; then if [ -n "$DNSSCRIPT_DNSSECPolicy" ] && [ -n "$ZoneFilesFolder" ]; then
rndc sync -clean "$1" IN "$Zone" >/dev/null || touch "/tmp/dnsscript-forcereconf" ! rndc freeze "$1" IN "$Zone" >/dev/null
else UnsignedZonefile="$ZoneFilesFolder""db.""$Zone"".""$1"
touch "/tmp/dnsscript-forcereconf" SignedZonefile="$ZoneFilesFolder""db.""$Zone"".""$1"".signed"
NewSerial="$(GetZoneFileSerial "$UnsignedZonefile")"
named-checkzone -q -i none -o "$TmpFolder""tmp.zone" "$1" "$UnsignedZonefile"
OldSerial="$(GetZoneFileSerial "$SignedZonefile")"
if [ $((NewSerial)) -le $((OldSerial)) ]; then
OldSerial=$((OldSerial+1))
sed -i -e 's/^\(\s*\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\s\+\S\+\s\+\S\+\s\+\)'"$NewSerial"'\(\s\+.*\)$/\1'"$OldSerial"'\3/g' "$TmpFolder""tmp.zone"
fi
cp -f "$TmpFolder""tmp.zone" "$SignedZonefile"
! rndc reload "$1" IN "$Zone" >/dev/null
! rndc thaw "$1" IN "$Zone" >/dev/null
elif ! rndc reload "$1" IN "$Zone" 2>"/tmp/dnsscript_rndcerr" >/dev/null; then
if [ -n "$3" ] && grep -q "failed: out of range" "/tmp/dnsscript_rndcerr"; then
rndc sync -clean "$1" IN "$Zone" >/dev/null || touch "/tmp/dnsscript-forcereconf"
else
touch "/tmp/dnsscript-forcereconf"
fi
fi fi
rm -f "/tmp/dnsscript_rndcerr"
fi fi
rm -f "/tmp/dnsscript_rndcerr"
done done
elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 2 ]; then elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 2 ]; then
/etc/init.d/named reload >/dev/null /etc/init.d/named reload >/dev/null
@ -389,7 +420,7 @@ GetDSForZone () {
Protocol="$(echo "$KSK" | sed -e 's/^[^ ]* [^ ]* //g;s/ .*//g')" Protocol="$(echo "$KSK" | sed -e 's/^[^ ]* [^ ]* //g;s/ .*//g')"
Algo="$(echo "$KSK" | sed -e 's/^[^ ]* [^ ]* [^ ]* //g;s/ .*//g')" Algo="$(echo "$KSK" | sed -e 's/^[^ ]* [^ ]* [^ ]* //g;s/ .*//g')"
KSK="$(echo "$KSK" | sed -e 's/^[^ ]* [^ ]* [^ ]* [^ ]* //g;s/ //g')" KSK="$(echo "$KSK" | sed -e 's/^[^ ]* [^ ]* [^ ]* [^ ]* //g;s/ //g')"
echo -e "_cdskey.""$Domain"".\tIN TXT\t\"""$KeyID"" ""$Algo"" 2 ""$(GetDS "$Domain" "$KeyTag" "$Protocol" "$Algo" "$KSK" "$TmpFolder")""\"" echo "_cdskey.""$Domain"". IN TXT \"""$KeyID"" ""$Algo"" 2 ""$(GetDS "$Domain" "$KeyTag" "$Protocol" "$Algo" "$KSK" "$TmpFolder")""\""
fi fi
fi fi
} }

59
usr/lib/ffdns/update-dns-functions.sh
View File

@ -1,15 +1,15 @@
#!/bin/sh #!/bin/sh
# SPDX-License-Identifier: GPL-3.0 # SPDX-License-Identifier: GPL-3.0
# #
# freifunk-franken dns-scipts (c) 2021-2022 Blackyfff # freifunk-franken dns-scipts (c) 2021-2023 Blackyfff
SetupCache() { SetupCache() {
mkdir -p "$TempFolder""cache" mkdir -p "$DNSSCRIPT_TEMP_FOLDER""cache"
for IView in $InternalViews; do for IView in $InternalViews; do
rm -f "$TempFolder""$IView"".conf" rm -f "$DNSSCRIPT_TEMP_FOLDER""$IView"".conf"
done done
rm -f "$TempFolder""$ExternalView"".conf" rm -f "$DNSSCRIPT_TEMP_FOLDER""$ExternalView"".conf"
} }
GetMasterFile() { GetMasterFile() {
curl -s -S -f "$RemoteLocation""db.""$MasterDomain" --output "$CachedMasterFile" && \ curl -s -S -f "$RemoteLocation""db.""$MasterDomain" --output "$CachedMasterFile" && \
@ -19,7 +19,7 @@ GetMasterFile() {
echo "_dnsscript_version IN TXT ""$DNSSCRIPT_VERSION" | NormalizeZoneFileFormatting echo "_dnsscript_version IN TXT ""$DNSSCRIPT_VERSION" | NormalizeZoneFileFormatting
} >> "$CachedMasterFile" || : } >> "$CachedMasterFile" || :
if [ ! -f "$CachedMasterFile" ]; then if [ ! -f "$CachedMasterFile" ]; then
cp "$ZoneFilesFolder""db.""$FirstInternalView"".""$MasterDomain" "$CachedMasterFile" cp -f "$ZoneFilesFolder""db.""$FirstInternalView"".""$MasterDomain" "$CachedMasterFile"
sed -i -e '/^_dnsscript_version.*/,$d' "$CachedMasterFile" sed -i -e '/^_dnsscript_version.*/,$d' "$CachedMasterFile"
echo "_dnsscript_version IN TXT ""$DNSSCRIPT_VERSION" | NormalizeZoneFileFormatting >> "$CachedMasterFile" echo "_dnsscript_version IN TXT ""$DNSSCRIPT_VERSION" | NormalizeZoneFileFormatting >> "$CachedMasterFile"
fi fi
@ -37,13 +37,14 @@ DoServeOnlyExternZone() {
} }
RemoveDNSSECKeysFromCacheFile() { RemoveDNSSECKeysFromCacheFile() {
sed -i -e '/^\s*_dnsseckeys\./d' "$CachedMasterFile" sed -i -e '/^\s*_dnsseckeys\./d' "$CachedMasterFile"
sed -i -e '/^\s*_cdskey\./d' "$CachedMasterFile"
} }
UpdateMasterZone() { UpdateMasterZone() {
LocalMasterSerial=$((PostFetchMasterSerial)) LocalMasterSerial=$((PostFetchMasterSerial))
if [ -n "$ServeMasterZone" ]; then if [ -n "$ServeMasterZone" ]; then
ZoneTempFolder="$TempFolder""cache/""$MasterDomain""/" ZoneTempFolder="$DNSSCRIPT_TEMP_FOLDER""cache/""$MasterDomain""/"
UpdateMaster="$(UpdateDNSSECEntryCache "$MasterDomain" "$ZoneTempFolder" "$CachedMasterFile" "$DNSSECKeyFolder" "$InternalUpstreamIP" "$TempFolder")" UpdateMaster="$(UpdateDNSSECEntryCache "$MasterDomain" "$ZoneTempFolder" "$CachedMasterFile" "$DNSSECKeyFolder" "$InternalUpstreamIP" )"
if [ $((PostFetchMasterSerial)) -gt $((PreFetchMasterSerial)) ] || [ -n "$UpdateMaster" ] || [ ! -f "$MasterFile" ]; then if [ $((PostFetchMasterSerial)) -gt $((PreFetchMasterSerial)) ] || [ -n "$UpdateMaster" ] || [ ! -f "$MasterFile" ]; then
cp -f "$CachedMasterFile" "$CachedMasterFile""I" cp -f "$CachedMasterFile" "$CachedMasterFile""I"
@ -64,16 +65,14 @@ UpdateMasterZone() {
ReloadZone "$MasterDomain" "$InternalViews" "$ZoneFilesFolder" ReloadZone "$MasterDomain" "$InternalViews" "$ZoneFilesFolder"
fi fi
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$MasterDomain" "$MasterFile" "$TempFolder" "$DNSSECPolicy"
if [ -n "$ExternalView" ]; then InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$MasterDomain" "$MasterFile"
InsertZoneToIncludeFile "$MasterDomain" "$ExternFile" "$TempFolder""$ExternalView"".conf" "$DNSSECPolicy"
fi
fi fi
echo "$LocalMasterSerial" echo "$LocalMasterSerial"
} }
UpdateExternal() { UpdateExternal() {
CachedZoneFile="$TempFolder""cache/db.""$InternalDomain""E" CachedZoneFile="$DNSSCRIPT_TEMP_FOLDER""cache/db.""$InternalDomain""E"
UpdateExternView=0 UpdateExternView=0
if [ -n "$ExternalView" ] || [ -n "$ExternDomain" ]; then if [ -n "$ExternalView" ] || [ -n "$ExternDomain" ]; then
@ -84,23 +83,40 @@ UpdateExternal() {
UpdateExternView=1 UpdateExternView=1
ReloadZone "$InternalDomain" "$ExternalView" "$ZoneFilesFolder" ReloadZone "$InternalDomain" "$ExternalView" "$ZoneFilesFolder"
fi fi
if [ -n "$ExternalView" ]; then
InsertZoneToViews "$ExternalView" "$ZoneFilesFolder" "$InternalDomain" "$InternalZoneFile"
fi
fi fi
if [ -n "$ExternDomain" ]; then if [ -n "$ExternDomain" ]; then
ExtDomainFile="$ZoneFilesFolder""db.""$FirstInternalView"".""$ExternDomain" ExtDomainFile="$ZoneFilesFolder""db.""$FirstInternalView"".""$ExternDomain"
ZoneTempFolder="$TempFolder""cache/""$ExternDomain""/" ZoneTempFolder="$DNSSCRIPT_TEMP_FOLDER""cache/""$ExternDomain""/"
cp -f "$ExternalZoneFile" "$CachedZoneFile" named-checkzone -q -i none -o "$CachedZoneFile" "$InternalDomain" "$ExternalZoneFile"
InternalDomainSed="$(SEDifyHostname "$InternalDomain")"
ExternDomainSed="$(SEDifyHostname "$ExternDomain")"
if [ -n "$(sed -e '/^'"$ExternDomainSed"'\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\s/!d' "$CachedZoneFile")" ]; then
sed -i -e '/^'"$InternalDomainSed"'\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\s/d' "$CachedZoneFile"
sed -i -e 's/^'"$ExternDomainSed"'\.\(\s\)/@\1/g' "$CachedZoneFile"
fi
if [ -n "$DNSSECKeyFolder" ]; then if [ -n "$DNSSECKeyFolder" ]; then
sed -i -e '/^\s*_dnsseckeys\./d' "$CachedZoneFile" sed -i -e '/^_cdskey\./d' "$CachedZoneFile"
sed -i -e '/^\s*\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Nn][Ss][Kk][Ee][Yy]/d' "$CachedZoneFile" sed -i -e '/^\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Nn][Ss][Kk][Ee][Yy]/d' "$CachedZoneFile"
fi fi
[ -n "$(sed -e '/^\s*\(@\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\)\s/!d' "$CachedZoneFile")" ] || \ [ -n "$(sed -e '/^\s*\(@\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\)\s/!d' "$CachedZoneFile")" ] || \
sed -i -e 's/^\s*\(@\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\)\s\+\S\+\s\+\S\+\s/\1 '"$DNSSCRIPT_SERVER_NAME"'. '"$DNSSCRIPT_CONTACT_EMAIL"' /g' "$CachedZoneFile" sed -i -e 's/^\s*\(@\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\)\s\+\S\+\s\+\S\+\s/\1 '"$DNSSCRIPT_SERVER_NAME"'. '"$DNSSCRIPT_CONTACT_EMAIL"' /g' "$CachedZoneFile"
sed -i -e 's/^\s*'"$CommunityExternPrefix"'\s/@ /g;/^\s*\(@\|\S\+\.\)\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Ss]\s/d' "$CachedZoneFile" sed -i -e '/^\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Ss]\s/d' "$CachedZoneFile"
sed -i -e '/^_dnsseckeys\./d' "$CachedZoneFile"
sed -i -e 's/^'"$InternalDomainSed"'\.\(\s\)/@\1/g' "$CachedZoneFile"
sed -i -e 's/^\(\S\+\)\.'"$InternalDomainSed"'\.\(\s\)/\1\2/g' "$CachedZoneFile"
UpdateExternDomain="$(UpdateDNSSECEntryCache "$ExternDomain" "$ZoneTempFolder" "$CachedZoneFile" "$DNSSECKeyFolder" "$InternalUpstreamIP" "$TempFolder")" echo "\$TTL ${TTLReReExMi%% *}" >> "$CachedZoneFile"
UpdateExternDomain="$(UpdateDNSSECEntryCache "$ExternDomain" "$ZoneTempFolder" "$CachedZoneFile" "$DNSSECKeyFolder" "$InternalUpstreamIP" )"
if [ $UpdateExternView -ne 0 ] || [ -n "$UpdateExternDomain" ]; then if [ $UpdateExternView -ne 0 ] || [ -n "$UpdateExternDomain" ]; then
for KeyFile in "$ZoneTempFolder"*; do for KeyFile in "$ZoneTempFolder"*; do
[ "$KeyFile" = "$ZoneTempFolder""*" ] || \ [ "$KeyFile" = "$ZoneTempFolder""*" ] || \
@ -117,9 +133,8 @@ UpdateExternal() {
ReloadZone "$ExternDomain" "$InternalViews" "$ZoneFilesFolder" ReloadZone "$ExternDomain" "$InternalViews" "$ZoneFilesFolder"
ReloadZone "$ExternDomain" "$ExternalView" "$ZoneFilesFolder" ReloadZone "$ExternDomain" "$ExternalView" "$ZoneFilesFolder"
fi fi
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$ExternDomain" "$ExtDomainFile"
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$ExternDomain" "$ExtDomainFile" "$TempFolder" "$DNSSECPolicy" InsertZoneToViews "$ExternalView" "$ZoneFilesFolder" "$ExternDomain" "$ExtDomainFile"
InsertZoneToViews "$ExternalView" "$ZoneFilesFolder" "$ExternDomain" "$ExtDomainFile" "$TempFolder" "$DNSSECPolicy"
fi fi
} }
UpdateReverseZones() { UpdateReverseZones() {
@ -134,7 +149,7 @@ UpdateReverseZones() {
fi fi
./update-rdnszone.sh "$RDomain" "$2" "$ZoneFilesFolder""$ReverseZoneFile" "$TTLReReExMi" "$InternalViews" ./update-rdnszone.sh "$RDomain" "$2" "$ZoneFilesFolder""$ReverseZoneFile" "$TTLReReExMi" "$InternalViews"
for IView in $InternalViews; do for IView in $InternalViews; do
InsertZoneToIncludeFile "${RDomain%*.}" "$ZoneFilesFolder""$ReverseZoneFile" "$TempFolder""$IView"".conf" InsertZoneToIncludeFile "${RDomain%*.}" "$ZoneFilesFolder""$ReverseZoneFile" "$DNSSCRIPT_TEMP_FOLDER""$IView"".conf"
done done
done done
done done

24
usr/lib/ffdns/update-dns.sh
View File

@ -16,6 +16,10 @@ export DNSSCRIPT_VERSION="0.9.5"
export DNSSCRIPT_CONTACT_EMAIL export DNSSCRIPT_CONTACT_EMAIL
export DNSSCRIPT_SERVER_NAME export DNSSCRIPT_SERVER_NAME
export DNSSCRIPT_BIND_RELOAD_VER export DNSSCRIPT_BIND_RELOAD_VER
DNSSCRIPT_DNSSECPolicy="$DNSSECPolicy"
export DNSSCRIPT_DNSSECPolicy
DNSSCRIPT_TEMP_FOLDER="$TempFolder"
export DNSSCRIPT_TEMP_FOLDER
cd /usr/lib/ffdns/ cd /usr/lib/ffdns/
. ./dns-functions.sh . ./dns-functions.sh
@ -31,13 +35,11 @@ fi
FirstInternalView="$( echo "$InternalViews" | sed -e 's/\s.*//')" FirstInternalView="$( echo "$InternalViews" | sed -e 's/\s.*//')"
# ForwardZones: "<Zone>/<Zonendatei>" ; optionaly multiple " ""<ZoneX>/<ZonendateiX>" no spaces in full filename # ForwardZones: "<Zone>/<Zonendatei>" ; optionaly multiple " ""<ZoneX>/<ZonendateiX>" no spaces in full filename
ForwardZones="$MasterDomain""/""$ZoneFilesFolder""db.""$FirstInternalView"".""$MasterDomain" ForwardZones="$MasterDomain""/""$ZoneFilesFolder""db.""$FirstInternalView"".""$MasterDomain"
BindIcvpnAclTmp="$TempFolder""icvpn-acl.conf" [ -n "$DNSSCRIPT_DNSSECPolicy" ] || DNSSECKeyFolder=""
BindIcvpnAcl="$GeneratedIncludeFileFolder""icvpn-acl.conf"
[ -n "$DNSSECPolicy" ] || DNSSECKeyFolder=""
SetupCache SetupCache
CachedMasterFile="$TempFolder""cache/db.""$MasterDomain" CachedMasterFile="$DNSSCRIPT_TEMP_FOLDER""cache/db.""$MasterDomain"
PreFetchMasterSerial="$(GetZoneFileSerial "$CachedMasterFile")" PreFetchMasterSerial="$(GetZoneFileSerial "$CachedMasterFile")"
GetMasterFile GetMasterFile
PostFetchMasterSerial="$(GetZoneFileSerial "$CachedMasterFile")" PostFetchMasterSerial="$(GetZoneFileSerial "$CachedMasterFile")"
@ -100,10 +102,10 @@ for Hood in $Hoods; do
echo ";" echo ";"
} > "$HoodZoneFile" } > "$HoodZoneFile"
fi fi
ZoneTempFolder="$TempFolder""cache/" ZoneTempFolder="$DNSSCRIPT_TEMP_FOLDER""cache/"
./update-hoodzone.sh "$HoodZoneFile" "$HoodDomain" "$Subnets" "$InternalViews" "$ZoneTempFolder" "$ZoneFilesFolder" ./update-hoodzone.sh "$HoodZoneFile" "$HoodDomain" "$Subnets" "$InternalViews" "$ZoneTempFolder" "$ZoneFilesFolder"
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$HoodDomain" "$HoodZoneFile" "$TempFolder" "$DNSSECPolicy" "/etc/ffdns/" InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$HoodDomain" "$HoodZoneFile" "/etc/ffdns/"
HoodForwardZones="$ForwardZones $HoodDomain""/""$HoodZoneFile" HoodForwardZones="$ForwardZones $HoodDomain""/""$HoodZoneFile"
UpdateReverseZones "$Subnets" "$HoodForwardZones" UpdateReverseZones "$Subnets" "$HoodForwardZones"
@ -123,9 +125,6 @@ for Hood in $Hoods; do
fi fi
if [ -n "$ExternFile" ]; then if [ -n "$ExternFile" ]; then
if [ -n "$ExternalView" ]; then
InsertZoneToIncludeFile "$HoodDomain" "$ExternFile" "$TempFolder""$ExternalView"".conf" "$DNSSECPolicy"
fi
InternalZoneFile="$HoodZoneFile" InternalZoneFile="$HoodZoneFile"
ExternalZoneFile="$ExternFile" ExternalZoneFile="$ExternFile"
InternalDomain="$HoodDomain" InternalDomain="$HoodDomain"
@ -135,8 +134,6 @@ for Hood in $Hoods; do
fi fi
done done
./update-public-acl.sh "$BindIcvpnAclTmp" "$RemoteLocation" "$RoutingTables"
ReConfigBind=0 ReConfigBind=0
UpdateBindConfig() { UpdateBindConfig() {
if [ -f "$1" ] && ! cmp -s "$1" "$2"; then if [ -f "$1" ] && ! cmp -s "$1" "$2"; then
@ -147,12 +144,11 @@ UpdateBindConfig() {
fi fi
} }
UpdateBindConfig "$BindIcvpnAclTmp" "$BindIcvpnAcl"
for IView in $InternalViews; do for IView in $InternalViews; do
UpdateBindConfig "$TempFolder""$IView"".conf" "$GeneratedIncludeFileFolder""$IView"".conf" UpdateBindConfig "$DNSSCRIPT_TEMP_FOLDER""$IView"".conf" "$GeneratedIncludeFileFolder""$IView"".conf"
done done
if [ -n "$ExternalView" ]; then if [ -n "$ExternalView" ]; then
UpdateBindConfig "$TempFolder""$ExternalView"".conf" "$GeneratedIncludeFileFolder""$ExternalView"".conf" UpdateBindConfig "$DNSSCRIPT_TEMP_FOLDER""$ExternalView"".conf" "$GeneratedIncludeFileFolder""$ExternalView"".conf"
fi fi
if [ $ReConfigBind -ne 0 ] || [ -f "/tmp/dnsscript-forcereconf" ]; then if [ $ReConfigBind -ne 0 ] || [ -f "/tmp/dnsscript-forcereconf" ]; then

5
usr/lib/ffdns/update-hoodzone.sh
View File

@ -24,12 +24,13 @@ GetLeaseEntriesInSubnet() {
done done
} }
ZoneTempFolder="$ZoneTempFolder""$Domain""/"
OldSerial="$(GetZoneFileSerial "$ZoneTempFolder""db.""$Domain"".bkp")" OldSerial="$(GetZoneFileSerial "$ZoneTempFolder""db.""$Domain"".bkp")"
NewSerial="$(GetZoneFileSerial "$HoodZoneFile")" NewSerial="$(GetZoneFileSerial "$HoodZoneFile")"
ForceUpdate=""
[ $((OldSerial)) -gt 0 ] && [ $((OldSerial)) -lt $((NewSerial)) ] && ForceUpdate="1" [ $((OldSerial)) -gt 0 ] && [ $((OldSerial)) -lt $((NewSerial)) ] && ForceUpdate="1"
ZoneTempFolder="$ZoneTempFolder""$Domain""/"
OldLeases="$(sed -e '/^;### Leases ###/,$!d;/^\s*\S\+\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Ss]\s/d' "$HoodZoneFile" | sed 1d)" OldLeases="$(sed -e '/^;### Leases ###/,$!d;/^\s*\S\+\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Ss]\s/d' "$HoodZoneFile" | sed 1d)"
if [ -f "/tmp/dhcp.leases" ]; then if [ -f "/tmp/dhcp.leases" ]; then

87
usr/lib/ffdns/update-public-acl.sh
View File

@ -1,87 +0,0 @@
#!/bin/sh
# SPDX-License-Identifier: GPL-3.0
#
# freifunk-franken dns-scipts (c) 2021 Blackyfff
. ./dns-functions.sh
IncludeFile="$1"
RemoteLocation="$2"
Tables="$3"
rm -f "$IncludeFile"
if [ -z "$Tables" ]; then
# this is only a rude fallback and not recommended
# create your own file on a gateway with the community routing tables and use this one
RemoteFile="$(curl -s -S -f "$RemoteACL")"
if [ -n "$RemoteFile" ]; then
echo "$RemoteFile" > "$IncludeFile"
fi
else
Installed4Routes=""
Installed6Routes=""
for Table in $Tables; do
Installed4Routes="$(echo "$Installed4Routes" && ip -d -4 ro sh ta "$Table")"
Installed6Routes="$(echo "$Installed6Routes" && ip -d -6 ro sh ta "$Table")"
done
PublicSubs="$(echo "$Installed6Routes" | \
sed -e '/^unicast default from/!d;s/.* from \(\S\+\).*/\1/g')"
Privatev4Prefix="\(192\.168\.\|172\.\(1[6-9]\|2[0-9]\|3[01]\)\.\|10\.\)"
Privatev6Prefix="\([fF][cCdD][0-9a-fA-F]\{2\}:\)"
Publicv4Singles="$(echo "$Installed4Routes" | \
sed -e 's/^\S\+\s\+\(\S\+\)\s.*/\t\1;/g;/^\t'"$Privatev4Prefix"'\|^\t\(unreachable\|default\|0\.\)\|^$/d')"
Publicv6Singles="$(echo "$Installed6Routes" | \
sed -e 's/^\S\+\s\+\(\S\+\)\s.*/\1/g;/^'"$Privatev6Prefix"'\|^\(unreachable\|default\|::\|64:ff9b::\)\|^$/d')"
# the following code is not well optimized yet and may take a bit to process
# therefore it is not recommended to activate it on hardware-routers
# even in other environments it did not speed up bind9 measurable, its just for a smaller acl-file, e.g. for redistribution
#for Subnet in $PublicSubs; do
# SubnetIPFilled="$(FillIPv6Zeroes "$(echo "${Subnet%/*}" | awk '{print tolower($0)}')")"
# Mask="${Subnet##*/}"
# Statics=$((Mask / 4))
# BlockMask=$((Mask % 4))
# if [ $BlockMask -ne 0 ]; then
# BlockMask=$((4 - BlockMask))
# BlockMask=$((-1 << $BlockMask))
# SubnetBlock="$(printf %d 0x"$(echo "$SubnetIPFilled" | awk 'BEGIN{FS=""}{printf $'"$((Statics+1))"'}')")"
# SubnetBlock=$((SubnetBlock & BlockMask))
# fi
#
# SubnetStaticPart="$(echo "$SubnetIPFilled" | awk 'BEGIN{FS=""}{for(i='"$Statics"';i>0;i--) printf $i;}')"
#
# for Single in $Publicv6Singles; do
# IPFilled="$(FillIPv6Zeroes "$(echo "${Single%/*}" | awk '{print tolower($0)}')")"
# MaskIP="$( echo "$Single" | sed -e 's/^[^/]*\(\/\)\?//g')"
# MaskIP="${MaskIP:-128}"
# IsInSub="$([ $((Mask)) -le $((MaskIP)) ]; echo "$?")"
# if [ $IsInSub -eq 0 ]; then
# IPStaticPart="$(echo "$IPFilled" | awk 'BEGIN{FS=""}{for(i='"$Statics"';i>0;i--) printf $i;}')"
# IsInSub="$([ "$IPStaticPart" = "$SubnetStaticPart" ]; echo "$?")"
# fi
# if [ $IsInSub -eq 0 ] && [ $BlockMask -ne 0 ]; then
# IPBlock="$(printf %d 0x"$(echo "$IPFilled" | awk 'BEGIN{FS=""}{printf $'"$((Statics+1))"'}')")"
# IPBlock=$((IPBlock & BlockMask))
# IsInSub="$([ $IPBlock -eq $SubnetBlock ]; echo "$?")"
# fi
#
# ! [ $IsInSub -eq 0 ] \
# && NewSingles="$( [ -n "$NewSingles" ] && echo "$NewSingles"; echo "$Single")"
# done
# Publicv6Singles="$NewSingles"
# NewSingles=""
#done
{
echo "acl icvpnrange {"
echo " icvpnlocal;"
echo "$PublicSubs" | sed -e 's/\(.*\)/\t\1;/g'
echo "$(curl -s -S -f "$RemoteLocation""external.dnsserverips" | sed -e 's/^/\t/g;s/$/;/g')"
echo "$Publicv4Singles"
echo "$Publicv6Singles" | sed -e 's/\(.*\)/\t\1;/g'
echo "};"
} > "$IncludeFile"
fi