insert inline-signing; update for additional special view-config; handling for manual zone-file-changes
Signed-off-by: Blackyfff <freifunk@freifunk-herpf.de>
This commit is contained in:
parent
3831e98977
commit
cf7048384c
45
README.md
45
README.md
|
@ -67,7 +67,11 @@ acl icvpnlocal {
|
|||
172.16.0.0/12;
|
||||
fc00::/7;
|
||||
};
|
||||
include "/etc/bind/icvpn-acl.conf"; # auto-generated
|
||||
|
||||
acl lo0 {
|
||||
127.0.0.0/8;
|
||||
::1/128;
|
||||
};
|
||||
|
||||
[..]
|
||||
|
||||
|
@ -80,8 +84,27 @@ options {
|
|||
|
||||
[..]
|
||||
|
||||
view "external-view" {
|
||||
match-destinations {
|
||||
!icvpnlocal;
|
||||
!lo0;
|
||||
any;
|
||||
};
|
||||
match-clients {
|
||||
!icvpnlocal;
|
||||
!lo0;
|
||||
any;
|
||||
};
|
||||
|
||||
[..] # eigene Optionen
|
||||
|
||||
include "/etc/bind/external-view.conf"; # auto-generated
|
||||
|
||||
[..]
|
||||
};
|
||||
|
||||
view "icvpn-internal-view" {
|
||||
match-clients { icvpnrange; localhost; };
|
||||
match-clients { any; };
|
||||
allow-query-cache { any; };
|
||||
recursion yes;
|
||||
|
||||
|
@ -95,17 +118,6 @@ view "icvpn-internal-view" {
|
|||
[..]
|
||||
};
|
||||
|
||||
view "external-view" {
|
||||
match-clients { any; };
|
||||
|
||||
[..] # eigene Optionen
|
||||
|
||||
include "/etc/bind/external-view.conf"; # auto-generated
|
||||
|
||||
[..]
|
||||
};
|
||||
|
||||
|
||||
[..]
|
||||
```
|
||||
|
||||
|
@ -139,7 +151,6 @@ view "icvpn-internal-dns64-view" {
|
|||
match-destinations {
|
||||
<IPv6>; # eine separate Adresse ist für DNS64 notwendig
|
||||
};
|
||||
match-clients { icvpnrange; localhost; };
|
||||
allow-query-cache { any; };
|
||||
recursion yes;
|
||||
dns64 64:ff9b::/96 {
|
||||
|
@ -154,7 +165,7 @@ view "icvpn-internal-dns64-view" {
|
|||
[..]
|
||||
};
|
||||
|
||||
view "icvpn-internal-view" {
|
||||
view "external-view" {
|
||||
|
||||
[..]
|
||||
```
|
||||
|
@ -187,7 +198,7 @@ Subdomains der Rootzone können von Root-Servern selbst oder auch von jedem ande
|
|||
|
||||
Subdomains sollten im folgenden Format angelegt werden
|
||||
```
|
||||
<Subdomain> IN NS <Serverhostname>[ ; Subnets:[ <SubnetzIPv4>/<Subnetzmaske>| <SubnetzIPv6>/<Subnetzmaske>]+]?
|
||||
<Subdomain> IN NS <Serverhostname>[ ; Subnets:[ <SubnetzIPv4>/<Subnetzmaske>| <SubnetzIPv6>/<Subnetzmaske>]*]?
|
||||
|
||||
```
|
||||
z.B.:
|
||||
|
@ -205,6 +216,8 @@ Sofern noch nicht vorhanden wird dann eine neue Zonendatei für diese Subdomain
|
|||
```
|
||||
wie die Rootzonendatei editiert werden.
|
||||
|
||||
Sollten spezielle Konfigurationen für die views benötigt werden, können diese im Konfigurationsverzeichnis (/etc/ffdns) als Dateien im Format <View>.<Domain> abgelegt werden. Die dort enthaltenen Zeilen werden in die Konfiguration des Views geschrieben.
|
||||
|
||||
### Subsubdomains
|
||||
|
||||
Auch unterhalb von bereits delegierten Subdomains können beliebig viele weitere Subdomains bedient werden.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/sh
|
||||
# SPDX-License-Identifier: GPL-3.0
|
||||
#
|
||||
# freifunk-franken dns-scipts (c) 2021-2022 Blackyfff
|
||||
# freifunk-franken dns-scipts (c) 2021-2023 Blackyfff
|
||||
|
||||
GetZoneFileSerial() {
|
||||
if [ -f "$1" ]; then
|
||||
|
@ -22,29 +22,39 @@ InsertZoneToViews() {
|
|||
SourceFile="$4"
|
||||
TempFolder="$5"
|
||||
DNSSECPolicy="$6"
|
||||
AdditionalZoneConfig="$7"
|
||||
for View in $Views; do
|
||||
ZoneFile="$ZoneFilesFolder""db.""$View"".""$Domain"
|
||||
[ -f "$ZoneFile" ] || ln -s "$SourceFile" "$ZoneFile"
|
||||
InsertZoneToIncludeFile "$Domain" "$ZoneFile" "$TempFolder""$View"".conf" "$DNSSECPolicy"
|
||||
InsertZoneToIncludeFile "$Domain" "$ZoneFile" "$TempFolder""$View"".conf" "$DNSSECPolicy" "$AdditionalZoneConfig""$View""."
|
||||
done
|
||||
}
|
||||
InsertZoneToIncludeFile() {
|
||||
if [ -n "$5" ] && [ -f "$5""$1" ]; then
|
||||
Additional="$(cat "$5""$1")"
|
||||
else
|
||||
Additional=""
|
||||
fi
|
||||
if [ ! -f "$3" ]; then
|
||||
{
|
||||
echo "zone \"""$1""\" {"
|
||||
echo " type master;"
|
||||
[ -n "$4" ] && echo " dnssec-policy $4"";"
|
||||
[ -n "$4" ] && echo " inline-signing yes;"
|
||||
[ -n "$Additional" ] && echo "$Additional"
|
||||
echo " file \"""$2""\";"
|
||||
echo "};"
|
||||
} > "$3"
|
||||
else
|
||||
[ -n "$4" ] && Extra=" dnssec-policy $4"";\n" || Extra=""
|
||||
|
||||
sed -i "1i\
|
||||
zone \"""$1""\" {\n\
|
||||
type master;\n""$Extra\
|
||||
file \"""$2""\";\n\
|
||||
};" "$3"
|
||||
{
|
||||
echo "zone \"""$1""\" {"
|
||||
echo " type master;"
|
||||
[ -n "$4" ] && echo " dnssec-policy $4"";"
|
||||
[ -n "$4" ] && echo " inline-signing yes;"
|
||||
[ -n "$Additional" ] && echo "$Additional"
|
||||
echo " file \"""$2""\";"
|
||||
echo "};"
|
||||
} >> "$3"
|
||||
fi
|
||||
}
|
||||
GetAllNameservers() {
|
||||
|
|
|
@ -3,12 +3,12 @@
|
|||
#
|
||||
# freifunk-franken dns-scipts (c) 2016 mayosemmel
|
||||
# (c) 2020-2021 Fabian Bläse
|
||||
# (c) 2021-2022 Blackyfff
|
||||
# (c) 2021-2023 Blackyfff
|
||||
|
||||
# exit script when command fails
|
||||
set -e
|
||||
|
||||
export DNSSCRIPT_VERSION="0.9.4"
|
||||
export DNSSCRIPT_VERSION="0.9.5"
|
||||
|
||||
. /etc/ffdns/community.conf
|
||||
. /etc/ffdns/local.conf
|
||||
|
@ -53,7 +53,7 @@ if [ -n "$ServeMasterZone" ] || [ -n "$(DoServeOnlyExternZone)" ]; then
|
|||
else
|
||||
FileForExternGeneration="$CachedMasterFile"
|
||||
fi
|
||||
|
||||
|
||||
if [ -n "$ExternalView" ]; then
|
||||
ExternFile="$ZoneFilesFolder""db.""$ExternalView"".""$MasterDomain"
|
||||
else
|
||||
|
@ -100,10 +100,10 @@ for Hood in $Hoods; do
|
|||
echo ";"
|
||||
} > "$HoodZoneFile"
|
||||
fi
|
||||
ZoneTempFolder="$TempFolder""cache/""$HoodDomain""/"
|
||||
ZoneTempFolder="$TempFolder""cache/"
|
||||
./update-hoodzone.sh "$HoodZoneFile" "$HoodDomain" "$Subnets" "$InternalViews" "$ZoneTempFolder" "$ZoneFilesFolder"
|
||||
|
||||
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$HoodDomain" "$HoodZoneFile" "$TempFolder" "$DNSSECPolicy"
|
||||
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$HoodDomain" "$HoodZoneFile" "$TempFolder" "$DNSSECPolicy" "/etc/ffdns/"
|
||||
|
||||
HoodForwardZones="$ForwardZones $HoodDomain""/""$HoodZoneFile"
|
||||
UpdateReverseZones "$Subnets" "$HoodForwardZones"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/sh
|
||||
# SPDX-License-Identifier: GPL-3.0
|
||||
#
|
||||
# freifunk-franken dns-scipts (c) 2021-2022 Blackyfff
|
||||
# freifunk-franken dns-scipts (c) 2021-2023 Blackyfff
|
||||
|
||||
|
||||
. ./dns-functions.sh
|
||||
|
@ -24,6 +24,12 @@ GetLeaseEntriesInSubnet() {
|
|||
done
|
||||
}
|
||||
|
||||
OldSerial="$(GetZoneFileSerial "$ZoneTempFolder""db.""$Domain"".bkp")"
|
||||
NewSerial="$(GetZoneFileSerial "$HoodZoneFile")"
|
||||
[ $((OldSerial)) -gt 0 ] && [ $((OldSerial)) -lt $((NewSerial)) ] && ForceUpdate="1"
|
||||
|
||||
ZoneTempFolder="$ZoneTempFolder""$Domain""/"
|
||||
|
||||
OldLeases="$(sed -e '/^;### Leases ###/,$!d;/^\s*\S\+\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Ss]\s/d' "$HoodZoneFile" | sed 1d)"
|
||||
|
||||
if [ -f "/tmp/dhcp.leases" ]; then
|
||||
|
@ -51,8 +57,7 @@ NewLeases="$(echo "$NewLeases" |
|
|||
|
||||
UpdateZone="$(UpdateDNSSECEntryCache "$Domain" "$ZoneTempFolder" "$HoodZoneFile")"
|
||||
|
||||
if [ "$NewLeases" != "$OldLeases" ] || [ -n "$UpdateZone" ]; then
|
||||
NewSerial="$(GetZoneFileSerial "$HoodZoneFile")"
|
||||
if [ "$NewLeases" != "$OldLeases" ] || [ -n "$UpdateZone" ] || [ -n "$ForceUpdate" ]; then
|
||||
NewSerial=$((NewSerial+1))
|
||||
sed -i -e 's/^\(\s*\)\(\S\+\)\(\s*;\s*Serial.*\)/\1'"$NewSerial"'\3/g' "$HoodZoneFile"
|
||||
sed -i -e '/^;### Leases ###/,$d' "$HoodZoneFile"
|
||||
|
@ -65,4 +70,5 @@ if [ "$NewLeases" != "$OldLeases" ] || [ -n "$UpdateZone" ]; then
|
|||
cat "$KeyFile" >> "$HoodZoneFile"
|
||||
done
|
||||
ReloadZone "$Domain" "$View" "$ZoneFilesFolder"
|
||||
fi
|
||||
fi
|
||||
cp -f "$HoodZoneFile" "$ZoneTempFolder""db.""$Domain"".bkp"
|
Loading…
Reference in New Issue