insert inline-signing; update for additional special view-config; handling for manual zone-file-changes

Signed-off-by: Blackyfff <freifunk@freifunk-herpf.de>
This commit is contained in:
Blackyfff 2023-02-13 01:11:31 +01:00
parent 3831e98977
commit cf7048384c
4 changed files with 63 additions and 34 deletions

View File

@ -67,7 +67,11 @@ acl icvpnlocal {
172.16.0.0/12;
fc00::/7;
};
include "/etc/bind/icvpn-acl.conf"; # auto-generated
acl lo0 {
127.0.0.0/8;
::1/128;
};
[..]
@ -80,8 +84,27 @@ options {
[..]
view "external-view" {
match-destinations {
!icvpnlocal;
!lo0;
any;
};
match-clients {
!icvpnlocal;
!lo0;
any;
};
[..] # eigene Optionen
include "/etc/bind/external-view.conf"; # auto-generated
[..]
};
view "icvpn-internal-view" {
match-clients { icvpnrange; localhost; };
match-clients { any; };
allow-query-cache { any; };
recursion yes;
@ -95,17 +118,6 @@ view "icvpn-internal-view" {
[..]
};
view "external-view" {
match-clients { any; };
[..] # eigene Optionen
include "/etc/bind/external-view.conf"; # auto-generated
[..]
};
[..]
```
@ -139,7 +151,6 @@ view "icvpn-internal-dns64-view" {
match-destinations {
<IPv6>; # eine separate Adresse ist für DNS64 notwendig
};
match-clients { icvpnrange; localhost; };
allow-query-cache { any; };
recursion yes;
dns64 64:ff9b::/96 {
@ -154,7 +165,7 @@ view "icvpn-internal-dns64-view" {
[..]
};
view "icvpn-internal-view" {
view "external-view" {
[..]
```
@ -187,7 +198,7 @@ Subdomains der Rootzone können von Root-Servern selbst oder auch von jedem ande
Subdomains sollten im folgenden Format angelegt werden
```
<Subdomain> IN NS <Serverhostname>[ ; Subnets:[ <SubnetzIPv4>/<Subnetzmaske>| <SubnetzIPv6>/<Subnetzmaske>]+]?
<Subdomain> IN NS <Serverhostname>[ ; Subnets:[ <SubnetzIPv4>/<Subnetzmaske>| <SubnetzIPv6>/<Subnetzmaske>]*]?
```
z.B.:
@ -205,6 +216,8 @@ Sofern noch nicht vorhanden wird dann eine neue Zonendatei für diese Subdomain
```
wie die Rootzonendatei editiert werden.
Sollten spezielle Konfigurationen für die views benötigt werden, können diese im Konfigurationsverzeichnis (/etc/ffdns) als Dateien im Format <View>.<Domain> abgelegt werden. Die dort enthaltenen Zeilen werden in die Konfiguration des Views geschrieben.
### Subsubdomains
Auch unterhalb von bereits delegierten Subdomains können beliebig viele weitere Subdomains bedient werden.

View File

@ -1,7 +1,7 @@
#!/bin/sh
# SPDX-License-Identifier: GPL-3.0
#
# freifunk-franken dns-scipts (c) 2021-2022 Blackyfff
# freifunk-franken dns-scipts (c) 2021-2023 Blackyfff
GetZoneFileSerial() {
if [ -f "$1" ]; then
@ -22,29 +22,39 @@ InsertZoneToViews() {
SourceFile="$4"
TempFolder="$5"
DNSSECPolicy="$6"
AdditionalZoneConfig="$7"
for View in $Views; do
ZoneFile="$ZoneFilesFolder""db.""$View"".""$Domain"
[ -f "$ZoneFile" ] || ln -s "$SourceFile" "$ZoneFile"
InsertZoneToIncludeFile "$Domain" "$ZoneFile" "$TempFolder""$View"".conf" "$DNSSECPolicy"
InsertZoneToIncludeFile "$Domain" "$ZoneFile" "$TempFolder""$View"".conf" "$DNSSECPolicy" "$AdditionalZoneConfig""$View""."
done
}
InsertZoneToIncludeFile() {
if [ -n "$5" ] && [ -f "$5""$1" ]; then
Additional="$(cat "$5""$1")"
else
Additional=""
fi
if [ ! -f "$3" ]; then
{
echo "zone \"""$1""\" {"
echo " type master;"
[ -n "$4" ] && echo " dnssec-policy $4"";"
[ -n "$4" ] && echo " inline-signing yes;"
[ -n "$Additional" ] && echo "$Additional"
echo " file \"""$2""\";"
echo "};"
} > "$3"
else
[ -n "$4" ] && Extra=" dnssec-policy $4"";\n" || Extra=""
sed -i "1i\
zone \"""$1""\" {\n\
type master;\n""$Extra\
file \"""$2""\";\n\
};" "$3"
{
echo "zone \"""$1""\" {"
echo " type master;"
[ -n "$4" ] && echo " dnssec-policy $4"";"
[ -n "$4" ] && echo " inline-signing yes;"
[ -n "$Additional" ] && echo "$Additional"
echo " file \"""$2""\";"
echo "};"
} >> "$3"
fi
}
GetAllNameservers() {

View File

@ -3,12 +3,12 @@
#
# freifunk-franken dns-scipts (c) 2016 mayosemmel
# (c) 2020-2021 Fabian Bläse
# (c) 2021-2022 Blackyfff
# (c) 2021-2023 Blackyfff
# exit script when command fails
set -e
export DNSSCRIPT_VERSION="0.9.4"
export DNSSCRIPT_VERSION="0.9.5"
. /etc/ffdns/community.conf
. /etc/ffdns/local.conf
@ -53,7 +53,7 @@ if [ -n "$ServeMasterZone" ] || [ -n "$(DoServeOnlyExternZone)" ]; then
else
FileForExternGeneration="$CachedMasterFile"
fi
if [ -n "$ExternalView" ]; then
ExternFile="$ZoneFilesFolder""db.""$ExternalView"".""$MasterDomain"
else
@ -100,10 +100,10 @@ for Hood in $Hoods; do
echo ";"
} > "$HoodZoneFile"
fi
ZoneTempFolder="$TempFolder""cache/""$HoodDomain""/"
ZoneTempFolder="$TempFolder""cache/"
./update-hoodzone.sh "$HoodZoneFile" "$HoodDomain" "$Subnets" "$InternalViews" "$ZoneTempFolder" "$ZoneFilesFolder"
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$HoodDomain" "$HoodZoneFile" "$TempFolder" "$DNSSECPolicy"
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$HoodDomain" "$HoodZoneFile" "$TempFolder" "$DNSSECPolicy" "/etc/ffdns/"
HoodForwardZones="$ForwardZones $HoodDomain""/""$HoodZoneFile"
UpdateReverseZones "$Subnets" "$HoodForwardZones"

View File

@ -1,7 +1,7 @@
#!/bin/sh
# SPDX-License-Identifier: GPL-3.0
#
# freifunk-franken dns-scipts (c) 2021-2022 Blackyfff
# freifunk-franken dns-scipts (c) 2021-2023 Blackyfff
. ./dns-functions.sh
@ -24,6 +24,12 @@ GetLeaseEntriesInSubnet() {
done
}
OldSerial="$(GetZoneFileSerial "$ZoneTempFolder""db.""$Domain"".bkp")"
NewSerial="$(GetZoneFileSerial "$HoodZoneFile")"
[ $((OldSerial)) -gt 0 ] && [ $((OldSerial)) -lt $((NewSerial)) ] && ForceUpdate="1"
ZoneTempFolder="$ZoneTempFolder""$Domain""/"
OldLeases="$(sed -e '/^;### Leases ###/,$!d;/^\s*\S\+\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Ss]\s/d' "$HoodZoneFile" | sed 1d)"
if [ -f "/tmp/dhcp.leases" ]; then
@ -51,8 +57,7 @@ NewLeases="$(echo "$NewLeases" |
UpdateZone="$(UpdateDNSSECEntryCache "$Domain" "$ZoneTempFolder" "$HoodZoneFile")"
if [ "$NewLeases" != "$OldLeases" ] || [ -n "$UpdateZone" ]; then
NewSerial="$(GetZoneFileSerial "$HoodZoneFile")"
if [ "$NewLeases" != "$OldLeases" ] || [ -n "$UpdateZone" ] || [ -n "$ForceUpdate" ]; then
NewSerial=$((NewSerial+1))
sed -i -e 's/^\(\s*\)\(\S\+\)\(\s*;\s*Serial.*\)/\1'"$NewSerial"'\3/g' "$HoodZoneFile"
sed -i -e '/^;### Leases ###/,$d' "$HoodZoneFile"
@ -65,4 +70,5 @@ if [ "$NewLeases" != "$OldLeases" ] || [ -n "$UpdateZone" ]; then
cat "$KeyFile" >> "$HoodZoneFile"
done
ReloadZone "$Domain" "$View" "$ZoneFilesFolder"
fi
fi
cp -f "$HoodZoneFile" "$ZoneTempFolder""db.""$Domain"".bkp"