From cf7048384cc06e50415ebc87e2ed0678b6aa836c Mon Sep 17 00:00:00 2001 From: Blackyfff Date: Mon, 13 Feb 2023 01:11:31 +0100 Subject: [PATCH] insert inline-signing; update for additional special view-config; handling for manual zone-file-changes Signed-off-by: Blackyfff --- README.md | 45 ++++++++++++++++++++------------ usr/lib/ffdns/dns-functions.sh | 28 +++++++++++++------- usr/lib/ffdns/update-dns.sh | 10 +++---- usr/lib/ffdns/update-hoodzone.sh | 14 +++++++--- 4 files changed, 63 insertions(+), 34 deletions(-) diff --git a/README.md b/README.md index d3505e2..3a95e6d 100644 --- a/README.md +++ b/README.md @@ -67,7 +67,11 @@ acl icvpnlocal { 172.16.0.0/12; fc00::/7; }; -include "/etc/bind/icvpn-acl.conf"; # auto-generated + +acl lo0 { + 127.0.0.0/8; + ::1/128; +}; [..] @@ -80,8 +84,27 @@ options { [..] +view "external-view" { + match-destinations { + !icvpnlocal; + !lo0; + any; + }; + match-clients { + !icvpnlocal; + !lo0; + any; + }; + + [..] # eigene Optionen + + include "/etc/bind/external-view.conf"; # auto-generated + + [..] +}; + view "icvpn-internal-view" { - match-clients { icvpnrange; localhost; }; + match-clients { any; }; allow-query-cache { any; }; recursion yes; @@ -95,17 +118,6 @@ view "icvpn-internal-view" { [..] }; -view "external-view" { - match-clients { any; }; - - [..] # eigene Optionen - - include "/etc/bind/external-view.conf"; # auto-generated - - [..] -}; - - [..] ``` @@ -139,7 +151,6 @@ view "icvpn-internal-dns64-view" { match-destinations { ; # eine separate Adresse ist für DNS64 notwendig }; - match-clients { icvpnrange; localhost; }; allow-query-cache { any; }; recursion yes; dns64 64:ff9b::/96 { @@ -154,7 +165,7 @@ view "icvpn-internal-dns64-view" { [..] }; -view "icvpn-internal-view" { +view "external-view" { [..] ``` @@ -187,7 +198,7 @@ Subdomains der Rootzone können von Root-Servern selbst oder auch von jedem ande Subdomains sollten im folgenden Format angelegt werden ``` - IN NS [ ; Subnets:[ /| /]+]? + IN NS [ ; Subnets:[ /| /]*]? ``` z.B.: @@ -205,6 +216,8 @@ Sofern noch nicht vorhanden wird dann eine neue Zonendatei für diese Subdomain ``` wie die Rootzonendatei editiert werden. +Sollten spezielle Konfigurationen für die views benötigt werden, können diese im Konfigurationsverzeichnis (/etc/ffdns) als Dateien im Format . abgelegt werden. Die dort enthaltenen Zeilen werden in die Konfiguration des Views geschrieben. + ### Subsubdomains Auch unterhalb von bereits delegierten Subdomains können beliebig viele weitere Subdomains bedient werden. diff --git a/usr/lib/ffdns/dns-functions.sh b/usr/lib/ffdns/dns-functions.sh index ab4ae6e..0bde081 100755 --- a/usr/lib/ffdns/dns-functions.sh +++ b/usr/lib/ffdns/dns-functions.sh @@ -1,7 +1,7 @@ #!/bin/sh # SPDX-License-Identifier: GPL-3.0 # -# freifunk-franken dns-scipts (c) 2021-2022 Blackyfff +# freifunk-franken dns-scipts (c) 2021-2023 Blackyfff GetZoneFileSerial() { if [ -f "$1" ]; then @@ -22,29 +22,39 @@ InsertZoneToViews() { SourceFile="$4" TempFolder="$5" DNSSECPolicy="$6" + AdditionalZoneConfig="$7" for View in $Views; do ZoneFile="$ZoneFilesFolder""db.""$View"".""$Domain" [ -f "$ZoneFile" ] || ln -s "$SourceFile" "$ZoneFile" - InsertZoneToIncludeFile "$Domain" "$ZoneFile" "$TempFolder""$View"".conf" "$DNSSECPolicy" + InsertZoneToIncludeFile "$Domain" "$ZoneFile" "$TempFolder""$View"".conf" "$DNSSECPolicy" "$AdditionalZoneConfig""$View""." done } InsertZoneToIncludeFile() { + if [ -n "$5" ] && [ -f "$5""$1" ]; then + Additional="$(cat "$5""$1")" + else + Additional="" + fi if [ ! -f "$3" ]; then { echo "zone \"""$1""\" {" echo " type master;" [ -n "$4" ] && echo " dnssec-policy $4"";" + [ -n "$4" ] && echo " inline-signing yes;" + [ -n "$Additional" ] && echo "$Additional" echo " file \"""$2""\";" echo "};" } > "$3" else - [ -n "$4" ] && Extra=" dnssec-policy $4"";\n" || Extra="" - - sed -i "1i\ -zone \"""$1""\" {\n\ - type master;\n""$Extra\ - file \"""$2""\";\n\ -};" "$3" + { + echo "zone \"""$1""\" {" + echo " type master;" + [ -n "$4" ] && echo " dnssec-policy $4"";" + [ -n "$4" ] && echo " inline-signing yes;" + [ -n "$Additional" ] && echo "$Additional" + echo " file \"""$2""\";" + echo "};" + } >> "$3" fi } GetAllNameservers() { diff --git a/usr/lib/ffdns/update-dns.sh b/usr/lib/ffdns/update-dns.sh index 428e306..9bcc15f 100755 --- a/usr/lib/ffdns/update-dns.sh +++ b/usr/lib/ffdns/update-dns.sh @@ -3,12 +3,12 @@ # # freifunk-franken dns-scipts (c) 2016 mayosemmel # (c) 2020-2021 Fabian Bläse -# (c) 2021-2022 Blackyfff +# (c) 2021-2023 Blackyfff # exit script when command fails set -e -export DNSSCRIPT_VERSION="0.9.4" +export DNSSCRIPT_VERSION="0.9.5" . /etc/ffdns/community.conf . /etc/ffdns/local.conf @@ -53,7 +53,7 @@ if [ -n "$ServeMasterZone" ] || [ -n "$(DoServeOnlyExternZone)" ]; then else FileForExternGeneration="$CachedMasterFile" fi - + if [ -n "$ExternalView" ]; then ExternFile="$ZoneFilesFolder""db.""$ExternalView"".""$MasterDomain" else @@ -100,10 +100,10 @@ for Hood in $Hoods; do echo ";" } > "$HoodZoneFile" fi - ZoneTempFolder="$TempFolder""cache/""$HoodDomain""/" + ZoneTempFolder="$TempFolder""cache/" ./update-hoodzone.sh "$HoodZoneFile" "$HoodDomain" "$Subnets" "$InternalViews" "$ZoneTempFolder" "$ZoneFilesFolder" - InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$HoodDomain" "$HoodZoneFile" "$TempFolder" "$DNSSECPolicy" + InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$HoodDomain" "$HoodZoneFile" "$TempFolder" "$DNSSECPolicy" "/etc/ffdns/" HoodForwardZones="$ForwardZones $HoodDomain""/""$HoodZoneFile" UpdateReverseZones "$Subnets" "$HoodForwardZones" diff --git a/usr/lib/ffdns/update-hoodzone.sh b/usr/lib/ffdns/update-hoodzone.sh index 8730148..627a5ad 100755 --- a/usr/lib/ffdns/update-hoodzone.sh +++ b/usr/lib/ffdns/update-hoodzone.sh @@ -1,7 +1,7 @@ #!/bin/sh # SPDX-License-Identifier: GPL-3.0 # -# freifunk-franken dns-scipts (c) 2021-2022 Blackyfff +# freifunk-franken dns-scipts (c) 2021-2023 Blackyfff . ./dns-functions.sh @@ -24,6 +24,12 @@ GetLeaseEntriesInSubnet() { done } +OldSerial="$(GetZoneFileSerial "$ZoneTempFolder""db.""$Domain"".bkp")" +NewSerial="$(GetZoneFileSerial "$HoodZoneFile")" +[ $((OldSerial)) -gt 0 ] && [ $((OldSerial)) -lt $((NewSerial)) ] && ForceUpdate="1" + +ZoneTempFolder="$ZoneTempFolder""$Domain""/" + OldLeases="$(sed -e '/^;### Leases ###/,$!d;/^\s*\S\+\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Ss]\s/d' "$HoodZoneFile" | sed 1d)" if [ -f "/tmp/dhcp.leases" ]; then @@ -51,8 +57,7 @@ NewLeases="$(echo "$NewLeases" | UpdateZone="$(UpdateDNSSECEntryCache "$Domain" "$ZoneTempFolder" "$HoodZoneFile")" -if [ "$NewLeases" != "$OldLeases" ] || [ -n "$UpdateZone" ]; then - NewSerial="$(GetZoneFileSerial "$HoodZoneFile")" +if [ "$NewLeases" != "$OldLeases" ] || [ -n "$UpdateZone" ] || [ -n "$ForceUpdate" ]; then NewSerial=$((NewSerial+1)) sed -i -e 's/^\(\s*\)\(\S\+\)\(\s*;\s*Serial.*\)/\1'"$NewSerial"'\3/g' "$HoodZoneFile" sed -i -e '/^;### Leases ###/,$d' "$HoodZoneFile" @@ -65,4 +70,5 @@ if [ "$NewLeases" != "$OldLeases" ] || [ -n "$UpdateZone" ]; then cat "$KeyFile" >> "$HoodZoneFile" done ReloadZone "$Domain" "$View" "$ZoneFilesFolder" -fi \ No newline at end of file +fi +cp -f "$HoodZoneFile" "$ZoneTempFolder""db.""$Domain"".bkp" \ No newline at end of file