insert inline-signing; update for additional special view-config; handling for manual zone-file-changes
Signed-off-by: Blackyfff <freifunk@freifunk-herpf.de>
This commit is contained in:
parent
3831e98977
commit
cf7048384c
45
README.md
45
README.md
|
@ -67,7 +67,11 @@ acl icvpnlocal {
|
||||||
172.16.0.0/12;
|
172.16.0.0/12;
|
||||||
fc00::/7;
|
fc00::/7;
|
||||||
};
|
};
|
||||||
include "/etc/bind/icvpn-acl.conf"; # auto-generated
|
|
||||||
|
acl lo0 {
|
||||||
|
127.0.0.0/8;
|
||||||
|
::1/128;
|
||||||
|
};
|
||||||
|
|
||||||
[..]
|
[..]
|
||||||
|
|
||||||
|
@ -80,8 +84,27 @@ options {
|
||||||
|
|
||||||
[..]
|
[..]
|
||||||
|
|
||||||
|
view "external-view" {
|
||||||
|
match-destinations {
|
||||||
|
!icvpnlocal;
|
||||||
|
!lo0;
|
||||||
|
any;
|
||||||
|
};
|
||||||
|
match-clients {
|
||||||
|
!icvpnlocal;
|
||||||
|
!lo0;
|
||||||
|
any;
|
||||||
|
};
|
||||||
|
|
||||||
|
[..] # eigene Optionen
|
||||||
|
|
||||||
|
include "/etc/bind/external-view.conf"; # auto-generated
|
||||||
|
|
||||||
|
[..]
|
||||||
|
};
|
||||||
|
|
||||||
view "icvpn-internal-view" {
|
view "icvpn-internal-view" {
|
||||||
match-clients { icvpnrange; localhost; };
|
match-clients { any; };
|
||||||
allow-query-cache { any; };
|
allow-query-cache { any; };
|
||||||
recursion yes;
|
recursion yes;
|
||||||
|
|
||||||
|
@ -95,17 +118,6 @@ view "icvpn-internal-view" {
|
||||||
[..]
|
[..]
|
||||||
};
|
};
|
||||||
|
|
||||||
view "external-view" {
|
|
||||||
match-clients { any; };
|
|
||||||
|
|
||||||
[..] # eigene Optionen
|
|
||||||
|
|
||||||
include "/etc/bind/external-view.conf"; # auto-generated
|
|
||||||
|
|
||||||
[..]
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
[..]
|
[..]
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -139,7 +151,6 @@ view "icvpn-internal-dns64-view" {
|
||||||
match-destinations {
|
match-destinations {
|
||||||
<IPv6>; # eine separate Adresse ist für DNS64 notwendig
|
<IPv6>; # eine separate Adresse ist für DNS64 notwendig
|
||||||
};
|
};
|
||||||
match-clients { icvpnrange; localhost; };
|
|
||||||
allow-query-cache { any; };
|
allow-query-cache { any; };
|
||||||
recursion yes;
|
recursion yes;
|
||||||
dns64 64:ff9b::/96 {
|
dns64 64:ff9b::/96 {
|
||||||
|
@ -154,7 +165,7 @@ view "icvpn-internal-dns64-view" {
|
||||||
[..]
|
[..]
|
||||||
};
|
};
|
||||||
|
|
||||||
view "icvpn-internal-view" {
|
view "external-view" {
|
||||||
|
|
||||||
[..]
|
[..]
|
||||||
```
|
```
|
||||||
|
@ -187,7 +198,7 @@ Subdomains der Rootzone können von Root-Servern selbst oder auch von jedem ande
|
||||||
|
|
||||||
Subdomains sollten im folgenden Format angelegt werden
|
Subdomains sollten im folgenden Format angelegt werden
|
||||||
```
|
```
|
||||||
<Subdomain> IN NS <Serverhostname>[ ; Subnets:[ <SubnetzIPv4>/<Subnetzmaske>| <SubnetzIPv6>/<Subnetzmaske>]+]?
|
<Subdomain> IN NS <Serverhostname>[ ; Subnets:[ <SubnetzIPv4>/<Subnetzmaske>| <SubnetzIPv6>/<Subnetzmaske>]*]?
|
||||||
|
|
||||||
```
|
```
|
||||||
z.B.:
|
z.B.:
|
||||||
|
@ -205,6 +216,8 @@ Sofern noch nicht vorhanden wird dann eine neue Zonendatei für diese Subdomain
|
||||||
```
|
```
|
||||||
wie die Rootzonendatei editiert werden.
|
wie die Rootzonendatei editiert werden.
|
||||||
|
|
||||||
|
Sollten spezielle Konfigurationen für die views benötigt werden, können diese im Konfigurationsverzeichnis (/etc/ffdns) als Dateien im Format <View>.<Domain> abgelegt werden. Die dort enthaltenen Zeilen werden in die Konfiguration des Views geschrieben.
|
||||||
|
|
||||||
### Subsubdomains
|
### Subsubdomains
|
||||||
|
|
||||||
Auch unterhalb von bereits delegierten Subdomains können beliebig viele weitere Subdomains bedient werden.
|
Auch unterhalb von bereits delegierten Subdomains können beliebig viele weitere Subdomains bedient werden.
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# SPDX-License-Identifier: GPL-3.0
|
# SPDX-License-Identifier: GPL-3.0
|
||||||
#
|
#
|
||||||
# freifunk-franken dns-scipts (c) 2021-2022 Blackyfff
|
# freifunk-franken dns-scipts (c) 2021-2023 Blackyfff
|
||||||
|
|
||||||
GetZoneFileSerial() {
|
GetZoneFileSerial() {
|
||||||
if [ -f "$1" ]; then
|
if [ -f "$1" ]; then
|
||||||
|
@ -22,29 +22,39 @@ InsertZoneToViews() {
|
||||||
SourceFile="$4"
|
SourceFile="$4"
|
||||||
TempFolder="$5"
|
TempFolder="$5"
|
||||||
DNSSECPolicy="$6"
|
DNSSECPolicy="$6"
|
||||||
|
AdditionalZoneConfig="$7"
|
||||||
for View in $Views; do
|
for View in $Views; do
|
||||||
ZoneFile="$ZoneFilesFolder""db.""$View"".""$Domain"
|
ZoneFile="$ZoneFilesFolder""db.""$View"".""$Domain"
|
||||||
[ -f "$ZoneFile" ] || ln -s "$SourceFile" "$ZoneFile"
|
[ -f "$ZoneFile" ] || ln -s "$SourceFile" "$ZoneFile"
|
||||||
InsertZoneToIncludeFile "$Domain" "$ZoneFile" "$TempFolder""$View"".conf" "$DNSSECPolicy"
|
InsertZoneToIncludeFile "$Domain" "$ZoneFile" "$TempFolder""$View"".conf" "$DNSSECPolicy" "$AdditionalZoneConfig""$View""."
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
InsertZoneToIncludeFile() {
|
InsertZoneToIncludeFile() {
|
||||||
|
if [ -n "$5" ] && [ -f "$5""$1" ]; then
|
||||||
|
Additional="$(cat "$5""$1")"
|
||||||
|
else
|
||||||
|
Additional=""
|
||||||
|
fi
|
||||||
if [ ! -f "$3" ]; then
|
if [ ! -f "$3" ]; then
|
||||||
{
|
{
|
||||||
echo "zone \"""$1""\" {"
|
echo "zone \"""$1""\" {"
|
||||||
echo " type master;"
|
echo " type master;"
|
||||||
[ -n "$4" ] && echo " dnssec-policy $4"";"
|
[ -n "$4" ] && echo " dnssec-policy $4"";"
|
||||||
|
[ -n "$4" ] && echo " inline-signing yes;"
|
||||||
|
[ -n "$Additional" ] && echo "$Additional"
|
||||||
echo " file \"""$2""\";"
|
echo " file \"""$2""\";"
|
||||||
echo "};"
|
echo "};"
|
||||||
} > "$3"
|
} > "$3"
|
||||||
else
|
else
|
||||||
[ -n "$4" ] && Extra=" dnssec-policy $4"";\n" || Extra=""
|
{
|
||||||
|
echo "zone \"""$1""\" {"
|
||||||
sed -i "1i\
|
echo " type master;"
|
||||||
zone \"""$1""\" {\n\
|
[ -n "$4" ] && echo " dnssec-policy $4"";"
|
||||||
type master;\n""$Extra\
|
[ -n "$4" ] && echo " inline-signing yes;"
|
||||||
file \"""$2""\";\n\
|
[ -n "$Additional" ] && echo "$Additional"
|
||||||
};" "$3"
|
echo " file \"""$2""\";"
|
||||||
|
echo "};"
|
||||||
|
} >> "$3"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
GetAllNameservers() {
|
GetAllNameservers() {
|
||||||
|
|
|
@ -3,12 +3,12 @@
|
||||||
#
|
#
|
||||||
# freifunk-franken dns-scipts (c) 2016 mayosemmel
|
# freifunk-franken dns-scipts (c) 2016 mayosemmel
|
||||||
# (c) 2020-2021 Fabian Bläse
|
# (c) 2020-2021 Fabian Bläse
|
||||||
# (c) 2021-2022 Blackyfff
|
# (c) 2021-2023 Blackyfff
|
||||||
|
|
||||||
# exit script when command fails
|
# exit script when command fails
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
export DNSSCRIPT_VERSION="0.9.4"
|
export DNSSCRIPT_VERSION="0.9.5"
|
||||||
|
|
||||||
. /etc/ffdns/community.conf
|
. /etc/ffdns/community.conf
|
||||||
. /etc/ffdns/local.conf
|
. /etc/ffdns/local.conf
|
||||||
|
@ -100,10 +100,10 @@ for Hood in $Hoods; do
|
||||||
echo ";"
|
echo ";"
|
||||||
} > "$HoodZoneFile"
|
} > "$HoodZoneFile"
|
||||||
fi
|
fi
|
||||||
ZoneTempFolder="$TempFolder""cache/""$HoodDomain""/"
|
ZoneTempFolder="$TempFolder""cache/"
|
||||||
./update-hoodzone.sh "$HoodZoneFile" "$HoodDomain" "$Subnets" "$InternalViews" "$ZoneTempFolder" "$ZoneFilesFolder"
|
./update-hoodzone.sh "$HoodZoneFile" "$HoodDomain" "$Subnets" "$InternalViews" "$ZoneTempFolder" "$ZoneFilesFolder"
|
||||||
|
|
||||||
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$HoodDomain" "$HoodZoneFile" "$TempFolder" "$DNSSECPolicy"
|
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$HoodDomain" "$HoodZoneFile" "$TempFolder" "$DNSSECPolicy" "/etc/ffdns/"
|
||||||
|
|
||||||
HoodForwardZones="$ForwardZones $HoodDomain""/""$HoodZoneFile"
|
HoodForwardZones="$ForwardZones $HoodDomain""/""$HoodZoneFile"
|
||||||
UpdateReverseZones "$Subnets" "$HoodForwardZones"
|
UpdateReverseZones "$Subnets" "$HoodForwardZones"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# SPDX-License-Identifier: GPL-3.0
|
# SPDX-License-Identifier: GPL-3.0
|
||||||
#
|
#
|
||||||
# freifunk-franken dns-scipts (c) 2021-2022 Blackyfff
|
# freifunk-franken dns-scipts (c) 2021-2023 Blackyfff
|
||||||
|
|
||||||
|
|
||||||
. ./dns-functions.sh
|
. ./dns-functions.sh
|
||||||
|
@ -24,6 +24,12 @@ GetLeaseEntriesInSubnet() {
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
OldSerial="$(GetZoneFileSerial "$ZoneTempFolder""db.""$Domain"".bkp")"
|
||||||
|
NewSerial="$(GetZoneFileSerial "$HoodZoneFile")"
|
||||||
|
[ $((OldSerial)) -gt 0 ] && [ $((OldSerial)) -lt $((NewSerial)) ] && ForceUpdate="1"
|
||||||
|
|
||||||
|
ZoneTempFolder="$ZoneTempFolder""$Domain""/"
|
||||||
|
|
||||||
OldLeases="$(sed -e '/^;### Leases ###/,$!d;/^\s*\S\+\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Ss]\s/d' "$HoodZoneFile" | sed 1d)"
|
OldLeases="$(sed -e '/^;### Leases ###/,$!d;/^\s*\S\+\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Ss]\s/d' "$HoodZoneFile" | sed 1d)"
|
||||||
|
|
||||||
if [ -f "/tmp/dhcp.leases" ]; then
|
if [ -f "/tmp/dhcp.leases" ]; then
|
||||||
|
@ -51,8 +57,7 @@ NewLeases="$(echo "$NewLeases" |
|
||||||
|
|
||||||
UpdateZone="$(UpdateDNSSECEntryCache "$Domain" "$ZoneTempFolder" "$HoodZoneFile")"
|
UpdateZone="$(UpdateDNSSECEntryCache "$Domain" "$ZoneTempFolder" "$HoodZoneFile")"
|
||||||
|
|
||||||
if [ "$NewLeases" != "$OldLeases" ] || [ -n "$UpdateZone" ]; then
|
if [ "$NewLeases" != "$OldLeases" ] || [ -n "$UpdateZone" ] || [ -n "$ForceUpdate" ]; then
|
||||||
NewSerial="$(GetZoneFileSerial "$HoodZoneFile")"
|
|
||||||
NewSerial=$((NewSerial+1))
|
NewSerial=$((NewSerial+1))
|
||||||
sed -i -e 's/^\(\s*\)\(\S\+\)\(\s*;\s*Serial.*\)/\1'"$NewSerial"'\3/g' "$HoodZoneFile"
|
sed -i -e 's/^\(\s*\)\(\S\+\)\(\s*;\s*Serial.*\)/\1'"$NewSerial"'\3/g' "$HoodZoneFile"
|
||||||
sed -i -e '/^;### Leases ###/,$d' "$HoodZoneFile"
|
sed -i -e '/^;### Leases ###/,$d' "$HoodZoneFile"
|
||||||
|
@ -66,3 +71,4 @@ if [ "$NewLeases" != "$OldLeases" ] || [ -n "$UpdateZone" ]; then
|
||||||
done
|
done
|
||||||
ReloadZone "$Domain" "$View" "$ZoneFilesFolder"
|
ReloadZone "$Domain" "$View" "$ZoneFilesFolder"
|
||||||
fi
|
fi
|
||||||
|
cp -f "$HoodZoneFile" "$ZoneTempFolder""db.""$Domain"".bkp"
|
Loading…
Reference in New Issue