insert inline-signing; update for additional special view-config; handling for manual zone-file-changes

Signed-off-by: Blackyfff <freifunk@freifunk-herpf.de>

README.md

@@ -67,7 +67,11 @@ acl icvpnlocal {
 	172.16.0.0/12;
 	fc00::/7;
 };
-include "/etc/bind/icvpn-acl.conf"; # auto-generated
+
+acl lo0 {
+	127.0.0.0/8;
+	::1/128;
+};
 
 [..]
 
@@ -80,8 +84,27 @@ options {
 
 [..]
 
+view "external-view" {
+	match-destinations {
+		!icvpnlocal;
+		!lo0;
+		any;
+	};
+	match-clients {
+		!icvpnlocal;
+		!lo0;
+		any;
+	};
+
+	[..] # eigene Optionen
+	
+	include "/etc/bind/external-view.conf"; # auto-generated
+
+	[..]
+};
+
 view "icvpn-internal-view" {
-	match-clients { icvpnrange; localhost; };
+	match-clients { any; };
 	allow-query-cache { any; };
 	recursion yes;
 
@@ -95,17 +118,6 @@ view "icvpn-internal-view" {
 	[..]	
 };
 
-view "external-view" {
-	match-clients { any; };
-
-	[..] # eigene Optionen
-	
-	include "/etc/bind/external-view.conf"; # auto-generated
-
-	[..]
-};
-
-
 [..]
 ```
 
@@ -139,7 +151,6 @@ view "icvpn-internal-dns64-view" {
 	match-destinations {
 		<IPv6>; # eine separate Adresse ist für DNS64 notwendig
 	};
-	match-clients { icvpnrange; localhost; };
 	allow-query-cache { any; };
 	recursion yes;
 	dns64 64:ff9b::/96 {
@@ -154,7 +165,7 @@ view "icvpn-internal-dns64-view" {
 	[..]
 };
 
-view "icvpn-internal-view" {
+view "external-view" {
 
 [..]
 ```
@@ -187,7 +198,7 @@ Subdomains der Rootzone können von Root-Servern selbst oder auch von jedem ande
 
 Subdomains sollten im folgenden Format angelegt werden
 ```
-<Subdomain> IN NS <Serverhostname>[ ; Subnets:[ <SubnetzIPv4>/<Subnetzmaske>| <SubnetzIPv6>/<Subnetzmaske>]+]?
+<Subdomain> IN NS <Serverhostname>[ ; Subnets:[ <SubnetzIPv4>/<Subnetzmaske>| <SubnetzIPv6>/<Subnetzmaske>]*]?
 
 ```
 z.B.:
@@ -205,6 +216,8 @@ Sofern noch nicht vorhanden wird dann eine neue Zonendatei für diese Subdomain
 ```
 wie die Rootzonendatei editiert werden.
 
+Sollten spezielle Konfigurationen für die views benötigt werden, können diese im Konfigurationsverzeichnis (/etc/ffdns) als Dateien im Format <View>.<Domain> abgelegt werden. Die dort enthaltenen Zeilen werden in die Konfiguration des Views geschrieben.
+
 ### Subsubdomains
 
 Auch unterhalb von bereits delegierten Subdomains können beliebig viele weitere Subdomains bedient werden.

usr/lib/ffdns/dns-functions.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 # SPDX-License-Identifier: GPL-3.0
 #
-# freifunk-franken dns-scipts (c) 2021-2022 Blackyfff
+# freifunk-franken dns-scipts (c) 2021-2023 Blackyfff
 
 GetZoneFileSerial() {
 	if [ -f "$1" ]; then
@@ -22,29 +22,39 @@ InsertZoneToViews() {
 	SourceFile="$4"
 	TempFolder="$5"
 	DNSSECPolicy="$6"
+	AdditionalZoneConfig="$7"
 	for View in $Views; do
 		ZoneFile="$ZoneFilesFolder""db.""$View"".""$Domain"
 		[ -f "$ZoneFile" ] || ln -s "$SourceFile" "$ZoneFile"
-		InsertZoneToIncludeFile "$Domain" "$ZoneFile" "$TempFolder""$View"".conf" "$DNSSECPolicy"
+		InsertZoneToIncludeFile "$Domain" "$ZoneFile" "$TempFolder""$View"".conf" "$DNSSECPolicy" "$AdditionalZoneConfig""$View""."
 	done
 }
 InsertZoneToIncludeFile() {
+	if [ -n "$5" ] && [ -f "$5""$1" ]; then
+		Additional="$(cat "$5""$1")"
+	else
+		Additional=""
+	fi
 	if [ ! -f "$3" ]; then
 		{
 			echo "zone \"""$1""\" {"
 			echo "	type master;"
 			[ -n "$4" ] && echo "	dnssec-policy $4"";"
+			[ -n "$4" ] && echo "	inline-signing yes;"
+			[ -n "$Additional" ] && echo "$Additional"
 			echo "	file \"""$2""\";"
 			echo "};"
 		} > "$3"
 	else
-		[ -n "$4" ] && Extra="	dnssec-policy $4"";\n" || Extra=""
+		{
-		
+			echo "zone \"""$1""\" {"
-		sed -i "1i\
+			echo "	type master;"
-zone \"""$1""\" {\n\
+			[ -n "$4" ] && echo "	dnssec-policy $4"";"
-	type master;\n""$Extra\
+			[ -n "$4" ] && echo "	inline-signing yes;"
-	file \"""$2""\";\n\
+			[ -n "$Additional" ] && echo "$Additional"
-};" "$3"
+			echo "	file \"""$2""\";"
+			echo "};"
+		} >> "$3"
 	fi
 }
 GetAllNameservers() {

usr/lib/ffdns/update-dns.sh

@@ -3,12 +3,12 @@
 #
 # freifunk-franken dns-scipts (c) 2016      mayosemmel
 #                             (c) 2020-2021 Fabian Bläse
-#                             (c) 2021-2022 Blackyfff
+#                             (c) 2021-2023 Blackyfff
 
 # exit script when command fails
 set -e
 
-export DNSSCRIPT_VERSION="0.9.4"
+export DNSSCRIPT_VERSION="0.9.5"
 
 . /etc/ffdns/community.conf
 . /etc/ffdns/local.conf
@@ -53,7 +53,7 @@ if [ -n "$ServeMasterZone" ] || [ -n "$(DoServeOnlyExternZone)" ]; then
 	else
 		FileForExternGeneration="$CachedMasterFile"
 	fi
-
+	
 	if [ -n "$ExternalView" ]; then
 		ExternFile="$ZoneFilesFolder""db.""$ExternalView"".""$MasterDomain"
 	else
@@ -100,10 +100,10 @@ for Hood in $Hoods; do
 			echo ";"
 		} > "$HoodZoneFile"
 	fi
-	ZoneTempFolder="$TempFolder""cache/""$HoodDomain""/"
+	ZoneTempFolder="$TempFolder""cache/"
 	./update-hoodzone.sh "$HoodZoneFile" "$HoodDomain" "$Subnets" "$InternalViews" "$ZoneTempFolder" "$ZoneFilesFolder"
 	
-	InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$HoodDomain" "$HoodZoneFile" "$TempFolder" "$DNSSECPolicy"
+	InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$HoodDomain" "$HoodZoneFile" "$TempFolder" "$DNSSECPolicy" "/etc/ffdns/"
 	
 	HoodForwardZones="$ForwardZones $HoodDomain""/""$HoodZoneFile"
 	UpdateReverseZones "$Subnets" "$HoodForwardZones"

usr/lib/ffdns/update-hoodzone.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 # SPDX-License-Identifier: GPL-3.0
 #
-# freifunk-franken dns-scipts (c) 2021-2022 Blackyfff
+# freifunk-franken dns-scipts (c) 2021-2023 Blackyfff
 
 
 . ./dns-functions.sh
@@ -24,6 +24,12 @@ GetLeaseEntriesInSubnet() {
 	done
 }
 
+OldSerial="$(GetZoneFileSerial "$ZoneTempFolder""db.""$Domain"".bkp")"
+NewSerial="$(GetZoneFileSerial "$HoodZoneFile")"
+[ $((OldSerial)) -gt 0 ] && [ $((OldSerial)) -lt $((NewSerial)) ] && ForceUpdate="1"
+
+ZoneTempFolder="$ZoneTempFolder""$Domain""/"
+
 OldLeases="$(sed -e '/^;### Leases ###/,$!d;/^\s*\S\+\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Ss]\s/d' "$HoodZoneFile" | sed 1d)"
 
 if [ -f "/tmp/dhcp.leases" ]; then
@@ -51,8 +57,7 @@ NewLeases="$(echo "$NewLeases" |
 
 UpdateZone="$(UpdateDNSSECEntryCache "$Domain" "$ZoneTempFolder" "$HoodZoneFile")"
 
-if [ "$NewLeases" != "$OldLeases" ] || [ -n "$UpdateZone" ]; then
+if [ "$NewLeases" != "$OldLeases" ] || [ -n "$UpdateZone" ] || [ -n "$ForceUpdate" ]; then
-	NewSerial="$(GetZoneFileSerial "$HoodZoneFile")"
 	NewSerial=$((NewSerial+1))
 	sed -i -e 's/^\(\s*\)\(\S\+\)\(\s*;\s*Serial.*\)/\1'"$NewSerial"'\3/g' "$HoodZoneFile"
 	sed -i -e '/^;### Leases ###/,$d' "$HoodZoneFile"
@@ -65,4 +70,5 @@ if [ "$NewLeases" != "$OldLeases" ] || [ -n "$UpdateZone" ]; then
 		cat "$KeyFile" >> "$HoodZoneFile"
 	done
 	ReloadZone "$Domain" "$View" "$ZoneFilesFolder"
-fi
+fi
+cp -f "$HoodZoneFile" "$ZoneTempFolder""db.""$Domain"".bkp"