freifunk-franken
/
dns-scripts
6
1
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

fix: external zone links to internal; fix: hood zonefile creation; support for reverse entries w/o forward entries; simplifications

This commit is contained in:
Blackyfff 2021-01-21 19:21:25 +01:00
parent c27453d55d
commit f9a4228a03
4 changed files with 78 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
dns-functions.sh
View File

@ -83,6 +83,11 @@ GetReverseDomains() {
TraceErrAndExit "$1"" is no valid Subnet" TraceErrAndExit "$1"" is no valid Subnet"
fi fi
} }
ExpandHostname() {
Hostname="$1"
[ -n "${Hostname##*.}" ] && Hostname="$Hostname"".""$2"
echo "$Hostname"
}
GetServernameSEDEntry() { GetServernameSEDEntry() {
CommunityName="$1" CommunityName="$1"
ServerName="$DNSSCRIPT_SERVER_NAME" ServerName="$DNSSCRIPT_SERVER_NAME"
@ -94,13 +99,20 @@ GetServernameSEDEntry() {
echo "$ServerName" | sed -r 's/\./\\\./g' echo "$ServerName" | sed -r 's/\./\\\./g'
} }
NormalizeZoneFileFormatting() {
awk 'BEGIN{FS="\t"}{l=length($1);f=substr(" ", 1+length($1));
s=substr(" ", 1+length($2));
x=substr($0,length($1)+length($2)+3);
print $1 f " " $2 s " " x}'
}
GetOwnGlueRecords() { GetOwnGlueRecords() {
ServerName="$DNSSCRIPT_SERVER_NAME" ServerName="$DNSSCRIPT_SERVER_NAME"
if [ -n "${ServerName##*$1}" ]; then if [ -n "${ServerName##*$1}" ]; then
ServerName="$ServerName""$1" ServerName="$ServerName""$1"
fi fi
ServerName="$ServerName""." ServerName="$ServerName""."
sed -ne 's/^\s*'"$(GetServernameSEDEntry "$1")"'\(\s\+[Ii][Nn]\s\+\([Aa]\|[Aa]\{4\}\)\s\+.*\)$/'"$ServerName"'\2/p' "$2" sed -ne 's/^\s*'"$(GetServernameSEDEntry "$1")"'\s\+[Ii][Nn]\s\+\([Aa]\|[Aa]\{4\}\)\s\+\(.*\)$/'"$ServerName"'\tIN \2\t\3/p' "$2" | \
NormalizeZoneFileFormatting
} }
GetOwnHoods() { GetOwnHoods() {
Entries="$(sed -ne "s/^\s*\(\S*\).*\s\+[Ii][Nn]\s\+[Nn][Ss]\s\+""$(GetServernameSEDEntry "$1")""\s*;\s*Subnets:\s*\([^;]*\)/\1 \3/p" "$2")" Entries="$(sed -ne "s/^\s*\(\S*\).*\s\+[Ii][Nn]\s\+[Nn][Ss]\s\+""$(GetServernameSEDEntry "$1")""\s*;\s*Subnets:\s*\([^;]*\)/\1 \3/p" "$2")"
@ -153,7 +165,7 @@ ReloadZone() {
systemctl reload bind9 systemctl reload bind9
elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 1 ]; then elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 1 ]; then
for Zone in $2; do for Zone in $2; do
rndc reload "$1" IN "$Zone" rndc reload "$1" IN "$Zone" || touch "/tmp/dnsscript-forcereconf"
done done
elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 2 ]; then elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 2 ]; then
/etc/init.d/named reload /etc/init.d/named reload

68
update-dns.sh
View File

@ -6,7 +6,7 @@ set -e
# Communityconfig # Communityconfig
CommunityDomain="fff.community" CommunityDomain="fff.community"
CommunitySubnets="10.50.0/16 10.83.0/16 fd43:5602:29bd::/48" CommunitySubnets="10.50.0/16 10.83.0/16 fd43:5602:29bd::/48"
MasterFileRemoteLocation="https://git.freifunk-franken.de/freifunk-franken/dns/raw/branch/master/db.fff.community" RemoteLocation="https://git.freifunk-franken.de/freifunk-franken/dns/raw/branch/master/"
# Serverconfig # Serverconfig
export DNSSCRIPT_CONTACT_EMAIL=info.freifunk-herpf.de. export DNSSCRIPT_CONTACT_EMAIL=info.freifunk-herpf.de.
@ -16,13 +16,10 @@ UpdateScriptsFolder="/usr/lib/ffdns/"
ZoneFilesFolder="/etc/bind/fff/" ZoneFilesFolder="/etc/bind/fff/"
BindIncludeFileFolder="/etc/bind/" BindIncludeFileFolder="/etc/bind/"
# -1 -> disable bind restarting/reloading # -1 -> disable bind [restart|reload]
# 0 -> Debian (and like) systemctl [reload|restart] bind9 # 0 -> Debian (and like) systemctl [reload|restart] bind9
# 1 -> use rndc to [reload zone|restart] (recommended; rndc needs setup first) # 1 -> use rndc to [reload zone|reconfig] (recommended; rndc needs setup first)
# 2 -> OpenWRT /etc/init.d/named [reload|restart] # 2 -> OpenWRT /etc/init.d/named [reload|restart]
#
# Set -1 for first run to prevent exiting on error and let the script generate the config and zonefiles
# after first run edit your config and set appropriate value
export DNSSCRIPT_BIND_RELOAD_VER=0 export DNSSCRIPT_BIND_RELOAD_VER=0
# only necessary when rndc is used # only necessary when rndc is used
@ -38,6 +35,7 @@ ForwardZones="$CommunityDomain""/""$ZoneFilesFolder""db.""$CommunityDomain"
############################################################# #############################################################
cd "$UpdateScriptsFolder" cd "$UpdateScriptsFolder"
. ./dns-functions.sh . ./dns-functions.sh
MasterFile="$ZoneFilesFolder""db.""$CommunityDomain" MasterFile="$ZoneFilesFolder""db.""$CommunityDomain"
@ -49,7 +47,7 @@ BindExternalConf="$BindIncludeFileFolder""$CommunityDomain""-external.conf"
BindIcvpnAcl="$BindIncludeFileFolder""icvpn-acl.conf" BindIcvpnAcl="$BindIncludeFileFolder""icvpn-acl.conf"
PreFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")" PreFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")"
curl -s -S "$MasterFileRemoteLocation" --output "$MasterFile" curl -s -S -f "$RemoteLocation""db.""$CommunityDomain" --output "$MasterFile"
PostFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")" PostFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")"
if [ $((PostFetchMasterSerial)) -gt $((PreFetchMasterSerial)) ]; then if [ $((PostFetchMasterSerial)) -gt $((PreFetchMasterSerial)) ]; then
@ -58,20 +56,23 @@ fi
rm -f "$BindInternalConfTmp" rm -f "$BindInternalConfTmp"
rm -f "$BindExternalConfTmp" rm -f "$BindExternalConfTmp"
InsertZoneToIncludeFile "$CommunityDomain" "$ZoneFilesFolder""db.""$CommunityDomain" "$BindExternalConfTmp" InsertZoneToIncludeFile "$CommunityDomain" "$MasterFile" "$BindInternalConfTmp"
InsertZoneToIncludeFile "$CommunityDomain" "$ZoneFilesFolder""dbextern.""$CommunityDomain" "$BindExternalConfTmp"
for Subnet in $CommunitySubnets; do for Subnet in $CommunitySubnets; do
ReverseDomains="$(GetReverseDomains "$Subnet")" ReverseDomains="$(GetReverseDomains "$Subnet")"
for RDomain in $ReverseDomains; do for RDomain in $ReverseDomains; do
./update-rdnszone.sh "$RDomain" "$ForwardZones" "$ZoneFilesFolder" "$TTLReReExMi" "$InternalViews" ReverseZoneFile="$(GetReverseZoneFileFromZone "${RDomain%*.}")"
InsertZoneToIncludeFile "$RDomain" "$ZoneFilesFolder""$(GetReverseZoneFileFromZone "${RDomain%*.}")" "$BindInternalConfTmp" ! curl -s -f "$RemoteLocation""static.""$ReverseZoneFile" \
--output "$ZoneFilesFolder""static.""$ReverseZoneFile" && \
rm -f "$ZoneFilesFolder""static.""$ReverseZoneFile"
./update-rdnszone.sh "$RDomain" "$ForwardZones" "$ZoneFilesFolder""$ReverseZoneFile" "$TTLReReExMi" "$InternalViews"
InsertZoneToIncludeFile "$RDomain" "$ZoneFilesFolder""$ReverseZoneFile" "$BindInternalConfTmp"
done done
done done
InternFile="$MasterFile"
ExternFile="$ZoneFilesFolder""dbextern.""$CommunityDomain" ExternFile="$ZoneFilesFolder""dbextern.""$CommunityDomain"
Domain="$CommunityDomain" ./update-extzone.sh "$MasterFile" "$ExternFile" "$CommunityDomain" "$ExternalView"
./update-extzone.sh "$InternFile" "$ExternFile" "$Domain" "$ExternalView"
# set shorter TTL for Hoods # set shorter TTL for Hoods
TTLReReExMi="420 360 180 1800 360" TTLReReExMi="420 360 180 1800 360"
@ -79,39 +80,45 @@ TTLReReExMi="420 360 180 1800 360"
Hoods="$(GetOwnHoods "$CommunityDomain" "$MasterFile")" Hoods="$(GetOwnHoods "$CommunityDomain" "$MasterFile")"
for Hood in $Hoods; do for Hood in $Hoods; do
HoodSubDomain="${Hood%%\#*}" HoodDomain="${Hood%%\#*}"".""$CommunityDomain"
Subnets="$(echo "${Hood#*\#}" | sed -e 's/#/ /g')" Subnets="$(echo "${Hood#*\#}" | sed -e 's/#/ /g')"
HoodZoneFile="$ZoneFilesFolder""db.""$HoodSubDomain"".""$CommunityDomain" HoodZoneFile="$ZoneFilesFolder""db.""$HoodDomain"
if [ ! -f "$HoodZoneFile" ]; then if [ ! -f "$HoodZoneFile" ]; then
{ {
echo "\$TTL ${TTLReReExMi%% *}" echo "\$TTL ${TTLReReExMi%% *}"
echo "$HoodSubDomain"".""$CommunityDomain"". ${TTLReReExMi%% *} IN SOA $DNSSCRIPT_SERVER_NAME""."" $DNSSCRIPT_CONTACT_EMAIL 1 ${TTLReReExMi#* }" echo "@ IN SOA $DNSSCRIPT_SERVER_NAME""."" $DNSSCRIPT_CONTACT_EMAIL ("
echo "$HoodSubDomain"".""$CommunityDomain"". ${TTLReReExMi%% *} IN NS $DNSSCRIPT_SERVER_NAME"".""" echo " 1 ; Serial"
echo " ""$(echo "$TTLReReExMi" | awk '{print $2}')"" ; Refresh"
echo " ""$(echo "$TTLReReExMi" | awk '{print $3}')"" ; Retry"
echo " ""$(echo "$TTLReReExMi" | awk '{print $4}')"" ; Expire"
echo " ""$(echo "$TTLReReExMi" | awk '{print $5}')"" ) ; Negative Cache TTL"
echo ";"
echo "@ IN NS $DNSSCRIPT_SERVER_NAME""."""
GetOwnGlueRecords "$CommunityDomain" "$MasterFile" GetOwnGlueRecords "$CommunityDomain" "$MasterFile"
echo ";"
} > "$HoodZoneFile" } > "$HoodZoneFile"
fi fi
./update-hoodzone.sh "$HoodZoneFile" "$HoodSubDomain"".""$CommunityDomain" "$Subnets" "$InternalViews" ./update-hoodzone.sh "$HoodZoneFile" "$HoodDomain" "$Subnets" "$InternalViews"
InsertZoneToIncludeFile "$HoodSubDomain"".""$CommunityDomain" "$ZoneFilesFolder""db.""$HoodSubDomain"".""$CommunityDomain" "$BindExternalConfTmp"
HoodForwardZones="$ForwardZones $HoodSubDomain"".""$CommunityDomain""/""$ZoneFilesFolder""db.""$HoodSubDomain"".""$CommunityDomain" InsertZoneToIncludeFile "$HoodDomain" "$HoodZoneFile" "$BindInternalConfTmp"
InsertZoneToIncludeFile "$HoodDomain" "$ZoneFilesFolder""dbextern.""$HoodDomain" "$BindExternalConfTmp"
HoodForwardZones="$ForwardZones $HoodDomain""/""$HoodZoneFile"
for Subnet in $Subnets; do for Subnet in $Subnets; do
ReverseDomains="$(GetReverseDomains "$Subnet")" ReverseDomains="$(GetReverseDomains "$Subnet")"
for RDomain in $ReverseDomains; do for RDomain in $ReverseDomains; do
./update-rdnszone.sh "$RDomain" "$HoodForwardZones" "$ZoneFilesFolder" "$TTLReReExMi" "$InternalViews" ReverseZoneFileFullPath="$ZoneFilesFolder""$(GetReverseZoneFileFromZone "${RDomain%*.}")"
InsertZoneToIncludeFile "$RDomain" "$ZoneFilesFolder""$(GetReverseZoneFileFromZone "${RDomain%*.}")" "$BindInternalConfTmp" ./update-rdnszone.sh "$RDomain" "$HoodForwardZones" "$ReverseZoneFileFullPath" "$TTLReReExMi" "$InternalViews"
InsertZoneToIncludeFile "$RDomain" "$ReverseZoneFileFullPath" "$BindInternalConfTmp"
done done
done done
InternFile="$ZoneFilesFolder""db.""$HoodSubDomain"".""$CommunityDomain" ExternFile="$ZoneFilesFolder""dbextern.""$HoodDomain"
ExternFile="$ZoneFilesFolder""dbextern.""$HoodSubDomain"".""$CommunityDomain" ./update-extzone.sh "$HoodZoneFile" "$ExternFile" "$HoodDomain" "$ExternalView"
Domain="$HoodSubDomain"".""$CommunityDomain"
./update-extzone.sh "$InternFile" "$ExternFile" "$Domain" "$ExternalView"
done done
sed -i "1i include \"""$BindExternalConf""\";\n" "$BindInternalConfTmp"
./update-public-acl.sh "$BindIcvpnAclTmp" ./update-public-acl.sh "$BindIcvpnAclTmp"
ReConfigBind=1 ReConfigBind=1
UpdateBindConfig() { UpdateBindConfig() {
if [ -f "$1" ] && ! cmp -s "$1" "$2"; then if [ -f "$1" ] && ! cmp -s "$1" "$2"; then
@ -126,7 +133,7 @@ UpdateBindConfig "$BindIcvpnAclTmp" "$BindIcvpnAcl"
UpdateBindConfig "$BindInternalConfTmp" "$BindInternalConf" UpdateBindConfig "$BindInternalConfTmp" "$BindInternalConf"
UpdateBindConfig "$BindExternalConfTmp" "$BindExternalConf" UpdateBindConfig "$BindExternalConfTmp" "$BindExternalConf"
if [ $ReConfigBind -eq 0 ]; then if [ $ReConfigBind -eq 0 ] || [ -f "/tmp/dnsscript-forcereconf" ]; then
if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then
systemctl restart bind9 systemctl restart bind9
elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 1 ]; then elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 1 ]; then
@ -134,4 +141,5 @@ if [ $ReConfigBind -eq 0 ]; then
elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 2 ]; then elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 2 ]; then
/etc/init.d/named restart /etc/init.d/named restart
fi fi
fi rm -f "/tmp/dnsscript-forcereconf"
fi

5
update-hoodzone.sh
View File

@ -40,10 +40,7 @@ NewLeases="$(echo "$NewLeases" |
awk '!a[$0]++' | awk '!a[$0]++' |
# uncomment and duplicate to secure static DNS-Entries # uncomment and duplicate to secure static DNS-Entries
# sed -e '/^dns\s\+.*/d' | # sed -e '/^dns\s\+.*/d' |
awk 'BEGIN{FS="\t"}{l=length($1);f=substr(" ", 1+length($1)); NormalizeZoneFileFormatting)"
s=substr(" ", 1+length($2));
x=substr($0,length($1)+length($2)+3);
print $1 f " " $2 s " " x}' )"
if [ "$NewLeases" != "$OldLeases" ]; then if [ "$NewLeases" != "$OldLeases" ]; then
NewSerial="$(GetZoneFileSerial "$HoodZoneFile")" NewSerial="$(GetZoneFileSerial "$HoodZoneFile")"
NewSerial=$((NewSerial+1)) NewSerial=$((NewSerial+1))

47
update-rdnszone.sh
View File

@ -5,7 +5,7 @@
ReverseDomain="$1" ReverseDomain="$1"
ReverseZone="${ReverseDomain%*.}" ReverseZone="${ReverseDomain%*.}"
ForwardZones="$2" ForwardZones="$2"
ReverseZoneFile="$3""db.""$(echo "$ReverseZone" | awk -F. '{ printf $(NF-2);for(i=NF-3;i>0;--i) printf "."$i}')" ReverseZoneFile="$3"
TempDir="/tmp/""$ReverseZone" TempDir="/tmp/""$ReverseZone"
TTL="${4%% *}" TTL="${4%% *}"
ReReExMi="${4#* }" ReReExMi="${4#* }"
@ -18,7 +18,7 @@ GetIPEntries() {
IPPattern="[aA]\{4\}\s\+\([0-9a-f:]\+\)" IPPattern="[aA]\{4\}\s\+\([0-9a-f:]\+\)"
fi fi
sed -ne "s/^\s*\(\S\+\)\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+""$IPPattern"".*/\1\/\3/p" "$ForwardZoneFile" sed -ne "s/^\s*\(\S\+\)\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+""$IPPattern"".*/\1\/\3/p" "$1"
} }
ReverseEntry() { ReverseEntry() {
@ -40,13 +40,9 @@ fi
mkdir -p "$TempDir" mkdir -p "$TempDir"
for ForwardZone in $ForwardZones; do for ForwardZone in $ForwardZones; do
ZoneName="${ForwardZone%%/*}"
ZoneFile="${ForwardZone#*/}" ZoneFile="${ForwardZone#*/}"
named-checkzone -f text -i local -o "$TempDir/$ZoneName" -D "$ZoneName" "$ZoneFile" >/dev/null Serial="$(GetZoneFileSerial "$ZoneFile")"
Serial="$(GetZoneFileSerial "$TempDir/$ZoneName")"
NewReverseSerial=$((Serial + NewReverseSerial)) NewReverseSerial=$((Serial + NewReverseSerial))
ZoneRevNSSubnets="$(sed -ne 's/^\s*\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\s\+\(\S\+\).*;\s*Subnets:\s*\([^;]*\)$/\2@\3/p' "$ZoneFile" |
sed -e 's/\(.*[^\.]\)@/\1\.'"$ZoneName"'\.@/;s/@/ /;s/\s\+/@/g')"
done done
OldSerial="$(GetZoneFileSerial "$ReverseZoneFile")" OldSerial="$(GetZoneFileSerial "$ReverseZoneFile")"
@ -55,36 +51,43 @@ if [ $((NewReverseSerial)) -gt $((OldSerial)) ]; then
{ {
echo "$ReverseDomain $TTL IN SOA $DNSSCRIPT_SERVER_NAME""."" $DNSSCRIPT_CONTACT_EMAIL $NewReverseSerial $ReReExMi" echo "$ReverseDomain $TTL IN SOA $DNSSCRIPT_SERVER_NAME""."" $DNSSCRIPT_CONTACT_EMAIL $NewReverseSerial $ReReExMi"
echo "$ReverseDomain $TTL IN NS $DNSSCRIPT_SERVER_NAME"".""" echo "$ReverseDomain $TTL IN NS $DNSSCRIPT_SERVER_NAME""."""
Static="/""$ReverseZoneFile"
Static="${Static%/*}""/static.""${Static##*/}"
Static="${Static#*/}"
[ -f "$Static" ] && cat "$Static"
echo
} > "$TempDir/$ReverseZone" } > "$TempDir/$ReverseZone"
for NSSubnets in $ZoneRevNSSubnets; do for ForwardZone in $ForwardZones; do
Subnets="$(echo "${NSSubnets#*@}" | sed -e 's/@/ /g')" ZoneName="${ForwardZone%%/*}"
for Subnet in $Subnets; do ZoneFile="${ForwardZone#*/}"
for ReverseNS in $(GetReverseDomains "$Subnet"); do ZoneRevNSSubnets="$(sed -ne 's/^\s*\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\s\+\(\S\+\).*;\s*Subnets:\s*\([^;]*\)\s*\(;[^;]*\s*\)$/\2@\3/p' "$ZoneFile" |
if [ -n "$ReverseNS" ] && [ -z "${ReverseNS##*$ReverseDomain}" ]; then sed -e 's/\(.*[^\.]\)@/\1\.'"$ZoneName"'\.@/;s/@/ /;s/\s\+/@/g')"
echo "$ReverseNS $TTL IN NS ${NSSubnets%%@*}" >> "$TempDir/$ReverseZone" for NSSubnets in $ZoneRevNSSubnets; do
fi Subnets="$(echo "${NSSubnets#*@}" | sed -e 's/@/ /g')"
for Subnet in $Subnets; do
for ReverseNS in $(GetReverseDomains "$Subnet"); do
if [ -n "$ReverseNS" ] && [ -z "${ReverseNS##*$ReverseDomain}" ]; then
echo "$ReverseNS $TTL IN NS ${NSSubnets%%@*}" >> "$TempDir/$ReverseZone"
fi
done
done done
done done
done
for ForwardZoneFile in "$TempDir"/*; do IPEntries="$(GetIPEntries "$ZoneFile")"
if [ -n "${ForwardZoneFile##*$ReverseZone}" ]; then
IPEntries="$(GetIPEntries)"
for IPEntry in $IPEntries; do for IPEntry in $IPEntries; do
IP="${IPEntry#*/}" IP="${IPEntry#*/}"
# IP syntax checked by named-checkzone
IP="$(ReverseEntry "$IP")" IP="$(ReverseEntry "$IP")"
if [ -z "${IP##*$ReverseDomain}" ]; then if [ -z "${IP##*$ReverseDomain}" ]; then
Host="${IPEntry%/*}" Host="$(ExpandHostname "${IPEntry%%/*}" "$ZoneName"".")"
echo "$IP $TTL IN PTR $Host" >> "$TempDir/$ReverseZone" echo "$IP $TTL IN PTR $Host" >> "$TempDir/$ReverseZone"
fi fi
done done
fi
done done
named-checkzone -o "$ReverseZoneFile" "$ReverseDomain" "$TempDir/$ReverseZone" >/dev/null named-checkzone -o "$ReverseZoneFile" "$ReverseDomain" "$TempDir/$ReverseZone" >/dev/null
ReloadZone "$ReverseDomain" "$View" ReloadZone "$ReverseDomain" "$View"
fi fi
rm -r "$TempDir" rm -r "$TempDir"