routing tables fallback; external zone for direct access to external addresses
This commit is contained in:
parent
16bc1203f8
commit
fbd2c603ae
|
|
@ -115,9 +115,8 @@ GetOwnGlueRecords() {
|
|||
NormalizeZoneFileFormatting
|
||||
}
|
||||
GetOwnHoods() {
|
||||
Entries="$(sed -ne "s/^\s*\(\S*\)[^;]*\s\+[Ii][Nn]\s\+[Nn][Ss]\s\+""$(GetServernameSEDEntry "$1")""\s*;\s*Subnets:\s*\([^;]*\)/\1 \3/p" "$2")"
|
||||
Entries="$(echo "$Entries" | sed -r 's/\s+/#/g')"
|
||||
|
||||
Entries="$(sed -ne "s/^\s*\(\S*\).*\s\+[Ii][Nn]\s\+[Nn][Ss]\s\+""$(GetServernameSEDEntry "$1")""\s*;\s*Subnets:\s*\([^;]*\)/\1 \3/p" "$2")"
|
||||
Entries="$(echo "$Entries" | sed -e '/^[eE][xX][tT][eE][rR][nN]\s/d' | sed -r 's/\s+/#/g')"
|
||||
echo "$Entries"
|
||||
}
|
||||
IsValidIPv4Subnet() {
|
||||
|
|
|
|||
|
|
@ -15,6 +15,8 @@ export DNSSCRIPT_SERVER_NAME=dns.herpf.fff.community
|
|||
UpdateScriptsFolder="/usr/lib/ffdns/"
|
||||
ZoneFilesFolder="/etc/bind/fff/"
|
||||
BindIncludeFileFolder="/etc/bind/"
|
||||
# specify the bird/babel or other routing table[s]
|
||||
# if RoutingTables is empty, the ICVPN-ACL-List will be fetched remotely (for servers that are no gateways)
|
||||
RoutingTables="10"
|
||||
|
||||
# -1 -> disable bind [restart|reload]
|
||||
|
|
@ -58,7 +60,9 @@ fi
|
|||
rm -f "$BindInternalConfTmp"
|
||||
rm -f "$BindExternalConfTmp"
|
||||
InsertZoneToIncludeFile "$CommunityDomain" "$MasterFile" "$BindInternalConfTmp"
|
||||
InsertZoneToIncludeFile "extern.""$CommunityDomain" "$ZoneFilesFolder""dbextern.""$CommunityDomain" "$BindInternalConfTmp"
|
||||
InsertZoneToIncludeFile "$CommunityDomain" "$ZoneFilesFolder""dbextern.""$CommunityDomain" "$BindExternalConfTmp"
|
||||
InsertZoneToIncludeFile "extern.""$CommunityDomain" "$ZoneFilesFolder""dbextern.""$CommunityDomain" "$BindExternalConfTmp"
|
||||
|
||||
for Subnet in $CommunitySubnets; do
|
||||
ReverseDomains="$(GetReverseDomains "$Subnet")"
|
||||
|
|
@ -68,7 +72,7 @@ for Subnet in $CommunitySubnets; do
|
|||
--output "$ZoneFilesFolder""static.""$ReverseZoneFile" && \
|
||||
rm -f "$ZoneFilesFolder""static.""$ReverseZoneFile"
|
||||
./update-rdnszone.sh "$RDomain" "$ForwardZones" "$ZoneFilesFolder""$ReverseZoneFile" "$TTLReReExMi" "$InternalViews"
|
||||
InsertZoneToIncludeFile "$RDomain" "$ZoneFilesFolder""$ReverseZoneFile" "$BindInternalConfTmp"
|
||||
InsertZoneToIncludeFile "${RDomain%*.}" "$ZoneFilesFolder""$ReverseZoneFile" "$BindInternalConfTmp"
|
||||
done
|
||||
done
|
||||
|
||||
|
|
@ -102,7 +106,9 @@ for Hood in $Hoods; do
|
|||
./update-hoodzone.sh "$HoodZoneFile" "$HoodDomain" "$Subnets" "$InternalViews"
|
||||
|
||||
InsertZoneToIncludeFile "$HoodDomain" "$HoodZoneFile" "$BindInternalConfTmp"
|
||||
InsertZoneToIncludeFile "${Hood%%\#*}"".extern.""$CommunityDomain" "$ZoneFilesFolder""dbextern.""$HoodDomain" "$BindInternalConfTmp"
|
||||
InsertZoneToIncludeFile "$HoodDomain" "$ZoneFilesFolder""dbextern.""$HoodDomain" "$BindExternalConfTmp"
|
||||
InsertZoneToIncludeFile "${Hood%%\#*}"".extern.""$CommunityDomain" "$ZoneFilesFolder""dbextern.""$HoodDomain" "$BindExternalConfTmp"
|
||||
|
||||
HoodForwardZones="$ForwardZones $HoodDomain""/""$HoodZoneFile"
|
||||
for Subnet in $Subnets; do
|
||||
|
|
@ -110,7 +116,7 @@ for Hood in $Hoods; do
|
|||
for RDomain in $ReverseDomains; do
|
||||
ReverseZoneFileFullPath="$ZoneFilesFolder""$(GetReverseZoneFileFromZone "${RDomain%*.}")"
|
||||
./update-rdnszone.sh "$RDomain" "$HoodForwardZones" "$ReverseZoneFileFullPath" "$TTLReReExMi" "$InternalViews"
|
||||
InsertZoneToIncludeFile "$RDomain" "$ReverseZoneFileFullPath" "$BindInternalConfTmp"
|
||||
InsertZoneToIncludeFile "${RDomain%*.}" "$ReverseZoneFileFullPath" "$BindInternalConfTmp"
|
||||
done
|
||||
done
|
||||
|
||||
|
|
|
|||
|
|
@ -11,6 +11,13 @@ SerialIntern="$(GetZoneFileSerial "$InternalZoneFile")"
|
|||
SerialExtern="$(GetZoneFileSerial "$ExternalZoneFile")"
|
||||
|
||||
if [ $((SerialIntern)) -gt $((SerialExtern)) ]; then
|
||||
sed '/^[^;]*\s\(10.\|[fF][cdCD][0-9a-fA-F]\{2\}:\)\S*\s*\(;.*\)\?$/d' "$InternalZoneFile" > "$ExternalZoneFile"
|
||||
ZoneContent="$(sed -e '/^[^;]*\s\(10.\|[fF][cdCD][0-9a-fA-F]\{2\}:\)\S*\s*\(;.*\)\?$/d; \
|
||||
s/^[^;^@]*\s\+\([^;]*\)\s[Ii][Nn]\s\+[Ss][Oo][Aa]\s/@ \1 IN SOA /g' "$InternalZoneFile")"
|
||||
|
||||
[ -n "$( echo "$ZoneContent" | sed -e '/^[eE][xX][tT][eE][rR][nN]\s[^;]*\s[Ii][Nn]\s\+[Nn][Ss]/!d')" ] \
|
||||
&& ZoneContent="$(echo "$ZoneContent" | sed -e '/^@\s[^;]*\s[Ii][Nn]\s\+[Nn][Ss]\s/d; \
|
||||
s/^[eE][xX][tT][eE][rR][nN]\s\([^;]*\s[Ii][Nn]\s\+[Nn][Ss]\s.*\)/@ \1/g; \
|
||||
s/^\(@ [^;]* IN SOA\)\s\+\S\+\s\+\S\+\s/\1 '"$DNSSCRIPT_SERVER_NAME"'. '"$DNSSCRIPT_CONTACT_EMAIL"' /g')"
|
||||
echo "$ZoneContent" > "$ExternalZoneFile"
|
||||
ReloadZone "$ExternalZone" "$ExternalView"
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -8,25 +8,76 @@ Tables="$3"
|
|||
|
||||
rm -f "$IncludeFile"
|
||||
|
||||
Installed4Routes=""
|
||||
Installed6Routes=""
|
||||
for Table in $Tables; do
|
||||
Installed4Routes="$(echo "$Installed4Routes" && ip -4 ro sh ta "$Table")"
|
||||
Installed6Routes="$(echo "$Installed6Routes" && ip -6 ro sh ta "$Table")"
|
||||
done
|
||||
PublicSubs="$(echo "$Installed6Routes" | \
|
||||
sed -e '/^default from/!d;s/.* from \(\S\+\).*/\t\1;/g')"
|
||||
PrivatePrefix="\(192\.168\.\|172\.\(1[6-9]\|2[0-9]\|3[01]\)\.\|10\.\|[fF][cCdD][0-9a-fA-F]\{2\}:\)"
|
||||
PublicSingles="$(echo "$Installed4Routes" | \
|
||||
sed -e 's/^\(\S\+\)\s.*/\t\1;/g;/^\t'"$PrivatePrefix"'\|^\t\(default\|0\.\)\|^$/d' \
|
||||
&& echo "$Installed6Routes" | \
|
||||
sed -e 's/^\(\S\+\)\s.*/\t\1;/g;/^\t'"$PrivatePrefix"'\|^\t\(default\|::\|64:ff9b::\)\|^$/d')"
|
||||
if [ -z "$Tables" ]; then
|
||||
# this is only a rude fallback and not recommended
|
||||
# create your own file on a gateway with the community routing tables and use this one
|
||||
RemoteFile="$(curl -s -S -f "https://gw01.herpf.fff.community/ffdns/icvpn-acl.conf")"
|
||||
if [ -n "$RemoteFile" ]; then
|
||||
echo "$RemoteFile" > "$IncludeFile"
|
||||
fi
|
||||
else
|
||||
Installed4Routes=""
|
||||
Installed6Routes=""
|
||||
for Table in $Tables; do
|
||||
Installed4Routes="$(echo "$Installed4Routes" && ip -4 ro sh ta "$Table")"
|
||||
Installed6Routes="$(echo "$Installed6Routes" && ip -6 ro sh ta "$Table")"
|
||||
done
|
||||
PublicSubs="$(echo "$Installed6Routes" | \
|
||||
sed -e '/^default from/!d;s/.* from \(\S\+\).*/\1/g')"
|
||||
Privatev4Prefix="\(192\.168\.\|172\.\(1[6-9]\|2[0-9]\|3[01]\)\.\|10\.\)"
|
||||
Privatev6Prefix="\([fF][cCdD][0-9a-fA-F]\{2\}:\)"
|
||||
Publicv4Singles="$(echo "$Installed4Routes" | \
|
||||
sed -e 's/^\(\S\+\)\s.*/\t\1;/g;/^\t'"$Privatev4Prefix"'\|^\t\(unreachable\|default\|0\.\)\|^$/d')"
|
||||
Publicv6Singles="$(echo "$Installed6Routes" | \
|
||||
sed -e 's/^\(\S\+\)\s.*/\1/g;/^'"$Privatev6Prefix"'\|^\(unreachable\|default\|::\|64:ff9b::\)\|^$/d')"
|
||||
|
||||
# the following code is not well optimized yet and may take a bit to process
|
||||
# therefore it is not recommended to activate it on hardware-routers
|
||||
# even in other environments it did not speed up bind9 measurable, its just for a smaller acl-file, e.g. for redistribution
|
||||
|
||||
{
|
||||
echo "acl icvpnrange {"
|
||||
echo " icvpnlocal;"
|
||||
echo "$PublicSubs"
|
||||
echo "$(curl -s -S -f "$RemoteLocation""external.dnsserverips" | sed -e 's/^/\t/g;s/$/;/g')"
|
||||
echo "$PublicSingles"
|
||||
echo "};"
|
||||
} > "$IncludeFile"
|
||||
#for Subnet in $PublicSubs; do
|
||||
# SubnetIPFilled="$(FillIPv6Zeroes "$(echo "${Subnet%/*}" | awk '{print tolower($0)}')")"
|
||||
# Mask="${Subnet##*/}"
|
||||
# Statics=$((Mask / 4))
|
||||
# BlockMask=$((Mask % 4))
|
||||
# if [ $BlockMask -ne 0 ]; then
|
||||
# BlockMask=$((4 - BlockMask))
|
||||
# BlockMask=$((-1 << $BlockMask))
|
||||
# SubnetBlock="$(printf %d 0x"$(echo "$SubnetIPFilled" | awk 'BEGIN{FS=""}{printf $'"$((Statics+1))"'}')")"
|
||||
# SubnetBlock=$((SubnetBlock & BlockMask))
|
||||
# fi
|
||||
#
|
||||
# SubnetStaticPart="$(echo "$SubnetIPFilled" | awk 'BEGIN{FS=""}{for(i='"$Statics"';i>0;i--) printf $i;}')"
|
||||
#
|
||||
# for Single in $Publicv6Singles; do
|
||||
# IPFilled="$(FillIPv6Zeroes "$(echo "${Single%/*}" | awk '{print tolower($0)}')")"
|
||||
# MaskIP="$( echo "$Single" | sed -e 's/^[^/]*\(\/\)\?//g')"
|
||||
# MaskIP="${MaskIP:-128}"
|
||||
# IsInSub="$([ $((Mask)) -le $((MaskIP)) ]; echo "$?")"
|
||||
# if [ $IsInSub -eq 0 ]; then
|
||||
# IPStaticPart="$(echo "$IPFilled" | awk 'BEGIN{FS=""}{for(i='"$Statics"';i>0;i--) printf $i;}')"
|
||||
# IsInSub="$([ "$IPStaticPart" = "$SubnetStaticPart" ]; echo "$?")"
|
||||
# fi
|
||||
# if [ $IsInSub -eq 0 ] && [ $BlockMask -ne 0 ]; then
|
||||
# IPBlock="$(printf %d 0x"$(echo "$IPFilled" | awk 'BEGIN{FS=""}{printf $'"$((Statics+1))"'}')")"
|
||||
# IPBlock=$((IPBlock & BlockMask))
|
||||
# IsInSub="$([ $IPBlock -eq $SubnetBlock ]; echo "$?")"
|
||||
# fi
|
||||
#
|
||||
# ! [ $IsInSub -eq 0 ] \
|
||||
# && NewSingles="$( [ -n "$NewSingles" ] && echo "$NewSingles"; echo "$Single")"
|
||||
# done
|
||||
# Publicv6Singles="$NewSingles"
|
||||
# NewSingles=""
|
||||
#done
|
||||
|
||||
{
|
||||
echo "acl icvpnrange {"
|
||||
echo " icvpnlocal;"
|
||||
echo "$PublicSubs" | sed -e 's/\(.*\)/\t\1;/g'
|
||||
echo "$(curl -s -S -f "$RemoteLocation""external.dnsserverips" | sed -e 's/^/\t/g;s/$/;/g')"
|
||||
echo "$Publicv4Singles"
|
||||
echo "$Publicv6Singles" | sed -e 's/\(.*\)/\t\1;/g'
|
||||
echo "};"
|
||||
} > "$IncludeFile"
|
||||
fi
|
||||
|
|
|
|||
Loading…
Reference in New Issue