diff --git a/dns-functions.sh b/dns-functions.sh index 3ea2838..10b01b6 100755 --- a/dns-functions.sh +++ b/dns-functions.sh @@ -14,10 +14,12 @@ GetZoneFileSerial() { } InsertZoneToIncludeFile() { if [ ! -f "$3" ]; then - echo "zone \"""$1""\" {" > "$3" - echo " type master;" >> "$3" - echo " file \"""$2""\";" >> "$3" - echo "};" >> "$3" + { + echo "zone \"""$1""\" {" + echo " type master;" + echo " file \"""$2""\";" + echo "};" + } > "$3" else sed -i "1i\ zone \"""$1""\" {\n\ @@ -41,8 +43,8 @@ GetReverseIPv4Domains() { if [ $Filler -eq 0 ]; then echo "${RevDomain#.}" else - Filler=$((8 - $Filler)) - Filler=$((1 << $Filler)) + Filler=$((8 - Filler)) + Filler=$((1 << Filler)) Start=$(echo "$IPFilled" | awk -F. '{printf $'"$((Statics+1))"'}') Start=$((Start - Start % Filler)) for Sub in $(seq $Start $((Start + Filler - 1))); do @@ -51,20 +53,20 @@ GetReverseIPv4Domains() { fi } FillIPv6Zeroes() { - echo "$1" | awk -F: 'BEGIN {OFS=""}{ FillCount=9-NF; for(i=1;i<=NF;i++){if(length($i) == 0){if(i==NF) {$i="0000";} else {for(j=1;j<=FillCount;j++){$i=($i "0000");}}} else {$i=substr(("0000" $i), length($i)+1);}}; print}' + echo "$1" | awk -F: 'BEGIN{OFS=""}{FillCount=9-NF; for(i=1;i<=NF;i++){if(length($i)!=0||i==1||i==NF) {$i=substr(("0000" $i), length($i)+1);} else {for(j=1;j<=FillCount;j++){$i=($i "0000");}}}; print}' } GetReverseIPv6Domains() { IPFilled="$(FillIPv6Zeroes "$(echo "${1%/*}" | awk '{print tolower($0)}')")" Mask="${1##*/}" Statics=$((Mask / 4)) Filler=$((Mask % 4)) - RevDomain="$(echo "$IPFilled" | awk '{ for(i='"$Statics"';i>0;i--)x=x "." substr($0,i,1);}END{print x}')"".ip6.arpa." + RevDomain="$(echo "$IPFilled" | awk 'BEGIN{FS=""}{for(i='"$Statics"';i>0;i--) printf "." $i;}')"".ip6.arpa." if [ $Filler -eq 0 ]; then echo "${RevDomain#.}" else - Filler=$((4 - $Filler)) - Filler=$((1 << $Filler)) - Start="$(printf %d 0x"$(echo "$IPFilled" | awk 'BEGIN{FS=""}{printf $'"$((Statics+1))"'}')")" + Filler=$((4 - Filler)) + Filler=$((1 << Filler)) + Start="$(printf %d 0x"$(echo "$IPFilled" | awk 'BEGIN{FS=""}{printf $'"$((Statics+1))"'}')")" Start=$((Start - Start % Filler)) for Sub in $(seq $Start $((Start + Filler - 1))); do echo "$(printf %x "$Sub")""$RevDomain" @@ -77,6 +79,8 @@ GetReverseDomains() { GetReverseIPv4Domains "$Subnet" elif IsValidIPv6Subnet "$Subnet"; then GetReverseIPv6Domains "$Subnet" + else + TraceErrAndExit "$1"" is no valid Subnet" fi } GetServernameSEDEntry() { @@ -133,25 +137,30 @@ IPv4IsInSubnet() { SubnetStaticPart="$(echo "$SubnetIPFilled" | awk -F. '{for(i='"$Statics"';i>0;--i) printf "."$i}')" AreEqual="$([ "$IPStaticPart" = "$SubnetStaticPart" ]; echo "$?")" if [ $AreEqual -eq 0 ] && [ $BlockMask -ne 0 ]; then - BlockMask=$((8 - $BlockMask)) - BlockMask=$((-1 << $BlockMask)) + BlockMask=$((8 - BlockMask)) + BlockMask=$((-1 << BlockMask)) IPBlock=$(echo "$IPFilled" | awk -F. '{printf $'"$((Statics+1))"'}') SubnetBlock=$(echo "$SubnetIPFilled" | awk -F. '{printf $'"$((Statics+1))"'}') - IPBlock=$(($IPBlock & $BlockMask)) - SubnetBlock=$(($SubnetBlock & $BlockMask)) + IPBlock=$((IPBlock & BlockMask)) + SubnetBlock=$((SubnetBlock & BlockMask)) AreEqual="$([ $IPBlock -eq $SubnetBlock ]; echo "$?")" fi return $AreEqual } ReloadZone() { - if [ $DNSSCRIPT_BIND_RELOAD_VER -eq 0 ]; then + if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then systemctl reload bind9 - elif [ $DNSSCRIPT_BIND_RELOAD_VER -eq 1 ]; then + elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 1 ]; then for Zone in $2; do rndc reload "$1" IN "$Zone" done else /etc/init.d/named reload fi +} + +TraceErrAndExit() { + echo "$1" 1>&2 + exit 1 } \ No newline at end of file diff --git a/update-dns.sh b/update-dns.sh index 0e171e8..f3cc597 100755 --- a/update-dns.sh +++ b/update-dns.sh @@ -38,27 +38,30 @@ cd "$UpdateScriptsFolder" . ./dns-functions.sh MasterFile="$ZoneFilesFolder""db.""$CommunityDomain" +BindInternalConfTmp="/tmp/""$CommunityDomain""-internal.conf" +BindExternalConfTmp="/tmp/""$CommunityDomain""-external.conf" +BindIcvpnAclTmp="/tmp/icvpn-acl.conf" BindInternalConf="$BindIncludeFileFolder""$CommunityDomain""-internal.conf" BindExternalConf="$BindIncludeFileFolder""$CommunityDomain""-external.conf" BindIcvpnAcl="$BindIncludeFileFolder""icvpn-acl.conf" PreFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")" -curl "$MasterFileRemoteLocation" --output "$MasterFile" +curl -s -S "$MasterFileRemoteLocation" --output "$MasterFile" PostFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")" if [ $((PostFetchMasterSerial)) -gt $((PreFetchMasterSerial)) ]; then ReloadZone "$CommunityDomain" "$InternalViews" fi -rm -f "$BindExternalConf"".tmp" -rm -f "$BindInternalConf"".tmp" -InsertZoneToIncludeFile "$CommunityDomain" "$ZoneFilesFolder""db.""$CommunityDomain" "$BindExternalConf"".tmp" +rm -f "$BindInternalConfTmp" +rm -f "$BindInternalConfTmp" +InsertZoneToIncludeFile "$CommunityDomain" "$ZoneFilesFolder""db.""$CommunityDomain" "$BindExternalConfTmp" for Subnet in $CommunitySubnets; do ReverseDomains="$(GetReverseDomains "$Subnet")" for RDomain in $ReverseDomains; do ./update-rdnszone.sh "$RDomain" "$ForwardZones" "$ZoneFilesFolder" "$TTLReReExMi" "$InternalViews" - InsertZoneToIncludeFile "$RDomain" "$ZoneFilesFolder""$(GetReverseZoneFileFromZone "${RDomain%*.}")" "$BindInternalConf"".tmp" + InsertZoneToIncludeFile "$RDomain" "$ZoneFilesFolder""$(GetReverseZoneFileFromZone "${RDomain%*.}")" "$BindInternalConfTmp" done done @@ -77,20 +80,22 @@ for Hood in $Hoods; do Subnets="$(echo "${Hood#*\#}" | sed -e 's/#/ /g')" HoodZoneFile="$ZoneFilesFolder""db.""$HoodSubDomain"".""$CommunityDomain" if [ ! -f "$HoodZoneFile" ]; then - echo "\$TTL ${TTLReReExMi%% *}" > "$HoodZoneFile" - echo "$HoodSubDomain"".""$CommunityDomain"". ${TTLReReExMi%% *} IN SOA $DNSSCRIPT_SERVER_NAME""."" $DNSSCRIPT_CONTACT_EMAIL 1 ${TTLReReExMi#* }" >> "$HoodZoneFile" - echo "$HoodSubDomain"".""$CommunityDomain"". ${TTLReReExMi%% *} IN NS $DNSSCRIPT_SERVER_NAME"".""" >> "$HoodZoneFile" - echo "$(GetOwnGlueRecords "$CommunityDomain" "$MasterFile")" >> "$HoodZoneFile" + { + echo "\$TTL ${TTLReReExMi%% *}" + echo "$HoodSubDomain"".""$CommunityDomain"". ${TTLReReExMi%% *} IN SOA $DNSSCRIPT_SERVER_NAME""."" $DNSSCRIPT_CONTACT_EMAIL 1 ${TTLReReExMi#* }" + echo "$HoodSubDomain"".""$CommunityDomain"". ${TTLReReExMi%% *} IN NS $DNSSCRIPT_SERVER_NAME"".""" + GetOwnGlueRecords "$CommunityDomain" "$MasterFile" + } > "$HoodZoneFile" fi ./update-hoodzone.sh "$HoodZoneFile" "$HoodSubDomain"".""$CommunityDomain" "$Subnets" "$InternalViews" - InsertZoneToIncludeFile "$HoodSubDomain"".""$CommunityDomain" "$ZoneFilesFolder""db.""$HoodSubDomain"".""$CommunityDomain" "$BindExternalConf"".tmp" + InsertZoneToIncludeFile "$HoodSubDomain"".""$CommunityDomain" "$ZoneFilesFolder""db.""$HoodSubDomain"".""$CommunityDomain" "$BindExternalConfTmp" HoodForwardZones="$ForwardZones $HoodSubDomain"".""$CommunityDomain""/""$ZoneFilesFolder""db.""$HoodSubDomain"".""$CommunityDomain" for Subnet in $Subnets; do ReverseDomains="$(GetReverseDomains "$Subnet")" for RDomain in $ReverseDomains; do ./update-rdnszone.sh "$RDomain" "$HoodForwardZones" "$ZoneFilesFolder" "$TTLReReExMi" "$InternalViews" - InsertZoneToIncludeFile "$RDomain" "$ZoneFilesFolder""$(GetReverseZoneFileFromZone "${RDomain%*.}")" "$BindInternalConf"".tmp" + InsertZoneToIncludeFile "$RDomain" "$ZoneFilesFolder""$(GetReverseZoneFileFromZone "${RDomain%*.}")" "$BindInternalConfTmp" done done @@ -100,28 +105,28 @@ for Hood in $Hoods; do ./update-extzone.sh "$InternFile" "$ExternFile" "$Domain" "$ExternalView" done -sed -i "1i include \"""$BindExternalConf""\";\n" "$BindInternalConf"".tmp" -./update-public-acl.sh "$BindIcvpnAcl"".tmp" +sed -i "1i include \"""$BindExternalConf""\";\n" "$BindInternalConfTmp" +./update-public-acl.sh "$BindIcvpnAclTmp" ReConfigBind=1 UpdateBindConfig() { - if [ -f "$1"".tmp" ] && ! cmp -s "$1"".tmp" "$1"; then - mv "$1"".tmp" "$1" + if [ -f "$1" ] && ! cmp -s "$1" "$2"; then + mv "$1" "$2" ReConfigBind=0 else - rm -f "$1"".tmp" + rm -f "$1" fi } -UpdateBindConfig "$BindIcvpnAcl" -UpdateBindConfig "$BindInternalConf" -UpdateBindConfig "$BindExternalConf" +UpdateBindConfig "$BindIcvpnAclTmp" "$BindIcvpnAcl" +UpdateBindConfig "$BindInternalConfTmp" "$BindInternalConf" +UpdateBindConfig "$BindExternalConfTmp" "$BindExternalConf" if [ $ReConfigBind -eq 0 ]; then - if [ $DNSSCRIPT_BIND_RELOAD_VER -eq 0 ]; then + if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then systemctl restart bind9 - elif [ $DNSSCRIPT_BIND_RELOAD_VER -eq 1 ]; then + elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 1 ]; then rndc reconfig else /etc/init.d/named restart diff --git a/update-extzone.sh b/update-extzone.sh index 74c5aef..0925b8d 100755 --- a/update-extzone.sh +++ b/update-extzone.sh @@ -8,13 +8,9 @@ ExternalZone="$3" ExternalView="$4" SerialIntern="$(GetZoneFileSerial "$InternalZoneFile")" -if [ -f "$ExternalZoneFile" ]; then - SerialExtern="$(GetZoneFileSerial "$ExternalZoneFile")" -else - SerialExtern=0 -fi +SerialExtern="$(GetZoneFileSerial "$ExternalZoneFile")" -if [ $SerialIntern -gt $SerialExtern ]; then +if [ $((SerialIntern)) -gt $((SerialExtern)) ]; then sed '/^[^;]*\s\(10.\|[fF][cdCD][0-9a-fA-F]\{2\}:\)\S*\s*\(;.*\)\?$/d' "$InternalZoneFile" > "$ExternalZoneFile" ReloadZone "$ExternalZone" "$ExternalView" fi diff --git a/update-hoodzone.sh b/update-hoodzone.sh index 54dc71b..a08ed87 100755 --- a/update-hoodzone.sh +++ b/update-hoodzone.sh @@ -38,10 +38,10 @@ done NewLeases="$(echo "$NewLeases" | sed -ne 's/^\(\(\(\S\+\)'"$DomainReg"'\)\|\(\S\+\)\)\(.*\)$/\3\4\5/p' | awk '!a[$0]++' | -# uncomment and duplicate to secure static DNS-Entries +# uncomment and duplicate to secure static DNS-Entries # sed -e '/^dns\s\+.*/d' | awk 'BEGIN{FS="\t"}{l=length($1);f=substr(" ", 1+length($1)); - s=substr(" ", 1+length($2)); + s=substr(" ", 1+length($2)); x=substr($0,length($1)+length($2)+3); print $1 f " " $2 s " " x}' )" if [ "$NewLeases" != "$OldLeases" ]; then @@ -49,7 +49,9 @@ if [ "$NewLeases" != "$OldLeases" ]; then NewSerial=$((NewSerial+1)) sed -i -e 's/^\(\s*\)\(\S\+\)\(\s*;\s*Serial.*\)/\1'"$NewSerial"'\3/g' "$HoodZoneFile" sed -i -e '/^;### Leases ###/,$d' "$HoodZoneFile" - echo ";### Leases ###" >> "$HoodZoneFile" - echo "$NewLeases" >> "$HoodZoneFile" + { + echo ";### Leases ###" + echo "$NewLeases" + } >> "$HoodZoneFile" ReloadZone "$Domain" "$View" fi diff --git a/update-public-acl.sh b/update-public-acl.sh index ff660b6..446c556 100755 --- a/update-public-acl.sh +++ b/update-public-acl.sh @@ -6,10 +6,11 @@ IncludeFile="$1" rm -f "$IncludeFile" -echo "acl icvpnrange {" > "$IncludeFile" -echo " icvpnlocal;" >> "$IncludeFile" - -echo "dump" | nc ::1 33123 | \ -sed -e '/add route/!d;/installed yes/!d;/\(from ::\/0\|from 0\.0\.0\.0\/0\)/d;' | \ -sed -ne 's/^.*from \(\S\+\).*/\t\1;/p' >> "$IncludeFile" -echo "};" >> "$IncludeFile" +{ + echo "acl icvpnrange {" + echo " icvpnlocal;" + echo "dump" | nc ::1 33123 | \ + sed -e '/add route/!d;/installed yes/!d;/\(from ::\/0\|from 0\.0\.0\.0\/0\)/d;' | \ + sed -ne 's/^.*from \(\S\+\).*/\t\1;/p' + echo "};" +} > "$IncludeFile" diff --git a/update-rdnszone.sh b/update-rdnszone.sh index e9bbaab..a89ad8a 100755 --- a/update-rdnszone.sh +++ b/update-rdnszone.sh @@ -18,7 +18,7 @@ GetIPEntries() { IPPattern="[aA]\{4\}\s\+\([0-9a-f:]\+\)" fi - sed -ne "s/^\s*\(\S\+\)\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+""$IPPattern"".*/\1\/\3/p" "$TempDir/$ForwardZoneFile" + sed -ne "s/^\s*\(\S\+\)\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+""$IPPattern"".*/\1\/\3/p" "$ForwardZoneFile" } ReverseEntry() { @@ -34,8 +34,7 @@ if [ -z "${ReverseDomain##*.in-addr.arpa.}" ]; then elif [ -z "${ReverseDomain##*.ip6.arpa.}" ]; then RZoneIsIPv6=1 else - echo "No valid ReverseDomain" 1>&2 - exit 1 + TraceErrAndExit "$ReverseDomain"" is no valid reverse domain" fi mkdir -p "$TempDir" @@ -43,18 +42,20 @@ mkdir -p "$TempDir" for ForwardZone in $ForwardZones; do ZoneName="${ForwardZone%%/*}" ZoneFile="${ForwardZone#*/}" - named-checkzone -f text -i local -o "$TempDir/$ZoneName" -D "$ZoneName" "$ZoneFile" >/dev/null 2>&1 + named-checkzone -f text -i local -o "$TempDir/$ZoneName" -D "$ZoneName" "$ZoneFile" >/dev/null Serial="$(GetZoneFileSerial "$TempDir/$ZoneName")" NewReverseSerial=$((Serial + NewReverseSerial)) - ZoneRevNSSubnets="$(sed -ne 's/^\s*\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\s\+\(\S\+\)\s*.*;\s*Subnets:\s*\([^;]*\)$/\2@\3/p' "$ZoneFile" | - sed -e 's/\(.*[^\.]\)@/\1\.'"$ZoneName"'\.@/;s/@/ /;s/\s\+/@/g')" + ZoneRevNSSubnets="$(sed -ne 's/^\s*\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\s\+\(\S\+\).*;\s*Subnets:\s*\([^;]*\)$/\2@\3/p' "$ZoneFile" | + sed -e 's/\(.*[^\.]\)@/\1\.'"$ZoneName"'\.@/;s/@/ /;s/\s\+/@/g')" done - OldSerial=$(GetZoneFileSerial "$ReverseZoneFile") +OldSerial="$(GetZoneFileSerial "$ReverseZoneFile")" -if [ $NewReverseSerial -gt $OldSerial ]; then - echo "$ReverseDomain $TTL IN SOA $DNSSCRIPT_SERVER_NAME""."" $DNSSCRIPT_CONTACT_EMAIL $NewReverseSerial $ReReExMi" > "$TempDir/$ReverseZone" - echo "$ReverseDomain $TTL IN NS $DNSSCRIPT_SERVER_NAME"".""" >> "$TempDir/$ReverseZone" +if [ $((NewReverseSerial)) -gt $((OldSerial)) ]; then + { + echo "$ReverseDomain $TTL IN SOA $DNSSCRIPT_SERVER_NAME""."" $DNSSCRIPT_CONTACT_EMAIL $NewReverseSerial $ReReExMi" + echo "$ReverseDomain $TTL IN NS $DNSSCRIPT_SERVER_NAME"".""" + } > "$TempDir/$ReverseZone" for NSSubnets in $ZoneRevNSSubnets; do Subnets="$(echo "${NSSubnets#*@}" | sed -e 's/@/ /g')" @@ -66,8 +67,8 @@ if [ $NewReverseSerial -gt $OldSerial ]; then done done done - - for ForwardZoneFile in $(ls $TempDir); do + for ForwardZoneFile in "$TempDir"/*; do + if [ -n "${ForwardZoneFile##*$ReverseZone}" ]; then IPEntries="$(GetIPEntries)" for IPEntry in $IPEntries; do @@ -79,9 +80,10 @@ if [ $NewReverseSerial -gt $OldSerial ]; then echo "$IP $TTL IN PTR $Host" >> "$TempDir/$ReverseZone" fi done + fi done - named-checkzone -o "$ReverseZoneFile" "$ReverseDomain" "$TempDir/$ReverseZone" >/dev/null 2>&1 + named-checkzone -o "$ReverseZoneFile" "$ReverseDomain" "$TempDir/$ReverseZone" >/dev/null ReloadZone "$ReverseDomain" "$View" fi