Compare commits
3 Commits
cf7048384c
...
48914a9bfb
Author | SHA1 | Date |
---|---|---|
Blackyfff | 48914a9bfb | |
Blackyfff | 59a085736c | |
Blackyfff | 7c812e994a |
|
@ -1,7 +1,7 @@
|
||||||
|
|
||||||
# dns-scripts
|
# dns-scripts
|
||||||
Dieses Git enthält eine Sammlung an Scripten zur Aktualisierung der Zonen für fff.community.
|
Dieses Git enthält eine Sammlung an Scripten zur Aktualisierung der Zonen für fff.community.
|
||||||
Dabei werden aus der Forward-Zone und optional eigener Subdomain (durch community-Zonefile gesteuert) auch passende Reverse-Zonen für unsere internen RFC 1918 und RFC 4193 Adressen erzeugen.
|
Dabei werden aus der Forward-Zone und optional eigener Subdomain (durch community-Zonendatei gesteuert) auch passende Reverse-Zonen für unsere internen RFC 1918 und RFC 4193 Adressen erzeugt.
|
||||||
|
|
||||||
Es werden bei eigener Subdomain die momentan vergebenen Adressen von dnsmasq und odhcpd (alles unter /tmp/hosts/) inkludiert.
|
Es werden bei eigener Subdomain die momentan vergebenen Adressen von dnsmasq und odhcpd (alles unter /tmp/hosts/) inkludiert.
|
||||||
Das ermöglicht eine Namensauflösung für Freifunk-Teilnehmer ohne manuelle Konfiguration.
|
Das ermöglicht eine Namensauflösung für Freifunk-Teilnehmer ohne manuelle Konfiguration.
|
||||||
|
@ -9,7 +9,7 @@ Damit kann jeder Freifunk-Teilnehmer ein gültiges TLS-Zertifikat bekommen, sofe
|
||||||
|
|
||||||
Unterstützt wird Split-DNS für Freifunk-interne und -externe Anfragen, dabei kann auch eine Subdomain angelegt werden unter welcher nur extern erreichbare IPs herausgegeben werden.
|
Unterstützt wird Split-DNS für Freifunk-interne und -externe Anfragen, dabei kann auch eine Subdomain angelegt werden unter welcher nur extern erreichbare IPs herausgegeben werden.
|
||||||
|
|
||||||
DNSSEC wird für jede Zone unterstützt, allerdings nur für die Hauptzone mit mehreren Servern. Für Subdomainserver darf mit DNSSEC nur jeweils ein Server autoritativ sein.
|
DNSSEC wird für jede Zone unterstützt, allerdings nur für die Hauptzone mit mehreren Servern. Für Subdomainserver darf mit DNSSEC nur jeweils ein primärer Server autoritativ sein.
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ bind9
|
||||||
|
|
||||||
named-checkzone (z.B. bei bind oder bind-tools enthalten)
|
named-checkzone (z.B. bei bind oder bind-tools enthalten)
|
||||||
|
|
||||||
für DNSSEC: delv; bind9 >= 9.16.18
|
für DNSSEC: delv; bind9 >= 9.16.33/9.18.12; openssl
|
||||||
|
|
||||||
|
|
||||||
#### dns-scripts klonen
|
#### dns-scripts klonen
|
||||||
|
@ -216,7 +216,7 @@ Sofern noch nicht vorhanden wird dann eine neue Zonendatei für diese Subdomain
|
||||||
```
|
```
|
||||||
wie die Rootzonendatei editiert werden.
|
wie die Rootzonendatei editiert werden.
|
||||||
|
|
||||||
Sollten spezielle Konfigurationen für die views benötigt werden, können diese im Konfigurationsverzeichnis (/etc/ffdns) als Dateien im Format <View>.<Domain> abgelegt werden. Die dort enthaltenen Zeilen werden in die Konfiguration des Views geschrieben.
|
In den durch die Scripte angelegten Zonen des ersten internen View (bei DNSSEC die unsignierte Variante) können mit einer update-policy auch dynamisch Einträge gesetzt werden. Da bei DNSSEC diese Datei nicht über die Scripte von bind geladen wird, sollte diese in einem separaten View für Updates geladen werden.
|
||||||
|
|
||||||
### Subsubdomains
|
### Subsubdomains
|
||||||
|
|
||||||
|
|
|
@ -20,13 +20,17 @@ InsertZoneToViews() {
|
||||||
ZoneFilesFolder="$2"
|
ZoneFilesFolder="$2"
|
||||||
Domain="$3"
|
Domain="$3"
|
||||||
SourceFile="$4"
|
SourceFile="$4"
|
||||||
TempFolder="$5"
|
AdditionalZoneConfig="$5"
|
||||||
DNSSECPolicy="$6"
|
|
||||||
AdditionalZoneConfig="$7"
|
|
||||||
for View in $Views; do
|
for View in $Views; do
|
||||||
ZoneFile="$ZoneFilesFolder""db.""$View"".""$Domain"
|
ZoneFile="$ZoneFilesFolder""db.""$View"".""$Domain"
|
||||||
[ -f "$ZoneFile" ] || ln -s "$SourceFile" "$ZoneFile"
|
[ -f "$ZoneFile" ] || ln -s "$SourceFile" "$ZoneFile"
|
||||||
InsertZoneToIncludeFile "$Domain" "$ZoneFile" "$TempFolder""$View"".conf" "$DNSSECPolicy" "$AdditionalZoneConfig""$View""."
|
if [ -n "$DNSSCRIPT_DNSSECPolicy" ]; then
|
||||||
|
if [ ! -f "$ZoneFilesFolder""db.""$View"".""$Domain"".signed" ]; then
|
||||||
|
cp -f "$ZoneFile" "$ZoneFilesFolder""db.""$View"".""$Domain"".signed"
|
||||||
|
fi
|
||||||
|
ZoneFile="$ZoneFilesFolder""db.""$View"".""$Domain"".signed"
|
||||||
|
fi
|
||||||
|
InsertZoneToIncludeFile "$Domain" "$ZoneFile" "$DNSSCRIPT_TEMP_FOLDER""$View"".conf" "$DNSSCRIPT_DNSSECPolicy" "$AdditionalZoneConfig""$View""."
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
InsertZoneToIncludeFile() {
|
InsertZoneToIncludeFile() {
|
||||||
|
@ -39,9 +43,13 @@ InsertZoneToIncludeFile() {
|
||||||
{
|
{
|
||||||
echo "zone \"""$1""\" {"
|
echo "zone \"""$1""\" {"
|
||||||
echo " type master;"
|
echo " type master;"
|
||||||
[ -n "$4" ] && echo " dnssec-policy $4"";"
|
if [ -n "$4" ]; then
|
||||||
[ -n "$4" ] && echo " inline-signing yes;"
|
echo " dnssec-policy $4"";"
|
||||||
[ -n "$Additional" ] && echo "$Additional"
|
echo " update-policy {"
|
||||||
|
echo " grant local subdomain ""$1"". any;"
|
||||||
|
[ -n "$Additional" ] && echo "$Additional"
|
||||||
|
echo " };"
|
||||||
|
fi
|
||||||
echo " file \"""$2""\";"
|
echo " file \"""$2""\";"
|
||||||
echo "};"
|
echo "};"
|
||||||
} > "$3"
|
} > "$3"
|
||||||
|
@ -49,9 +57,13 @@ InsertZoneToIncludeFile() {
|
||||||
{
|
{
|
||||||
echo "zone \"""$1""\" {"
|
echo "zone \"""$1""\" {"
|
||||||
echo " type master;"
|
echo " type master;"
|
||||||
[ -n "$4" ] && echo " dnssec-policy $4"";"
|
if [ -n "$4" ]; then
|
||||||
[ -n "$4" ] && echo " inline-signing yes;"
|
echo " dnssec-policy $4"";"
|
||||||
[ -n "$Additional" ] && echo "$Additional"
|
echo " update-policy {"
|
||||||
|
echo " grant local subdomain ""$1"". any;"
|
||||||
|
[ -n "$Additional" ] && echo "$Additional"
|
||||||
|
echo " };"
|
||||||
|
fi
|
||||||
echo " file \"""$2""\";"
|
echo " file \"""$2""\";"
|
||||||
echo "};"
|
echo "};"
|
||||||
} >> "$3"
|
} >> "$3"
|
||||||
|
@ -215,17 +227,19 @@ GetOwnKeysForZone () {
|
||||||
if [ -n "$DNSSECKeyFolder" ];then
|
if [ -n "$DNSSECKeyFolder" ];then
|
||||||
for OwnKeyFile in "$DNSSECKeyFolder""K""$Domain"".+"*".key"; do
|
for OwnKeyFile in "$DNSSECKeyFolder""K""$Domain"".+"*".key"; do
|
||||||
if ! [ "$OwnKeyFile" = "$DNSSECKeyFolder""K""$Domain"".+*.key" ]; then
|
if ! [ "$OwnKeyFile" = "$DNSSECKeyFolder""K""$Domain"".+*.key" ]; then
|
||||||
Removed="$(sed -ne 's/^; Delete: \(\S\{12\}\).*/\1/p' "$OwnKeyFile")"
|
Removed="$(sed -ne 's/^; Inactive: \(\S\{12\}\).*/\1/p' "$OwnKeyFile")"
|
||||||
RemovedSeconds="$(date -u -d "$Removed" '+%s' 2>/dev/null)"
|
if [ -n "$Removed" ]; then
|
||||||
if [ -z "$RemovedSeconds" ]; then
|
RemovedISO="$( echo "$Removed" | sed -ne 's/\(.\{4\}\)\(.\{2\}\)\(.\{2\}\)\(.\{2\}\)\(.\{2\}\).*/\1-\2-\3T\4:\5/p')"
|
||||||
RemovedSeconds="$( echo "$Removed" | sed -ne 's/\(.\{4\}\)\(.\{2\}\)\(.\{2\}\)\(.\{2\}\)\(.\{2\}\).*/\1-\2-\3T\4:\5/p')"
|
RemovedSeconds="$(date -d "$RemovedISO" '+%s' 2>/dev/null)"
|
||||||
RemovedSeconds="$(date -u -d "$RemovedSeconds" '+%s' 2>/dev/null)"
|
[ -n "$RemovedSeconds" ] || RemovedSeconds="$(date -u -d "$Removed" '+%s' 2>/dev/null)"
|
||||||
fi
|
if [ -n "$RemovedSeconds" ]; then
|
||||||
if [ -n "$RemovedSeconds" ]; then
|
CurDate="$(date '+%s')"
|
||||||
CurDate="$(date -u '+%s')"
|
if [ $((RemovedSeconds)) -ge $((CurDate)) ]; then
|
||||||
if [ $((CurDate - RemovedSeconds)) -le 72000 ]; then
|
RemovedSeconds=""
|
||||||
RemovedSeconds=""
|
fi
|
||||||
fi
|
fi
|
||||||
|
else
|
||||||
|
RemovedSeconds=""
|
||||||
fi
|
fi
|
||||||
if [ -z "$RemovedSeconds" ]; then
|
if [ -z "$RemovedSeconds" ]; then
|
||||||
sed -ne '/^;/d;s/^'"$Domain"'\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Nn][Ss][Kk][Ee][Yy]\s\+\(.*\)$/_dnsseckeys\.'"$Domain"'\.\tIN TXT\t\"\2\"/p' "$OwnKeyFile" | \
|
sed -ne '/^;/d;s/^'"$Domain"'\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Nn][Ss][Kk][Ee][Yy]\s\+\(.*\)$/_dnsseckeys\.'"$Domain"'\.\tIN TXT\t\"\2\"/p' "$OwnKeyFile" | \
|
||||||
|
@ -241,7 +255,6 @@ UpdateDNSSECEntryCache () {
|
||||||
CachedZoneFile="$3"
|
CachedZoneFile="$3"
|
||||||
DNSSECKeyFolder="$4"
|
DNSSECKeyFolder="$4"
|
||||||
UpstreamIP="$5"
|
UpstreamIP="$5"
|
||||||
TempFolder="$6"
|
|
||||||
|
|
||||||
[ -z "$UpstreamIP" ] || UpstreamIP="-b""$UpstreamIP"
|
[ -z "$UpstreamIP" ] || UpstreamIP="-b""$UpstreamIP"
|
||||||
|
|
||||||
|
@ -257,7 +270,7 @@ UpdateDNSSECEntryCache () {
|
||||||
if [ "$Nameserver" = "$DNSSCRIPT_SERVER_NAME" ]; then
|
if [ "$Nameserver" = "$DNSSCRIPT_SERVER_NAME" ]; then
|
||||||
{
|
{
|
||||||
GetOwnKeysForZone "$DNSSECKeyFolder" "$Domain" | sort
|
GetOwnKeysForZone "$DNSSECKeyFolder" "$Domain" | sort
|
||||||
GetDSForZone "$DNSSECKeyFolder" "$Domain" "$TempFolder" | NormalizeZoneFileFormatting
|
GetDSForZone "$DNSSECKeyFolder" "$Domain" "$DNSSCRIPT_TEMP_FOLDER" | NormalizeZoneFileFormatting
|
||||||
} > "$ZoneTempFolder""Keys.""$Nameserver"
|
} > "$ZoneTempFolder""Keys.""$Nameserver"
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -305,20 +318,38 @@ UpdateDNSSECEntryCache () {
|
||||||
rm -f "$KeyFile"
|
rm -f "$KeyFile"
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
ReloadZone() {
|
ReloadZone() {
|
||||||
if [ -n "$2" ]; then
|
if [ -n "$2" ]; then
|
||||||
if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then
|
if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then
|
||||||
systemctl reload bind9 >/dev/null
|
systemctl reload bind9 >/dev/null
|
||||||
elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 1 ]; then
|
elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 1 ]; then
|
||||||
|
ZoneFilesFolder="$3"
|
||||||
for Zone in $2; do
|
for Zone in $2; do
|
||||||
if ! rndc reload "$1" IN "$Zone" 2>"/tmp/dnsscript_rndcerr" >/dev/null; then
|
if [ -z "$ZoneFilesFolder" ] || [ -f "$ZoneFilesFolder""db.""$Zone"".""$1" ]; then
|
||||||
if [ -n "$3" ] && grep -q "failed: out of range" "/tmp/dnsscript_rndcerr"; then
|
if [ -n "$DNSSCRIPT_DNSSECPolicy" ] && [ -n "$ZoneFilesFolder" ]; then
|
||||||
rndc sync -clean "$1" IN "$Zone" >/dev/null || touch "/tmp/dnsscript-forcereconf"
|
! rndc freeze "$1" IN "$Zone" >/dev/null
|
||||||
else
|
UnsignedZonefile="$ZoneFilesFolder""db.""$Zone"".""$1"
|
||||||
touch "/tmp/dnsscript-forcereconf"
|
SignedZonefile="$ZoneFilesFolder""db.""$Zone"".""$1"".signed"
|
||||||
|
NewSerial="$(GetZoneFileSerial "$UnsignedZonefile")"
|
||||||
|
named-checkzone -q -i none -o "$TmpFolder""tmp.zone" "$1" "$UnsignedZonefile"
|
||||||
|
OldSerial="$(GetZoneFileSerial "$SignedZonefile")"
|
||||||
|
if [ $((NewSerial)) -le $((OldSerial)) ]; then
|
||||||
|
OldSerial=$((OldSerial+1))
|
||||||
|
sed -i -e 's/^\(\s*\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\s\+\S\+\s\+\S\+\s\+\)'"$NewSerial"'\(\s\+.*\)$/\1'"$OldSerial"'\3/g' "$TmpFolder""tmp.zone"
|
||||||
|
fi
|
||||||
|
cp -f "$TmpFolder""tmp.zone" "$SignedZonefile"
|
||||||
|
! rndc reload "$1" IN "$Zone" >/dev/null
|
||||||
|
! rndc thaw "$1" IN "$Zone" >/dev/null
|
||||||
|
elif ! rndc reload "$1" IN "$Zone" 2>"/tmp/dnsscript_rndcerr" >/dev/null; then
|
||||||
|
if [ -n "$3" ] && grep -q "failed: out of range" "/tmp/dnsscript_rndcerr"; then
|
||||||
|
rndc sync -clean "$1" IN "$Zone" >/dev/null || touch "/tmp/dnsscript-forcereconf"
|
||||||
|
else
|
||||||
|
touch "/tmp/dnsscript-forcereconf"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
rm -f "/tmp/dnsscript_rndcerr"
|
||||||
fi
|
fi
|
||||||
rm -f "/tmp/dnsscript_rndcerr"
|
|
||||||
done
|
done
|
||||||
elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 2 ]; then
|
elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 2 ]; then
|
||||||
/etc/init.d/named reload >/dev/null
|
/etc/init.d/named reload >/dev/null
|
||||||
|
@ -389,7 +420,7 @@ GetDSForZone () {
|
||||||
Protocol="$(echo "$KSK" | sed -e 's/^[^ ]* [^ ]* //g;s/ .*//g')"
|
Protocol="$(echo "$KSK" | sed -e 's/^[^ ]* [^ ]* //g;s/ .*//g')"
|
||||||
Algo="$(echo "$KSK" | sed -e 's/^[^ ]* [^ ]* [^ ]* //g;s/ .*//g')"
|
Algo="$(echo "$KSK" | sed -e 's/^[^ ]* [^ ]* [^ ]* //g;s/ .*//g')"
|
||||||
KSK="$(echo "$KSK" | sed -e 's/^[^ ]* [^ ]* [^ ]* [^ ]* //g;s/ //g')"
|
KSK="$(echo "$KSK" | sed -e 's/^[^ ]* [^ ]* [^ ]* [^ ]* //g;s/ //g')"
|
||||||
echo -e "_cdskey.""$Domain"".\tIN TXT\t\"""$KeyID"" ""$Algo"" 2 ""$(GetDS "$Domain" "$KeyTag" "$Protocol" "$Algo" "$KSK" "$TmpFolder")""\""
|
echo "_cdskey.""$Domain"". IN TXT \"""$KeyID"" ""$Algo"" 2 ""$(GetDS "$Domain" "$KeyTag" "$Protocol" "$Algo" "$KSK" "$TmpFolder")""\""
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,15 +1,15 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# SPDX-License-Identifier: GPL-3.0
|
# SPDX-License-Identifier: GPL-3.0
|
||||||
#
|
#
|
||||||
# freifunk-franken dns-scipts (c) 2021-2022 Blackyfff
|
# freifunk-franken dns-scipts (c) 2021-2023 Blackyfff
|
||||||
|
|
||||||
SetupCache() {
|
SetupCache() {
|
||||||
mkdir -p "$TempFolder""cache"
|
mkdir -p "$DNSSCRIPT_TEMP_FOLDER""cache"
|
||||||
|
|
||||||
for IView in $InternalViews; do
|
for IView in $InternalViews; do
|
||||||
rm -f "$TempFolder""$IView"".conf"
|
rm -f "$DNSSCRIPT_TEMP_FOLDER""$IView"".conf"
|
||||||
done
|
done
|
||||||
rm -f "$TempFolder""$ExternalView"".conf"
|
rm -f "$DNSSCRIPT_TEMP_FOLDER""$ExternalView"".conf"
|
||||||
}
|
}
|
||||||
GetMasterFile() {
|
GetMasterFile() {
|
||||||
curl -s -S -f "$RemoteLocation""db.""$MasterDomain" --output "$CachedMasterFile" && \
|
curl -s -S -f "$RemoteLocation""db.""$MasterDomain" --output "$CachedMasterFile" && \
|
||||||
|
@ -19,7 +19,7 @@ GetMasterFile() {
|
||||||
echo "_dnsscript_version IN TXT ""$DNSSCRIPT_VERSION" | NormalizeZoneFileFormatting
|
echo "_dnsscript_version IN TXT ""$DNSSCRIPT_VERSION" | NormalizeZoneFileFormatting
|
||||||
} >> "$CachedMasterFile" || :
|
} >> "$CachedMasterFile" || :
|
||||||
if [ ! -f "$CachedMasterFile" ]; then
|
if [ ! -f "$CachedMasterFile" ]; then
|
||||||
cp "$ZoneFilesFolder""db.""$FirstInternalView"".""$MasterDomain" "$CachedMasterFile"
|
cp -f "$ZoneFilesFolder""db.""$FirstInternalView"".""$MasterDomain" "$CachedMasterFile"
|
||||||
sed -i -e '/^_dnsscript_version.*/,$d' "$CachedMasterFile"
|
sed -i -e '/^_dnsscript_version.*/,$d' "$CachedMasterFile"
|
||||||
echo "_dnsscript_version IN TXT ""$DNSSCRIPT_VERSION" | NormalizeZoneFileFormatting >> "$CachedMasterFile"
|
echo "_dnsscript_version IN TXT ""$DNSSCRIPT_VERSION" | NormalizeZoneFileFormatting >> "$CachedMasterFile"
|
||||||
fi
|
fi
|
||||||
|
@ -37,13 +37,14 @@ DoServeOnlyExternZone() {
|
||||||
}
|
}
|
||||||
RemoveDNSSECKeysFromCacheFile() {
|
RemoveDNSSECKeysFromCacheFile() {
|
||||||
sed -i -e '/^\s*_dnsseckeys\./d' "$CachedMasterFile"
|
sed -i -e '/^\s*_dnsseckeys\./d' "$CachedMasterFile"
|
||||||
|
sed -i -e '/^\s*_cdskey\./d' "$CachedMasterFile"
|
||||||
}
|
}
|
||||||
UpdateMasterZone() {
|
UpdateMasterZone() {
|
||||||
LocalMasterSerial=$((PostFetchMasterSerial))
|
LocalMasterSerial=$((PostFetchMasterSerial))
|
||||||
if [ -n "$ServeMasterZone" ]; then
|
if [ -n "$ServeMasterZone" ]; then
|
||||||
ZoneTempFolder="$TempFolder""cache/""$MasterDomain""/"
|
ZoneTempFolder="$DNSSCRIPT_TEMP_FOLDER""cache/""$MasterDomain""/"
|
||||||
|
|
||||||
UpdateMaster="$(UpdateDNSSECEntryCache "$MasterDomain" "$ZoneTempFolder" "$CachedMasterFile" "$DNSSECKeyFolder" "$InternalUpstreamIP" "$TempFolder")"
|
UpdateMaster="$(UpdateDNSSECEntryCache "$MasterDomain" "$ZoneTempFolder" "$CachedMasterFile" "$DNSSECKeyFolder" "$InternalUpstreamIP" )"
|
||||||
|
|
||||||
if [ $((PostFetchMasterSerial)) -gt $((PreFetchMasterSerial)) ] || [ -n "$UpdateMaster" ] || [ ! -f "$MasterFile" ]; then
|
if [ $((PostFetchMasterSerial)) -gt $((PreFetchMasterSerial)) ] || [ -n "$UpdateMaster" ] || [ ! -f "$MasterFile" ]; then
|
||||||
cp -f "$CachedMasterFile" "$CachedMasterFile""I"
|
cp -f "$CachedMasterFile" "$CachedMasterFile""I"
|
||||||
|
@ -64,16 +65,14 @@ UpdateMasterZone() {
|
||||||
ReloadZone "$MasterDomain" "$InternalViews" "$ZoneFilesFolder"
|
ReloadZone "$MasterDomain" "$InternalViews" "$ZoneFilesFolder"
|
||||||
|
|
||||||
fi
|
fi
|
||||||
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$MasterDomain" "$MasterFile" "$TempFolder" "$DNSSECPolicy"
|
|
||||||
if [ -n "$ExternalView" ]; then
|
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$MasterDomain" "$MasterFile"
|
||||||
InsertZoneToIncludeFile "$MasterDomain" "$ExternFile" "$TempFolder""$ExternalView"".conf" "$DNSSECPolicy"
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "$LocalMasterSerial"
|
echo "$LocalMasterSerial"
|
||||||
}
|
}
|
||||||
UpdateExternal() {
|
UpdateExternal() {
|
||||||
CachedZoneFile="$TempFolder""cache/db.""$InternalDomain""E"
|
CachedZoneFile="$DNSSCRIPT_TEMP_FOLDER""cache/db.""$InternalDomain""E"
|
||||||
|
|
||||||
UpdateExternView=0
|
UpdateExternView=0
|
||||||
if [ -n "$ExternalView" ] || [ -n "$ExternDomain" ]; then
|
if [ -n "$ExternalView" ] || [ -n "$ExternDomain" ]; then
|
||||||
|
@ -84,23 +83,40 @@ UpdateExternal() {
|
||||||
UpdateExternView=1
|
UpdateExternView=1
|
||||||
ReloadZone "$InternalDomain" "$ExternalView" "$ZoneFilesFolder"
|
ReloadZone "$InternalDomain" "$ExternalView" "$ZoneFilesFolder"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -n "$ExternalView" ]; then
|
||||||
|
InsertZoneToViews "$ExternalView" "$ZoneFilesFolder" "$InternalDomain" "$InternalZoneFile"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$ExternDomain" ]; then
|
if [ -n "$ExternDomain" ]; then
|
||||||
ExtDomainFile="$ZoneFilesFolder""db.""$FirstInternalView"".""$ExternDomain"
|
ExtDomainFile="$ZoneFilesFolder""db.""$FirstInternalView"".""$ExternDomain"
|
||||||
ZoneTempFolder="$TempFolder""cache/""$ExternDomain""/"
|
ZoneTempFolder="$DNSSCRIPT_TEMP_FOLDER""cache/""$ExternDomain""/"
|
||||||
cp -f "$ExternalZoneFile" "$CachedZoneFile"
|
named-checkzone -q -i none -o "$CachedZoneFile" "$InternalDomain" "$ExternalZoneFile"
|
||||||
|
InternalDomainSed="$(SEDifyHostname "$InternalDomain")"
|
||||||
|
ExternDomainSed="$(SEDifyHostname "$ExternDomain")"
|
||||||
|
|
||||||
|
if [ -n "$(sed -e '/^'"$ExternDomainSed"'\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\s/!d' "$CachedZoneFile")" ]; then
|
||||||
|
sed -i -e '/^'"$InternalDomainSed"'\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\s/d' "$CachedZoneFile"
|
||||||
|
sed -i -e 's/^'"$ExternDomainSed"'\.\(\s\)/@\1/g' "$CachedZoneFile"
|
||||||
|
fi
|
||||||
if [ -n "$DNSSECKeyFolder" ]; then
|
if [ -n "$DNSSECKeyFolder" ]; then
|
||||||
sed -i -e '/^\s*_dnsseckeys\./d' "$CachedZoneFile"
|
sed -i -e '/^_cdskey\./d' "$CachedZoneFile"
|
||||||
sed -i -e '/^\s*\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Nn][Ss][Kk][Ee][Yy]/d' "$CachedZoneFile"
|
sed -i -e '/^\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Nn][Ss][Kk][Ee][Yy]/d' "$CachedZoneFile"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
[ -n "$(sed -e '/^\s*\(@\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\)\s/!d' "$CachedZoneFile")" ] || \
|
[ -n "$(sed -e '/^\s*\(@\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Nn][Ss]\)\s/!d' "$CachedZoneFile")" ] || \
|
||||||
sed -i -e 's/^\s*\(@\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\)\s\+\S\+\s\+\S\+\s/\1 '"$DNSSCRIPT_SERVER_NAME"'. '"$DNSSCRIPT_CONTACT_EMAIL"' /g' "$CachedZoneFile"
|
sed -i -e 's/^\s*\(@\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Ss][Oo][Aa]\)\s\+\S\+\s\+\S\+\s/\1 '"$DNSSCRIPT_SERVER_NAME"'. '"$DNSSCRIPT_CONTACT_EMAIL"' /g' "$CachedZoneFile"
|
||||||
|
|
||||||
sed -i -e 's/^\s*'"$CommunityExternPrefix"'\s/@ /g;/^\s*\(@\|\S\+\.\)\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Ss]\s/d' "$CachedZoneFile"
|
sed -i -e '/^\S\+\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Ss]\s/d' "$CachedZoneFile"
|
||||||
|
sed -i -e '/^_dnsseckeys\./d' "$CachedZoneFile"
|
||||||
|
sed -i -e 's/^'"$InternalDomainSed"'\.\(\s\)/@\1/g' "$CachedZoneFile"
|
||||||
|
sed -i -e 's/^\(\S\+\)\.'"$InternalDomainSed"'\.\(\s\)/\1\2/g' "$CachedZoneFile"
|
||||||
|
|
||||||
|
echo "\$TTL ${TTLReReExMi%% *}" >> "$CachedZoneFile"
|
||||||
|
|
||||||
|
UpdateExternDomain="$(UpdateDNSSECEntryCache "$ExternDomain" "$ZoneTempFolder" "$CachedZoneFile" "$DNSSECKeyFolder" "$InternalUpstreamIP" )"
|
||||||
|
|
||||||
UpdateExternDomain="$(UpdateDNSSECEntryCache "$ExternDomain" "$ZoneTempFolder" "$CachedZoneFile" "$DNSSECKeyFolder" "$InternalUpstreamIP" "$TempFolder")"
|
|
||||||
if [ $UpdateExternView -ne 0 ] || [ -n "$UpdateExternDomain" ]; then
|
if [ $UpdateExternView -ne 0 ] || [ -n "$UpdateExternDomain" ]; then
|
||||||
for KeyFile in "$ZoneTempFolder"*; do
|
for KeyFile in "$ZoneTempFolder"*; do
|
||||||
[ "$KeyFile" = "$ZoneTempFolder""*" ] || \
|
[ "$KeyFile" = "$ZoneTempFolder""*" ] || \
|
||||||
|
@ -117,9 +133,8 @@ UpdateExternal() {
|
||||||
ReloadZone "$ExternDomain" "$InternalViews" "$ZoneFilesFolder"
|
ReloadZone "$ExternDomain" "$InternalViews" "$ZoneFilesFolder"
|
||||||
ReloadZone "$ExternDomain" "$ExternalView" "$ZoneFilesFolder"
|
ReloadZone "$ExternDomain" "$ExternalView" "$ZoneFilesFolder"
|
||||||
fi
|
fi
|
||||||
|
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$ExternDomain" "$ExtDomainFile"
|
||||||
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$ExternDomain" "$ExtDomainFile" "$TempFolder" "$DNSSECPolicy"
|
InsertZoneToViews "$ExternalView" "$ZoneFilesFolder" "$ExternDomain" "$ExtDomainFile"
|
||||||
InsertZoneToViews "$ExternalView" "$ZoneFilesFolder" "$ExternDomain" "$ExtDomainFile" "$TempFolder" "$DNSSECPolicy"
|
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
UpdateReverseZones() {
|
UpdateReverseZones() {
|
||||||
|
@ -134,7 +149,7 @@ UpdateReverseZones() {
|
||||||
fi
|
fi
|
||||||
./update-rdnszone.sh "$RDomain" "$2" "$ZoneFilesFolder""$ReverseZoneFile" "$TTLReReExMi" "$InternalViews"
|
./update-rdnszone.sh "$RDomain" "$2" "$ZoneFilesFolder""$ReverseZoneFile" "$TTLReReExMi" "$InternalViews"
|
||||||
for IView in $InternalViews; do
|
for IView in $InternalViews; do
|
||||||
InsertZoneToIncludeFile "${RDomain%*.}" "$ZoneFilesFolder""$ReverseZoneFile" "$TempFolder""$IView"".conf"
|
InsertZoneToIncludeFile "${RDomain%*.}" "$ZoneFilesFolder""$ReverseZoneFile" "$DNSSCRIPT_TEMP_FOLDER""$IView"".conf"
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
# exit script when command fails
|
# exit script when command fails
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
export DNSSCRIPT_VERSION="0.9.5"
|
export DNSSCRIPT_VERSION="1.0.0rc1"
|
||||||
|
|
||||||
. /etc/ffdns/community.conf
|
. /etc/ffdns/community.conf
|
||||||
. /etc/ffdns/local.conf
|
. /etc/ffdns/local.conf
|
||||||
|
@ -16,6 +16,10 @@ export DNSSCRIPT_VERSION="0.9.5"
|
||||||
export DNSSCRIPT_CONTACT_EMAIL
|
export DNSSCRIPT_CONTACT_EMAIL
|
||||||
export DNSSCRIPT_SERVER_NAME
|
export DNSSCRIPT_SERVER_NAME
|
||||||
export DNSSCRIPT_BIND_RELOAD_VER
|
export DNSSCRIPT_BIND_RELOAD_VER
|
||||||
|
DNSSCRIPT_DNSSECPolicy="$DNSSECPolicy"
|
||||||
|
export DNSSCRIPT_DNSSECPolicy
|
||||||
|
DNSSCRIPT_TEMP_FOLDER="$TempFolder"
|
||||||
|
export DNSSCRIPT_TEMP_FOLDER
|
||||||
|
|
||||||
cd /usr/lib/ffdns/
|
cd /usr/lib/ffdns/
|
||||||
. ./dns-functions.sh
|
. ./dns-functions.sh
|
||||||
|
@ -31,13 +35,11 @@ fi
|
||||||
FirstInternalView="$( echo "$InternalViews" | sed -e 's/\s.*//')"
|
FirstInternalView="$( echo "$InternalViews" | sed -e 's/\s.*//')"
|
||||||
# ForwardZones: "<Zone>/<Zonendatei>" ; optionaly multiple " ""<ZoneX>/<ZonendateiX>" no spaces in full filename
|
# ForwardZones: "<Zone>/<Zonendatei>" ; optionaly multiple " ""<ZoneX>/<ZonendateiX>" no spaces in full filename
|
||||||
ForwardZones="$MasterDomain""/""$ZoneFilesFolder""db.""$FirstInternalView"".""$MasterDomain"
|
ForwardZones="$MasterDomain""/""$ZoneFilesFolder""db.""$FirstInternalView"".""$MasterDomain"
|
||||||
BindIcvpnAclTmp="$TempFolder""icvpn-acl.conf"
|
[ -n "$DNSSCRIPT_DNSSECPolicy" ] || DNSSECKeyFolder=""
|
||||||
BindIcvpnAcl="$GeneratedIncludeFileFolder""icvpn-acl.conf"
|
|
||||||
[ -n "$DNSSECPolicy" ] || DNSSECKeyFolder=""
|
|
||||||
|
|
||||||
SetupCache
|
SetupCache
|
||||||
|
|
||||||
CachedMasterFile="$TempFolder""cache/db.""$MasterDomain"
|
CachedMasterFile="$DNSSCRIPT_TEMP_FOLDER""cache/db.""$MasterDomain"
|
||||||
PreFetchMasterSerial="$(GetZoneFileSerial "$CachedMasterFile")"
|
PreFetchMasterSerial="$(GetZoneFileSerial "$CachedMasterFile")"
|
||||||
GetMasterFile
|
GetMasterFile
|
||||||
PostFetchMasterSerial="$(GetZoneFileSerial "$CachedMasterFile")"
|
PostFetchMasterSerial="$(GetZoneFileSerial "$CachedMasterFile")"
|
||||||
|
@ -100,10 +102,10 @@ for Hood in $Hoods; do
|
||||||
echo ";"
|
echo ";"
|
||||||
} > "$HoodZoneFile"
|
} > "$HoodZoneFile"
|
||||||
fi
|
fi
|
||||||
ZoneTempFolder="$TempFolder""cache/"
|
ZoneTempFolder="$DNSSCRIPT_TEMP_FOLDER""cache/"
|
||||||
./update-hoodzone.sh "$HoodZoneFile" "$HoodDomain" "$Subnets" "$InternalViews" "$ZoneTempFolder" "$ZoneFilesFolder"
|
./update-hoodzone.sh "$HoodZoneFile" "$HoodDomain" "$Subnets" "$InternalViews" "$ZoneTempFolder" "$ZoneFilesFolder"
|
||||||
|
|
||||||
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$HoodDomain" "$HoodZoneFile" "$TempFolder" "$DNSSECPolicy" "/etc/ffdns/"
|
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$HoodDomain" "$HoodZoneFile" "/etc/ffdns/"
|
||||||
|
|
||||||
HoodForwardZones="$ForwardZones $HoodDomain""/""$HoodZoneFile"
|
HoodForwardZones="$ForwardZones $HoodDomain""/""$HoodZoneFile"
|
||||||
UpdateReverseZones "$Subnets" "$HoodForwardZones"
|
UpdateReverseZones "$Subnets" "$HoodForwardZones"
|
||||||
|
@ -123,9 +125,6 @@ for Hood in $Hoods; do
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$ExternFile" ]; then
|
if [ -n "$ExternFile" ]; then
|
||||||
if [ -n "$ExternalView" ]; then
|
|
||||||
InsertZoneToIncludeFile "$HoodDomain" "$ExternFile" "$TempFolder""$ExternalView"".conf" "$DNSSECPolicy"
|
|
||||||
fi
|
|
||||||
InternalZoneFile="$HoodZoneFile"
|
InternalZoneFile="$HoodZoneFile"
|
||||||
ExternalZoneFile="$ExternFile"
|
ExternalZoneFile="$ExternFile"
|
||||||
InternalDomain="$HoodDomain"
|
InternalDomain="$HoodDomain"
|
||||||
|
@ -135,8 +134,6 @@ for Hood in $Hoods; do
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
./update-public-acl.sh "$BindIcvpnAclTmp" "$RemoteLocation" "$RoutingTables"
|
|
||||||
|
|
||||||
ReConfigBind=0
|
ReConfigBind=0
|
||||||
UpdateBindConfig() {
|
UpdateBindConfig() {
|
||||||
if [ -f "$1" ] && ! cmp -s "$1" "$2"; then
|
if [ -f "$1" ] && ! cmp -s "$1" "$2"; then
|
||||||
|
@ -147,12 +144,11 @@ UpdateBindConfig() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
UpdateBindConfig "$BindIcvpnAclTmp" "$BindIcvpnAcl"
|
|
||||||
for IView in $InternalViews; do
|
for IView in $InternalViews; do
|
||||||
UpdateBindConfig "$TempFolder""$IView"".conf" "$GeneratedIncludeFileFolder""$IView"".conf"
|
UpdateBindConfig "$DNSSCRIPT_TEMP_FOLDER""$IView"".conf" "$GeneratedIncludeFileFolder""$IView"".conf"
|
||||||
done
|
done
|
||||||
if [ -n "$ExternalView" ]; then
|
if [ -n "$ExternalView" ]; then
|
||||||
UpdateBindConfig "$TempFolder""$ExternalView"".conf" "$GeneratedIncludeFileFolder""$ExternalView"".conf"
|
UpdateBindConfig "$DNSSCRIPT_TEMP_FOLDER""$ExternalView"".conf" "$GeneratedIncludeFileFolder""$ExternalView"".conf"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ $ReConfigBind -ne 0 ] || [ -f "/tmp/dnsscript-forcereconf" ]; then
|
if [ $ReConfigBind -ne 0 ] || [ -f "/tmp/dnsscript-forcereconf" ]; then
|
||||||
|
|
|
@ -24,12 +24,13 @@ GetLeaseEntriesInSubnet() {
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ZoneTempFolder="$ZoneTempFolder""$Domain""/"
|
||||||
|
|
||||||
OldSerial="$(GetZoneFileSerial "$ZoneTempFolder""db.""$Domain"".bkp")"
|
OldSerial="$(GetZoneFileSerial "$ZoneTempFolder""db.""$Domain"".bkp")"
|
||||||
NewSerial="$(GetZoneFileSerial "$HoodZoneFile")"
|
NewSerial="$(GetZoneFileSerial "$HoodZoneFile")"
|
||||||
|
ForceUpdate=""
|
||||||
[ $((OldSerial)) -gt 0 ] && [ $((OldSerial)) -lt $((NewSerial)) ] && ForceUpdate="1"
|
[ $((OldSerial)) -gt 0 ] && [ $((OldSerial)) -lt $((NewSerial)) ] && ForceUpdate="1"
|
||||||
|
|
||||||
ZoneTempFolder="$ZoneTempFolder""$Domain""/"
|
|
||||||
|
|
||||||
OldLeases="$(sed -e '/^;### Leases ###/,$!d;/^\s*\S\+\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Ss]\s/d' "$HoodZoneFile" | sed 1d)"
|
OldLeases="$(sed -e '/^;### Leases ###/,$!d;/^\s*\S\+\.\s\+\([0-9]*\s\)\?\s*[Ii][Nn]\s\+[Dd][Ss]\s/d' "$HoodZoneFile" | sed 1d)"
|
||||||
|
|
||||||
if [ -f "/tmp/dhcp.leases" ]; then
|
if [ -f "/tmp/dhcp.leases" ]; then
|
||||||
|
|
|
@ -1,87 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
# SPDX-License-Identifier: GPL-3.0
|
|
||||||
#
|
|
||||||
# freifunk-franken dns-scipts (c) 2021 Blackyfff
|
|
||||||
|
|
||||||
|
|
||||||
. ./dns-functions.sh
|
|
||||||
|
|
||||||
IncludeFile="$1"
|
|
||||||
RemoteLocation="$2"
|
|
||||||
Tables="$3"
|
|
||||||
|
|
||||||
rm -f "$IncludeFile"
|
|
||||||
|
|
||||||
if [ -z "$Tables" ]; then
|
|
||||||
# this is only a rude fallback and not recommended
|
|
||||||
# create your own file on a gateway with the community routing tables and use this one
|
|
||||||
RemoteFile="$(curl -s -S -f "$RemoteACL")"
|
|
||||||
if [ -n "$RemoteFile" ]; then
|
|
||||||
echo "$RemoteFile" > "$IncludeFile"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
Installed4Routes=""
|
|
||||||
Installed6Routes=""
|
|
||||||
for Table in $Tables; do
|
|
||||||
Installed4Routes="$(echo "$Installed4Routes" && ip -d -4 ro sh ta "$Table")"
|
|
||||||
Installed6Routes="$(echo "$Installed6Routes" && ip -d -6 ro sh ta "$Table")"
|
|
||||||
done
|
|
||||||
PublicSubs="$(echo "$Installed6Routes" | \
|
|
||||||
sed -e '/^unicast default from/!d;s/.* from \(\S\+\).*/\1/g')"
|
|
||||||
Privatev4Prefix="\(192\.168\.\|172\.\(1[6-9]\|2[0-9]\|3[01]\)\.\|10\.\)"
|
|
||||||
Privatev6Prefix="\([fF][cCdD][0-9a-fA-F]\{2\}:\)"
|
|
||||||
Publicv4Singles="$(echo "$Installed4Routes" | \
|
|
||||||
sed -e 's/^\S\+\s\+\(\S\+\)\s.*/\t\1;/g;/^\t'"$Privatev4Prefix"'\|^\t\(unreachable\|default\|0\.\)\|^$/d')"
|
|
||||||
Publicv6Singles="$(echo "$Installed6Routes" | \
|
|
||||||
sed -e 's/^\S\+\s\+\(\S\+\)\s.*/\1/g;/^'"$Privatev6Prefix"'\|^\(unreachable\|default\|::\|64:ff9b::\)\|^$/d')"
|
|
||||||
|
|
||||||
# the following code is not well optimized yet and may take a bit to process
|
|
||||||
# therefore it is not recommended to activate it on hardware-routers
|
|
||||||
# even in other environments it did not speed up bind9 measurable, its just for a smaller acl-file, e.g. for redistribution
|
|
||||||
|
|
||||||
#for Subnet in $PublicSubs; do
|
|
||||||
# SubnetIPFilled="$(FillIPv6Zeroes "$(echo "${Subnet%/*}" | awk '{print tolower($0)}')")"
|
|
||||||
# Mask="${Subnet##*/}"
|
|
||||||
# Statics=$((Mask / 4))
|
|
||||||
# BlockMask=$((Mask % 4))
|
|
||||||
# if [ $BlockMask -ne 0 ]; then
|
|
||||||
# BlockMask=$((4 - BlockMask))
|
|
||||||
# BlockMask=$((-1 << $BlockMask))
|
|
||||||
# SubnetBlock="$(printf %d 0x"$(echo "$SubnetIPFilled" | awk 'BEGIN{FS=""}{printf $'"$((Statics+1))"'}')")"
|
|
||||||
# SubnetBlock=$((SubnetBlock & BlockMask))
|
|
||||||
# fi
|
|
||||||
#
|
|
||||||
# SubnetStaticPart="$(echo "$SubnetIPFilled" | awk 'BEGIN{FS=""}{for(i='"$Statics"';i>0;i--) printf $i;}')"
|
|
||||||
#
|
|
||||||
# for Single in $Publicv6Singles; do
|
|
||||||
# IPFilled="$(FillIPv6Zeroes "$(echo "${Single%/*}" | awk '{print tolower($0)}')")"
|
|
||||||
# MaskIP="$( echo "$Single" | sed -e 's/^[^/]*\(\/\)\?//g')"
|
|
||||||
# MaskIP="${MaskIP:-128}"
|
|
||||||
# IsInSub="$([ $((Mask)) -le $((MaskIP)) ]; echo "$?")"
|
|
||||||
# if [ $IsInSub -eq 0 ]; then
|
|
||||||
# IPStaticPart="$(echo "$IPFilled" | awk 'BEGIN{FS=""}{for(i='"$Statics"';i>0;i--) printf $i;}')"
|
|
||||||
# IsInSub="$([ "$IPStaticPart" = "$SubnetStaticPart" ]; echo "$?")"
|
|
||||||
# fi
|
|
||||||
# if [ $IsInSub -eq 0 ] && [ $BlockMask -ne 0 ]; then
|
|
||||||
# IPBlock="$(printf %d 0x"$(echo "$IPFilled" | awk 'BEGIN{FS=""}{printf $'"$((Statics+1))"'}')")"
|
|
||||||
# IPBlock=$((IPBlock & BlockMask))
|
|
||||||
# IsInSub="$([ $IPBlock -eq $SubnetBlock ]; echo "$?")"
|
|
||||||
# fi
|
|
||||||
#
|
|
||||||
# ! [ $IsInSub -eq 0 ] \
|
|
||||||
# && NewSingles="$( [ -n "$NewSingles" ] && echo "$NewSingles"; echo "$Single")"
|
|
||||||
# done
|
|
||||||
# Publicv6Singles="$NewSingles"
|
|
||||||
# NewSingles=""
|
|
||||||
#done
|
|
||||||
|
|
||||||
{
|
|
||||||
echo "acl icvpnrange {"
|
|
||||||
echo " icvpnlocal;"
|
|
||||||
echo "$PublicSubs" | sed -e 's/\(.*\)/\t\1;/g'
|
|
||||||
echo "$(curl -s -S -f "$RemoteLocation""external.dnsserverips" | sed -e 's/^/\t/g;s/$/;/g')"
|
|
||||||
echo "$Publicv4Singles"
|
|
||||||
echo "$Publicv6Singles" | sed -e 's/\(.*\)/\t\1;/g'
|
|
||||||
echo "};"
|
|
||||||
} > "$IncludeFile"
|
|
||||||
fi
|
|
Loading…
Reference in New Issue