From 24bedeeac18b2d2092cf3ba4359123e975e26f2a Mon Sep 17 00:00:00 2001
From: A. Täffner <darkalex@firesplash.de>
Date: Fri, 22 Jan 2016 13:14:39 -0500
Subject: [PATCH] DNSSEC-Switch: Server modifications
---
server/plugins-available/bind_plugin.inc.php | 27 ++++++++++++++++++++++-----
1 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/server/plugins-available/bind_plugin.inc.php b/server/plugins-available/bind_plugin.inc.php
index bb65eef..6ba507c 100644
--- a/server/plugins-available/bind_plugin.inc.php
+++ b/server/plugins-available/bind_plugin.inc.php
@@ -133,7 +133,11 @@
if($return_status === 0) {
$app->log("Writing BIND domain file: ".$filename, LOGLEVEL_DEBUG);
} else {
- $app->log("Writing BIND domain file failed: ".$filename." ".implode(' ', $out), LOGLEVEL_WARN);
+ if($dns_config['disable_bind_log'] === 'y') {
+ $app->log("Writing BIND domain file failed: ".$filename." ".implode(' ', $out), LOGLEVEL_DEBUG);
+ } else {
+ $app->log("Writing BIND domain file failed: ".$filename." ".implode(' ', $out), LOGLEVEL_WARN);
+ }
rename($filename, $filename.'.err');
}
unset($tpl);
@@ -141,7 +145,15 @@
unset($records_out);
unset($zone);
}
-
+
+ //* DNSSEC-Implementation
+ if($data['old']['origin'] != $data['new']['origin']) {
+ if (@$data['old']['dnssec_initialized'] == 'Y' && strlen(@$data['old']['origin']) > 3) exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.escapeshellcmd($data['old']['origin'])); //delete old keys
+ if ($data['new']['dnssec_wanted'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-create.sh '.escapeshellcmd($data['new']['origin'])); //Create new keys for new origin
+ }
+ if ($data['new']['dnssec_wanted'] == 'Y' AND $data['new']['dnssec_initialized'] == 'N') if ($data['new']['dnssec_wanted'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-create.sh '.escapeshellcmd($data['new']['origin'])); //Create new keys for new origin
+ else if ($data['old']['dnssec_wanted'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-update.sh '.escapeshellcmd($data['new']['origin']));
+
//* rebuild the named.conf file if the origin has changed or when the origin is inserted.
//if($this->action == 'insert' || $data['old']['origin'] != $data['new']['origin']) {
$this->write_named_conf($data, $dns_config);
@@ -159,8 +171,9 @@
if(is_file($filename)) unlink($filename);
if(is_file($filename.'.err')) unlink($filename.'.err');
- }
-
+ if(is_file($filename.'.signed')) unlink($filename.'.signed');
+ }
+
//* Restart bind nameserver if update_acl is not empty, otherwise reload it
if($data['new']['update_acl'] != '') {
$app->services->restartServiceDelayed('bind', 'restart');
@@ -193,6 +206,9 @@
if(is_file($zone_file_name.'.err')) unlink($zone_file_name.'.err');
$app->log("Deleting BIND domain file: ".$zone_file_name, LOGLEVEL_DEBUG);
+ //* DNSSEC-Implementation
+ if ($data['old']['dnssec_initialized'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete keys
+
//* Reload bind nameserver
$app->services->restartServiceDelayed('bind', 'reload');
@@ -319,7 +335,7 @@
global $app, $conf;
//* Only write the master file for the current server
- $tmps = $app->db->queryAllRecords("SELECT origin, xfer, also_notify, update_acl FROM dns_soa WHERE active = 'Y' AND server_id=?", $conf["server_id"]);
+ $tmps = $app->db->queryAllRecords("SELECT origin, xfer, also_notify, update_acl, dnssec_initialized FROM dns_soa WHERE active = 'Y' AND server_id=?", $conf["server_id"]);
$zones = array();
//* Check if the current zone that triggered this function has at least one NS record
@@ -339,6 +355,7 @@
foreach($tmps as $tmp) {
$zone_file = $pri_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1));
+ if ($tmp['dnssec_initialized'] == 'Y') $zone_file .= '.signed' //.signed is for DNSSEC-Implementation
$options = '';
if(trim($tmp['xfer']) != '') {
--
Gitblit v1.9.1