updates for more flags
This commit is contained in:
@@ -10,7 +10,7 @@ use Martnet::DDNS;
|
||||
|
||||
# Hidden-master unified include generator.
|
||||
#
|
||||
# - Generates /etc/bind/unified.zones.9
|
||||
# - Generates /var/lib/bind/unified.zones.9
|
||||
# - Creates missing zonefiles for any emitted zones (minimal skeleton)
|
||||
# - Deterministic output; only rewrites include file if content changes
|
||||
#
|
||||
@@ -19,13 +19,15 @@ use Martnet::DDNS;
|
||||
# - Does NOT attempt to infer DNSSEC (you are removing _dnssec entirely).
|
||||
# - Filters out private.invalid (core static config) and _pureslave (slave-only).
|
||||
|
||||
my $out = '/etc/bind/unified.zones.9';
|
||||
my $out = '/var/lib/bind/unified.zones.9';
|
||||
my $self_master = undef; # if unset, uses $ddns->default_master()
|
||||
my $force_zf = 0; # overwrite existing zonefiles too
|
||||
my $force_out = 0; # rewrite unified include even if identical
|
||||
my $reload_cmd = '/usr/sbin/rndc';
|
||||
my $reconfig = 1; # use rndc reconfig (safer for include file updates)
|
||||
|
||||
my $default_ddns_key = 'master-ddns-tsig';
|
||||
|
||||
GetOptions(
|
||||
'out=s' => \$out,
|
||||
'self=s' => \$self_master,
|
||||
@@ -160,11 +162,38 @@ for my $r (@zones) {
|
||||
my $type = $r->{type} // '';
|
||||
my $zf = zonefile_for($zone, $type);
|
||||
|
||||
# Stable, single-line formatting
|
||||
$content .= sprintf(
|
||||
"zone \"%s\" { type master; file \"%s\"; };\n",
|
||||
$zone, $zf
|
||||
);
|
||||
|
||||
# Always enable DDNS updates via the default key, plus any additional keys recorded in JSON.
|
||||
my @keys = ($default_ddns_key);
|
||||
if (defined($r->{payload}) && ref($r->{payload}) eq 'HASH') {
|
||||
my $ak = $r->{payload}->{ddns_keys};
|
||||
if (defined $ak) {
|
||||
if (ref($ak) eq 'ARRAY') {
|
||||
push @keys, grep { defined($_) && $_ ne '' } @$ak;
|
||||
} elsif (!ref($ak) && $ak ne '') {
|
||||
push @keys, $ak;
|
||||
}
|
||||
}
|
||||
}
|
||||
# Deduplicate while preserving order.
|
||||
my %seen;
|
||||
@keys = grep { !$seen{$_}++ } @keys;
|
||||
|
||||
my $allow_transfer = 'allow-transfer { trusted; ' . join(' ', map { 'key "' . $_ . '";' } @keys) . ' };';
|
||||
my $update_policy = 'update-policy { ' . join(' ', map { 'grant ' . $_ . ' zonesub ANY;' } @keys) . ' };';
|
||||
my $journal = 'journal "' . $zf . '.jnl";';
|
||||
my $serial_update = 'serial-update-method unixtime;';
|
||||
|
||||
my $dnssec = 0;
|
||||
if (defined($r->{payload}) && ref($r->{payload}) eq 'HASH' && $r->{payload}->{dnssec}) {
|
||||
$dnssec = 1;
|
||||
}
|
||||
my $dnssec_opts = $dnssec ? ' auto-dnssec maintain; inline-signing yes;' : '';
|
||||
|
||||
$content .= sprintf(
|
||||
"zone \"%s\" { type master; file \"%s\";%s %s %s %s %s };\n",
|
||||
$zone, $zf, $dnssec_opts, $allow_transfer, $update_policy, $journal, $serial_update
|
||||
);
|
||||
}
|
||||
|
||||
# Decide whether unified include changed
|
||||
|
||||
Reference in New Issue
Block a user