From ab0a52c30e2d0c30498e5fa74f95ff8359e9e440 Mon Sep 17 00:00:00 2001 From: Jorj Bauer Date: Sat, 21 Nov 2020 16:11:41 -0500 Subject: [PATCH] adding dnssec support --- DDNS.pm | 29 ++++++++++++++++++++++++----- Makefile.PL | 2 ++ bin/sync-master-vhosts | 6 +++++- bin/sync-slave | 6 +++++- 4 files changed, 36 insertions(+), 7 deletions(-) diff --git a/DDNS.pm b/DDNS.pm index d6f8f63..3147e9c 100644 --- a/DDNS.pm +++ b/DDNS.pm @@ -8,7 +8,7 @@ use Memoize; memoize('_gethosts'); -our $VERSION = '0.2'; +our $VERSION = '0.3'; sub new { my $me = shift; @@ -24,7 +24,7 @@ sub _validateTypeOrDie { my ($t) = @_; die "Invalid type" - unless ($t =~ /^_(vhosts|pureslave|custom)$/); + unless ($t =~ /^_(vhosts|pureslave|custom|dnssec)$/); } sub _fqdn { @@ -127,6 +127,7 @@ sub _gethosts { # Find the type of domin that $dom is. If we don't find it, return # undef. (The domain $dom ends in a dot; the DNS info we find won't; # hence the concat of the extra "." after the lc.) +# (Skip _dnssec records in this check.) sub type { my ($this, $dom) = @_; @@ -135,7 +136,8 @@ sub type { my @vh = $this->get(); foreach my $i (@vh) { if (lc($i->{zone})."." eq lc($dom)) { - return $i->{type}; + return $i->{type} + unless ($i->{type} eq '_dnssec'); } } @@ -148,8 +150,10 @@ sub add { _validateOrDie($dom); my $fqdn = _fqdn($dom, $type); - if (my $type = $this->type($dom)) { - die "Domain $dom already exists [of type $type]"; + if (my $existingtype = $this->type($dom)) { + die "Domain $dom already exists [of type $existingtype]" + unless ($existingtype eq '_dnssec' || + $type eq '_dnssec'); } $this->__docmd("update add $fqdn 60 TXT $master"); @@ -180,4 +184,19 @@ sub cleanup { system("/usr/local/bin/sync-master-vhosts"); } +sub is_dnssec { + my ($this, $dom) = @_; + + $dom =~ s/^(.+)\.$/$1/; # remove trailing dot + + my @h = $this->_gethosts('_dnssec'); + foreach my $i (@h) { + if (lc($i->{zone}) eq $dom) { + return 1; + } + } + return 0; +} + + 1; diff --git a/Makefile.PL b/Makefile.PL index a5a8a01..11d2b3d 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -21,6 +21,8 @@ WriteMakefile( 'bin/list-all', 'bin/is-managed', 'bin/validate-master', + 'bin/add-dnssec', + 'bin/del-ddnssec', ], 'AUTHOR' => 'Jorj Bauer ', ); diff --git a/bin/sync-master-vhosts b/bin/sync-master-vhosts index 130917d..ee6e816 100755 --- a/bin/sync-master-vhosts +++ b/bin/sync-master-vhosts @@ -37,7 +37,11 @@ if ($changecount) { # If we made any changes, then generate the full vhost list my ($fh, $path) = tempfile(); foreach my $i (sort {$a->{zone} cmp $b->{zone}} @vh) { - print $fh "zone \"$i->{zone}\" { type master; file \"/var/lib/bind/vhost/db.$i->{zone}\"; };\n"; + if ($ddns->is_dnssec($i->{zone})) { + print $fh "zone \"$i->{zone}\" { type master; file \"/var/lib/bind/vhost/db.$i->{zone}.signed\"; };\n"; + } else { + print $fh "zone \"$i->{zone}\" { type master; file \"/var/lib/bind/vhost/db.$i->{zone}\"; };\n"; + } } close $fh; print "Installing new vhost list\n"; diff --git a/bin/sync-slave b/bin/sync-slave index 7d52281..5cd3f3d 100755 --- a/bin/sync-slave +++ b/bin/sync-slave @@ -53,7 +53,11 @@ sub do_rewrite { print "Differences found; rewriting slave file.\n"; foreach my $i (sort {$a->{zone} cmp $b->{zone}} @vh) { - print $fh "zone \"$i->{zone}\" { type slave; file \"/var/cache/bind/db.$i->{zone}\"; masters { $i->{master}; }; };\n"; + if ($ddns->is_dnssec($i->{zone})) { + print $fh "zone \"$i->{zone}\" { type slave; file \"/var/cache/bind/db.$i->{zone}.signed\"; masters { $i->{master}; }; };\n"; + } else { + print $fh "zone \"$i->{zone}\" { type slave; file \"/var/cache/bind/db.$i->{zone}\"; masters { $i->{master}; }; };\n"; + } } close $fh; print "Installing new slave host list\n";