diff --git a/DDNS.pm b/DDNS.pm index c9f79b8..06914d7 100644 --- a/DDNS.pm +++ b/DDNS.pm @@ -29,7 +29,7 @@ sub _validateTypeOrDie { my ($t) = @_; die "Invalid type" - unless ($t =~ /^_(vhosts|pureslave|custom|dnssec)$/); + unless ($t =~ /^_(vhosts|pureslave|custom)$/); } sub _fqdn { @@ -119,45 +119,50 @@ sub _txt_from_line { return $txt; } -sub _normalize_master_value { + +sub _parse_txt_payload { my ($raw) = @_; - return undef unless defined $raw; + return (undef, undef) unless defined $raw; my $v = $raw; $v =~ s/^\s+|\s+$//g; - return $v if $v eq ''; - # JSON objects/arrays are allowed as TXT payloads. + # Legacy format: plain string (single master or ';' separated list) + my $payload; if ($v =~ /^[\[{]/) { my $obj; - eval { $obj = decode_json($v); 1 } or return $v; # fall back to raw + eval { $obj = decode_json($v); 1 } or do { + # If JSON decoding fails, treat as legacy string. + $obj = undef; + }; - # Supported shapes: - # - {"master": "ip"} - # - {"masters": "ip1;ip2"} - # - {"masters": ["ip1","ip2"]} - if (ref($obj) eq 'HASH') { - if (defined $obj->{masters}) { - if (ref($obj->{masters}) eq 'ARRAY') { - my @m = map { defined($_) ? $_ : () } @{$obj->{masters}}; - $v = join(';', @m); - } else { - $v = $obj->{masters}; + if (defined $obj) { + $payload = $obj if ref($obj) eq 'HASH'; + # Normalize masters string from supported JSON shapes. + if (ref($obj) eq 'HASH') { + if (defined $obj->{masters}) { + if (ref($obj->{masters}) eq 'ARRAY') { + my @m = map { defined($_) ? $_ : () } @{$obj->{masters}}; + $v = join(';', @m); + } else { + $v = $obj->{masters}; + } + } elsif (defined $obj->{master}) { + $v = $obj->{master}; } - } elsif (defined $obj->{master}) { - $v = $obj->{master}; + } elsif (ref($obj) eq 'ARRAY') { + my @m = map { defined($_) ? $_ : () } @$obj; + $v = join(';', @m); } - } elsif (ref($obj) eq 'ARRAY') { - my @m = map { defined($_) ? $_ : () } @$obj; - $v = join(';', @m); } } # Normalize formatting for BIND masters blocks: no spaces, no trailing ';' + $v = '' unless defined $v; $v =~ s/\s+//g; $v =~ s/;+$//; - return $v; + return ($v, $payload); } sub _quote_txt_rdata { @@ -168,6 +173,14 @@ sub _quote_txt_rdata { return "\"$s\""; } + { + my ($s) = @_; + $s = '' unless defined $s; + $s =~ s/\\/\\\\/g; + $s =~ s/\"/\\\"/g; + return "\"$s\""; +} + sub _gethosts { my ($this, $type) = @_; @@ -186,19 +199,15 @@ sub _gethosts { if ($type) { if (/^(\S+)\.$type\.private\.invalid\.\s+\d+\s+IN\s+TXT\s+/) { my $z = $1; - my $m = _normalize_master_value(_txt_from_line($_)); - push (@vh, { zone => $z, - type => $type, - master => $m }); + my ($m, $payload) = _parse_txt_payload(_txt_from_line($_)); + push (@vh, { zone => $z, type => $type, master => $m, payload => $payload }); } } else { # Querying everything if (/^(\S+)\.(\S+)\.private\.invalid\.\s+\d+\s+IN\s+TXT\s+/) { my ($z, $t) = ($1, $2); - my $m = _normalize_master_value(_txt_from_line($_)); - push (@vh, { zone => $z, - type => $t, - master => $m }); + my ($m, $payload) = _parse_txt_payload(_txt_from_line($_)); + push (@vh, { zone => $z, type => $t, master => $m, payload => $payload }); } } } @@ -209,7 +218,6 @@ sub _gethosts { # Find the type of domin that $dom is. If we don't find it, return # undef. (The domain $dom ends in a dot; the DNS info we find won't; # hence the concat of the extra "." after the lc.) -# (Skip _dnssec records in this check.) sub type { my ($this, $dom) = @_; @@ -219,7 +227,7 @@ sub type { foreach my $i (@vh) { if (lc($i->{zone})."." eq lc($dom)) { return $i->{type} - unless ($i->{type} eq '_dnssec'); + ; } } @@ -233,9 +241,7 @@ sub add { my $fqdn = _fqdn($dom, $type); if (my $existingtype = $this->type($dom)) { - die "Domain $dom already exists [of type $existingtype]" - unless ($existingtype eq '_dnssec' || - $type eq '_dnssec'); + die "Domain $dom already exists [of type $existingtype]"; } # TXT RDATA must be quoted for JSON (and is safe for legacy strings too). @@ -267,21 +273,25 @@ sub cleanup { system("/usr/local/bin/sync-master-vhosts"); } + sub is_dnssec { my ($this, $dom) = @_; - + + _validateOrDie($dom); $dom =~ s/^(.+)\.$/$1/; # remove trailing dot - my @h = $this->_gethosts('_dnssec'); - foreach my $i (@h) { - if (lc($i->{zone}) eq $dom) { - return 1; - } + my @vh = $this->get(); + foreach my $i (@vh) { + next unless (lc($i->{zone}) eq lc($dom)); + my $p = $i->{payload}; + return 1 if (defined $p && ref($p) eq 'HASH' && $p->{dnssec}); + return 0; } return 0; } sub default_master { + { my ($this, $type) = @_; # This could return different masters for different types diff --git a/Makefile.PL b/Makefile.PL index 9228178..bb5dfba 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -20,10 +20,6 @@ WriteMakefile( 'bin/sync-slave', 'bin/list-all', 'bin/is-managed', - 'bin/validate-master', - 'bin/add-dnssec', - 'bin/del-dnssec', - 'bin/list-dnssec', - ], + 'bin/validate-master', ], 'AUTHOR' => 'Jorj Bauer ', ); diff --git a/bin/add-custom b/bin/add-custom old mode 100755 new mode 100644 index 0149987..8745f52 --- a/bin/add-custom +++ b/bin/add-custom @@ -4,17 +4,45 @@ use strict; use warnings; use Martnet::DDNS; use Regexp::Common qw/net/; +use Getopt::Long qw/GetOptions/; +use JSON::PP qw/encode_json true false/; + +sub usage { + die "Usage: add-custom [--enable-dnssec|--disable-dnssec] --master \n"; +} + +my $master; +my $enable_dnssec = 0; +my $disable_dnssec = 0; + +GetOptions( + 'master|m=s' => \$master, + 'enable-dnssec' => \$enable_dnssec, + 'disable-dnssec' => \$disable_dnssec, +) or usage(); + +usage() unless defined $master; + +die "Cannot specify both --enable-dnssec and --disable-dnssec\n" + if ($enable_dnssec && $disable_dnssec); + +my $host = shift || die "No zonename provided\n"; -my $host = shift || die "No zonename provided"; -my $master = shift; my $ddns = Martnet::DDNS->new(); -$master ||= $ddns->default_master(); -die "Zonename must end in a dot" +die "Zonename must end in a dot\n" unless ($host =~ /^[a-zA-Z0-9\.\-\_]+\.$/); my $regex = $RE{net}{IPv4} . '|' . $RE{net}{IPv6}; -die "Master must be an IPv4 or IPv6 address" +die "Master must be an IPv4 or IPv6 address\n" unless ($master =~ /^$regex$/); -$ddns->add($host, $master, '_custom'); +my $payload = { master => $master }; +if ($enable_dnssec) { + $payload->{dnssec} = true; +} elsif ($disable_dnssec) { + $payload->{dnssec} = false; +} + +$ddns->add($host, encode_json($payload), '_custom'); + diff --git a/bin/add-slave b/bin/add-slave old mode 100755 new mode 100644 index 088fb1f..b5c8b1b --- a/bin/add-slave +++ b/bin/add-slave @@ -4,16 +4,45 @@ use strict; use warnings; use Martnet::DDNS; use Regexp::Common qw/net/; +use Getopt::Long qw/GetOptions/; +use JSON::PP qw/encode_json true false/; -my $host = shift || die "No zonename provided"; -my $master = shift || die "No master DNS IP provided"; +sub usage { + die "Usage: add-slave [--enable-dnssec|--disable-dnssec] --master \n"; +} -die "Zonename must end in a dot" +my $master; +my $enable_dnssec = 0; +my $disable_dnssec = 0; + +GetOptions( + 'master|m=s' => \$master, + 'enable-dnssec' => \$enable_dnssec, + 'disable-dnssec' => \$disable_dnssec, +) or usage(); + +usage() unless defined $master; + +die "Cannot specify both --enable-dnssec and --disable-dnssec\n" + if ($enable_dnssec && $disable_dnssec); + +my $host = shift || die "No zonename provided\n"; + +my $ddns = Martnet::DDNS->new(); + +die "Zonename must end in a dot\n" unless ($host =~ /^[a-zA-Z0-9\.\-\_]+\.$/); my $regex = $RE{net}{IPv4} . '|' . $RE{net}{IPv6}; -die "Master must be an IPv4 or IPv6 address" +die "Master must be an IPv4 or IPv6 address\n" unless ($master =~ /^$regex$/); -my $ddns = Martnet::DDNS->new(); -$ddns->add($host, $master, '_pureslave'); +my $payload = { master => $master }; +if ($enable_dnssec) { + $payload->{dnssec} = true; +} elsif ($disable_dnssec) { + $payload->{dnssec} = false; +} + +$ddns->add($host, encode_json($payload), '_pureslave'); + diff --git a/bin/add-vhost b/bin/add-vhost old mode 100755 new mode 100644 index 9acbe2d..95418a0 --- a/bin/add-vhost +++ b/bin/add-vhost @@ -4,16 +4,45 @@ use strict; use warnings; use Martnet::DDNS; use Regexp::Common qw/net/; +use Getopt::Long qw/GetOptions/; +use JSON::PP qw/encode_json true false/; + +sub usage { + die "Usage: add-vhost [--enable-dnssec|--disable-dnssec] --master \n"; +} + +my $master; +my $enable_dnssec = 0; +my $disable_dnssec = 0; + +GetOptions( + 'master|m=s' => \$master, + 'enable-dnssec' => \$enable_dnssec, + 'disable-dnssec' => \$disable_dnssec, +) or usage(); + +usage() unless defined $master; + +die "Cannot specify both --enable-dnssec and --disable-dnssec\n" + if ($enable_dnssec && $disable_dnssec); + +my $host = shift || die "No zonename provided\n"; -my $host = shift || die "No vhost provided"; my $ddns = Martnet::DDNS->new(); -my $master ||= $ddns->default_master(); -die "Hostname must end in a dot" +die "Zonename must end in a dot\n" unless ($host =~ /^[a-zA-Z0-9\.\-\_]+\.$/); my $regex = $RE{net}{IPv4} . '|' . $RE{net}{IPv6}; -die "Master must be an IPv4 or IPv6 address" +die "Master must be an IPv4 or IPv6 address\n" unless ($master =~ /^$regex$/); -$ddns->add($host, $master, '_vhosts'); +my $payload = { master => $master }; +if ($enable_dnssec) { + $payload->{dnssec} = true; +} elsif ($disable_dnssec) { + $payload->{dnssec} = false; +} + +$ddns->add($host, encode_json($payload), '_vhosts'); + diff --git a/bin/del-custom b/bin/del-custom old mode 100755 new mode 100644 diff --git a/bin/del-slave b/bin/del-slave old mode 100755 new mode 100644 diff --git a/bin/del-vhost b/bin/del-vhost old mode 100755 new mode 100644 diff --git a/bin/is-managed b/bin/is-managed old mode 100755 new mode 100644 diff --git a/bin/list-all b/bin/list-all old mode 100755 new mode 100644 index ad1ffca..a0750ed --- a/bin/list-all +++ b/bin/list-all @@ -8,6 +8,5 @@ my $ddns = Martnet::DDNS->new(); my @vh = $ddns->get(); foreach my $i (sort {$a->{zone} cmp $b->{zone}} @vh) { - next if ($i->{type} eq '_dnssec'); # Skip DNSSEC flags - print $i->{zone}, ". $i->{type} master: ", $i->{master},"\n"; + print $i->{zone}, ". $i->{type} master: ", ($i->{master} // ''), "\n"; } diff --git a/bin/list-custom b/bin/list-custom old mode 100755 new mode 100644 diff --git a/bin/list-slaves b/bin/list-slaves old mode 100755 new mode 100644 diff --git a/bin/list-vhosts b/bin/list-vhosts old mode 100755 new mode 100644 diff --git a/bin/sync-master-vhosts b/bin/sync-master-vhosts old mode 100755 new mode 100644 index 748ddb5..a0746ad --- a/bin/sync-master-vhosts +++ b/bin/sync-master-vhosts @@ -52,7 +52,7 @@ if ($changecount) { } close $fh; print "Installing new vhost list\n"; - system("install -o bind -g bind $path /var/lib/bind/vhost.zones.9"); + system("install -o bind -g bind $path /var/lib/bind/unified.zones.9"); print "Reloading DNS files\n"; system("/usr/sbin/rndc reload"); } diff --git a/bin/sync-slave b/bin/sync-slave old mode 100755 new mode 100644 index df105a7..5b24eb4 --- a/bin/sync-slave +++ b/bin/sync-slave @@ -10,7 +10,7 @@ my $force = shift; # a "force" flag, if the update is big my $ddns = Martnet::DDNS->new(); -my @vh = $ddns->get(); +my @vh = $ddns->get('_pureslave'); my %vhh = map { $_->{zone} => 1 } @vh; my @all = parse_slavefile("/etc/bind/martnet.slave.zones.9"); @@ -62,8 +62,9 @@ sub do_rewrite { print "Differences found; rewriting slave file.\n"; foreach my $i (sort {$a->{zone} cmp $b->{zone}} @vh) { - next if ($i->{type} eq '_dnssec'); - print $fh "zone \"$i->{zone}\" { type slave; file \"/var/cache/bind/db.$i->{zone}\"; masters { $i->{master}; }; allow-notify {key \"notify-key\";}; };\n"; + die "No master(s) found for slave zone $i->{zone}" + unless defined($i->{master}) && $i->{master} ne ''; + print $fh "zone \"$i->{zone}\" { type slave; file \"/var/cache/bind/db.$i->{zone}\"; masters { $i->{master}; }; allow-notify {key \"notify-key\";}; };\n"; } close $fh; print "Installing new slave host list\n"; @@ -89,13 +90,11 @@ sub contains_zone { foreach my $i (@zl) { if ($i->{zone} eq $zone->{zone}) { - print "m: '$i->{master}' ne '$zone->{master}'\n" - unless ($i->{master} eq $zone->{master}); + print "m: '$i->{master}' ne '$zone->{master}'\n" + unless ($i->{master} eq $zone->{master}); + return 1 + if ($i->{master} eq $zone->{master}); } - return 1 - if ($i->{zone} eq $zone->{zone} && - $i->{master} eq $zone->{master} - ); } return 0; } diff --git a/bin/validate-master b/bin/validate-master old mode 100755 new mode 100644 index 763a694..9b8a3ff --- a/bin/validate-master +++ b/bin/validate-master @@ -9,11 +9,7 @@ my $ddns = Martnet::DDNS->new(); my $cfgpath = '/etc/bind'; my $datapath = '/var/lib/bind'; -my %files = ( 'custom.zones.9' => '_custom', - 'martnet.zones.9' => '_custom', - 'hostedservers.zones.9' => '_custom', - 'vhost.zones.9' => '_vhosts', - 'martnet.slave.zones.9' => '*' ); +my %files = ( 'unified.zones.9' => '*' ); our %fixes = ( '_custom' => 'add-custom', '_vhosts' => 'add-vhost',