change shape for bind configuration; use one unified file, add new options when adding zones

2026-01-24 12:15:15 -05:00
parent f2b2ba25f0
commit ff83f9c5de
16 changed files with 167 additions and 81 deletions
--- a/bin/add-custom
+++ b/bin/add-custom
@@ -4,17 +4,45 @@ use strict;
 use warnings;
 use Martnet::DDNS;
 use Regexp::Common qw/net/;
+use Getopt::Long qw/GetOptions/;
+use JSON::PP qw/encode_json true false/;
+
+sub usage {
+    die "Usage: add-custom [--enable-dnssec|--disable-dnssec] --master <IPv4|IPv6> <zone.>\n";
+}
+
+my $master;
+my $enable_dnssec = 0;
+my $disable_dnssec = 0;
+
+GetOptions(
+    'master|m=s'       => \$master,
+    'enable-dnssec'    => \$enable_dnssec,
+    'disable-dnssec'   => \$disable_dnssec,
+) or usage();
+
+usage() unless defined $master;
+
+die "Cannot specify both --enable-dnssec and --disable-dnssec\n"
+    if ($enable_dnssec && $disable_dnssec);
+
+my $host = shift || die "No zonename provided\n";

-my $host = shift || die "No zonename provided";
-my $master = shift;
 my $ddns = Martnet::DDNS->new();
-$master ||= $ddns->default_master();

-die "Zonename must end in a dot"
+die "Zonename must end in a dot\n"
    unless ($host =~ /^[a-zA-Z0-9\.\-\_]+\.$/);

 my $regex = $RE{net}{IPv4} . '|' . $RE{net}{IPv6};
-die "Master must be an IPv4 or IPv6 address"
+die "Master must be an IPv4 or IPv6 address\n"
    unless ($master =~ /^$regex$/);

-$ddns->add($host, $master, '_custom');
+my $payload = { master => $master };
+if ($enable_dnssec) {
+    $payload->{dnssec} = true;
+} elsif ($disable_dnssec) {
+    $payload->{dnssec} = false;
+}
+
+$ddns->add($host, encode_json($payload), '_custom');
+
--- a/bin/add-slave
+++ b/bin/add-slave
@@ -4,16 +4,45 @@ use strict;
 use warnings;
 use Martnet::DDNS;
 use Regexp::Common qw/net/;
+use Getopt::Long qw/GetOptions/;
+use JSON::PP qw/encode_json true false/;

-my $host = shift || die "No zonename provided";
-my $master = shift || die "No master DNS IP provided";
+sub usage {
+    die "Usage: add-slave [--enable-dnssec|--disable-dnssec] --master <IPv4|IPv6> <zone.>\n";
+}

-die "Zonename must end in a dot"
+my $master;
+my $enable_dnssec = 0;
+my $disable_dnssec = 0;
+
+GetOptions(
+    'master|m=s'       => \$master,
+    'enable-dnssec'    => \$enable_dnssec,
+    'disable-dnssec'   => \$disable_dnssec,
+) or usage();
+
+usage() unless defined $master;
+
+die "Cannot specify both --enable-dnssec and --disable-dnssec\n"
+    if ($enable_dnssec && $disable_dnssec);
+
+my $host = shift || die "No zonename provided\n";
+
+my $ddns = Martnet::DDNS->new();
+
+die "Zonename must end in a dot\n"
    unless ($host =~ /^[a-zA-Z0-9\.\-\_]+\.$/);

 my $regex = $RE{net}{IPv4} . '|' . $RE{net}{IPv6};
-die "Master must be an IPv4 or IPv6 address"
+die "Master must be an IPv4 or IPv6 address\n"
    unless ($master =~ /^$regex$/);

-my $ddns = Martnet::DDNS->new();
-$ddns->add($host, $master, '_pureslave');
+my $payload = { master => $master };
+if ($enable_dnssec) {
+    $payload->{dnssec} = true;
+} elsif ($disable_dnssec) {
+    $payload->{dnssec} = false;
+}
+
+$ddns->add($host, encode_json($payload), '_pureslave');
+
--- a/bin/add-vhost
+++ b/bin/add-vhost
@@ -4,16 +4,45 @@ use strict;
 use warnings;
 use Martnet::DDNS;
 use Regexp::Common qw/net/;
+use Getopt::Long qw/GetOptions/;
+use JSON::PP qw/encode_json true false/;
+
+sub usage {
+    die "Usage: add-vhost [--enable-dnssec|--disable-dnssec] --master <IPv4|IPv6> <zone.>\n";
+}
+
+my $master;
+my $enable_dnssec = 0;
+my $disable_dnssec = 0;
+
+GetOptions(
+    'master|m=s'       => \$master,
+    'enable-dnssec'    => \$enable_dnssec,
+    'disable-dnssec'   => \$disable_dnssec,
+) or usage();
+
+usage() unless defined $master;
+
+die "Cannot specify both --enable-dnssec and --disable-dnssec\n"
+    if ($enable_dnssec && $disable_dnssec);
+
+my $host = shift || die "No zonename provided\n";

-my $host = shift || die "No vhost provided";
 my $ddns = Martnet::DDNS->new();
-my $master ||= $ddns->default_master();

-die "Hostname must end in a dot"
+die "Zonename must end in a dot\n"
    unless ($host =~ /^[a-zA-Z0-9\.\-\_]+\.$/);

 my $regex = $RE{net}{IPv4} . '|' . $RE{net}{IPv6};
-die "Master must be an IPv4 or IPv6 address"
+die "Master must be an IPv4 or IPv6 address\n"
    unless ($master =~ /^$regex$/);

-$ddns->add($host, $master, '_vhosts');
+my $payload = { master => $master };
+if ($enable_dnssec) {
+    $payload->{dnssec} = true;
+} elsif ($disable_dnssec) {
+    $payload->{dnssec} = false;
+}
+
+$ddns->add($host, encode_json($payload), '_vhosts');
+
--- a/bin/del-custom
+++ b/bin/del-custom
--- a/bin/del-slave
+++ b/bin/del-slave
--- a/bin/del-vhost
+++ b/bin/del-vhost
--- a/bin/is-managed
+++ b/bin/is-managed
--- a/bin/list-all
+++ b/bin/list-all
@@ -8,6 +8,5 @@ my $ddns = Martnet::DDNS->new();

 my @vh = $ddns->get();
 foreach my $i (sort {$a->{zone} cmp $b->{zone}} @vh) {
-    next if ($i->{type} eq '_dnssec'); # Skip DNSSEC flags
-    print $i->{zone}, ". $i->{type} master: ", $i->{master},"\n";
+    print $i->{zone}, ". $i->{type} master: ", ($i->{master} // ''), "\n";
 }
--- a/bin/list-custom
+++ b/bin/list-custom
--- a/bin/list-slaves
+++ b/bin/list-slaves
--- a/bin/list-vhosts
+++ b/bin/list-vhosts
--- a/bin/sync-master-vhosts
+++ b/bin/sync-master-vhosts
@@ -52,7 +52,7 @@ if ($changecount) {
    }
    close $fh;
    print "Installing new vhost list\n";
-    system("install -o bind -g bind $path /var/lib/bind/vhost.zones.9");
+    system("install -o bind -g bind $path /var/lib/bind/unified.zones.9");
    print "Reloading DNS files\n";
    system("/usr/sbin/rndc reload");
 }
--- a/bin/sync-slave
+++ b/bin/sync-slave
@@ -10,7 +10,7 @@ my $force = shift; # a "force" flag, if the update is big

 my $ddns = Martnet::DDNS->new();

-my @vh = $ddns->get();
+my @vh = $ddns->get('_pureslave');
 my %vhh = map { $_->{zone} => 1 } @vh;

 my @all = parse_slavefile("/etc/bind/martnet.slave.zones.9");
@@ -62,8 +62,9 @@ sub do_rewrite {
    print "Differences found; rewriting slave file.\n";
    
    foreach my $i (sort {$a->{zone} cmp $b->{zone}} @vh) {
-	next if ($i->{type} eq '_dnssec');
-	print $fh "zone \"$i->{zone}\" { type slave; file \"/var/cache/bind/db.$i->{zone}\"; masters { $i->{master}; }; allow-notify {key \"notify-key\";}; };\n";
+        die "No master(s) found for slave zone $i->{zone}"
+            unless defined($i->{master}) && $i->{master} ne '';
+        print $fh "zone \"$i->{zone}\" { type slave; file \"/var/cache/bind/db.$i->{zone}\"; masters { $i->{master}; }; allow-notify {key \"notify-key\";}; };\n";
    }
    close $fh;
    print "Installing new slave host list\n";
@@ -89,13 +90,11 @@ sub contains_zone {

    foreach my $i (@zl) {
 	if ($i->{zone} eq $zone->{zone}) {
-	print "m: '$i->{master}' ne '$zone->{master}'\n"
-	    unless ($i->{master} eq $zone->{master});
+	    print "m: '$i->{master}' ne '$zone->{master}'\n"
+		unless ($i->{master} eq $zone->{master});
+	    return 1
+		if ($i->{master} eq $zone->{master});
 	}
-	return 1
-	    if ($i->{zone} eq $zone->{zone} &&
-		$i->{master} eq $zone->{master}
-	    );
    }
    return 0;
 }
--- a/bin/validate-master
+++ b/bin/validate-master
@@ -9,11 +9,7 @@ my $ddns = Martnet::DDNS->new();
 my $cfgpath = '/etc/bind';
 my $datapath = '/var/lib/bind';

-my %files = ( 'custom.zones.9' => '_custom',
-	      'martnet.zones.9' => '_custom',
-	      'hostedservers.zones.9' => '_custom',
-	      'vhost.zones.9' => '_vhosts',
-	      'martnet.slave.zones.9' => '*' );
+my %files = ( 'unified.zones.9' => '*' );

 our %fixes = ( '_custom' => 'add-custom',
 	       '_vhosts' => 'add-vhost',