jorj/martnet-ddns
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

change shape for bind configuration; use one unified file, add new options when adding zones

Browse Source
This commit is contained in:
Jorj Bauer
2026-01-24 12:15:15 -05:00
parent f2b2ba25f0
commit ff83f9c5de
16 changed files with 167 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
DDNS.pm
View File

@@ -29,7 +29,7 @@ sub _validateTypeOrDie {
my ($t) = @_; my ($t) = @_;
die "Invalid type" die "Invalid type"
unless ($t =~ /^_(vhosts|pureslave|custom|dnssec)$/); unless ($t =~ /^_(vhosts|pureslave|custom)$/);
} }
sub _fqdn { sub _fqdn {
@@ -119,45 +119,50 @@ sub _txt_from_line {
return $txt; return $txt;
} }
sub _normalize_master_value {
sub _parse_txt_payload {
my ($raw) = @_; my ($raw) = @_;
return undef unless defined $raw; return (undef, undef) unless defined $raw;
my $v = $raw; my $v = $raw;
$v =~ s/^\s+|\s+$//g; $v =~ s/^\s+|\s+$//g;
return $v if $v eq '';
# JSON objects/arrays are allowed as TXT payloads. # Legacy format: plain string (single master or ';' separated list)
my $payload;
if ($v =~ /^[\[{]/) { if ($v =~ /^[\[{]/) {
my $obj; my $obj;
eval { $obj = decode_json($v); 1 } or return $v; # fall back to raw eval { $obj = decode_json($v); 1 } or do {
# If JSON decoding fails, treat as legacy string.
$obj = undef;
};
# Supported shapes: if (defined $obj) {
# - {"master": "ip"} $payload = $obj if ref($obj) eq 'HASH';
# - {"masters": "ip1;ip2"} # Normalize masters string from supported JSON shapes.
# - {"masters": ["ip1","ip2"]} if (ref($obj) eq 'HASH') {
if (ref($obj) eq 'HASH') { if (defined $obj->{masters}) {
if (defined $obj->{masters}) { if (ref($obj->{masters}) eq 'ARRAY') {
if (ref($obj->{masters}) eq 'ARRAY') { my @m = map { defined($_) ? $_ : () } @{$obj->{masters}};
my @m = map { defined($_) ? $_ : () } @{$obj->{masters}}; $v = join(';', @m);
$v = join(';', @m); } else {
} else { $v = $obj->{masters};
$v = $obj->{masters}; }
} elsif (defined $obj->{master}) {
$v = $obj->{master};
} }
} elsif (defined $obj->{master}) { } elsif (ref($obj) eq 'ARRAY') {
$v = $obj->{master}; my @m = map { defined($_) ? $_ : () } @$obj;
$v = join(';', @m);
} }
} elsif (ref($obj) eq 'ARRAY') {
my @m = map { defined($_) ? $_ : () } @$obj;
$v = join(';', @m);
} }
} }
# Normalize formatting for BIND masters blocks: no spaces, no trailing ';' # Normalize formatting for BIND masters blocks: no spaces, no trailing ';'
$v = '' unless defined $v;
$v =~ s/\s+//g; $v =~ s/\s+//g;
$v =~ s/;+$//; $v =~ s/;+$//;
return $v; return ($v, $payload);
} }
sub _quote_txt_rdata { sub _quote_txt_rdata {
@@ -168,6 +173,14 @@ sub _quote_txt_rdata {
return "\"$s\""; return "\"$s\"";
} }
{
my ($s) = @_;
$s = '' unless defined $s;
$s =~ s/\\/\\\\/g;
$s =~ s/\"/\\\"/g;
return "\"$s\"";
}
sub _gethosts { sub _gethosts {
my ($this, $type) = @_; my ($this, $type) = @_;
@@ -186,19 +199,15 @@ sub _gethosts {
if ($type) { if ($type) {
if (/^(\S+)\.$type\.private\.invalid\.\s+\d+\s+IN\s+TXT\s+/) { if (/^(\S+)\.$type\.private\.invalid\.\s+\d+\s+IN\s+TXT\s+/) {
my $z = $1; my $z = $1;
my $m = _normalize_master_value(_txt_from_line($_)); my ($m, $payload) = _parse_txt_payload(_txt_from_line($_));
push (@vh, { zone => $z, push (@vh, { zone => $z, type => $type, master => $m, payload => $payload });
type => $type,
master => $m });
} }
} else { } else {
# Querying everything # Querying everything
if (/^(\S+)\.(\S+)\.private\.invalid\.\s+\d+\s+IN\s+TXT\s+/) { if (/^(\S+)\.(\S+)\.private\.invalid\.\s+\d+\s+IN\s+TXT\s+/) {
my ($z, $t) = ($1, $2); my ($z, $t) = ($1, $2);
my $m = _normalize_master_value(_txt_from_line($_)); my ($m, $payload) = _parse_txt_payload(_txt_from_line($_));
push (@vh, { zone => $z, push (@vh, { zone => $z, type => $t, master => $m, payload => $payload });
type => $t,
master => $m });
} }
} }
} }
@@ -209,7 +218,6 @@ sub _gethosts {
# Find the type of domin that $dom is. If we don't find it, return # Find the type of domin that $dom is. If we don't find it, return
# undef. (The domain $dom ends in a dot; the DNS info we find won't; # undef. (The domain $dom ends in a dot; the DNS info we find won't;
# hence the concat of the extra "." after the lc.) # hence the concat of the extra "." after the lc.)
# (Skip _dnssec records in this check.)
sub type { sub type {
my ($this, $dom) = @_; my ($this, $dom) = @_;
@@ -219,7 +227,7 @@ sub type {
foreach my $i (@vh) { foreach my $i (@vh) {
if (lc($i->{zone})."." eq lc($dom)) { if (lc($i->{zone})."." eq lc($dom)) {
return $i->{type} return $i->{type}
unless ($i->{type} eq '_dnssec'); ;
} }
} }
@@ -233,9 +241,7 @@ sub add {
my $fqdn = _fqdn($dom, $type); my $fqdn = _fqdn($dom, $type);
if (my $existingtype = $this->type($dom)) { if (my $existingtype = $this->type($dom)) {
die "Domain $dom already exists [of type $existingtype]" die "Domain $dom already exists [of type $existingtype]";
unless ($existingtype eq '_dnssec' ||
$type eq '_dnssec');
} }
# TXT RDATA must be quoted for JSON (and is safe for legacy strings too). # TXT RDATA must be quoted for JSON (and is safe for legacy strings too).
@@ -267,21 +273,25 @@ sub cleanup {
system("/usr/local/bin/sync-master-vhosts"); system("/usr/local/bin/sync-master-vhosts");
} }
sub is_dnssec { sub is_dnssec {
my ($this, $dom) = @_; my ($this, $dom) = @_;
_validateOrDie($dom);
$dom =~ s/^(.+)\.$/$1/; # remove trailing dot $dom =~ s/^(.+)\.$/$1/; # remove trailing dot
my @h = $this->_gethosts('_dnssec'); my @vh = $this->get();
foreach my $i (@h) { foreach my $i (@vh) {
if (lc($i->{zone}) eq $dom) { next unless (lc($i->{zone}) eq lc($dom));
return 1; my $p = $i->{payload};
} return 1 if (defined $p && ref($p) eq 'HASH' && $p->{dnssec});
return 0;
} }
return 0; return 0;
} }
sub default_master { sub default_master {
{
my ($this, $type) = @_; my ($this, $type) = @_;
# This could return different masters for different types # This could return different masters for different types

6
Makefile.PL
View File

@@ -20,10 +20,6 @@ WriteMakefile(
'bin/sync-slave', 'bin/sync-slave',
'bin/list-all', 'bin/list-all',
'bin/is-managed', 'bin/is-managed',
'bin/validate-master', 'bin/validate-master', ],
'bin/add-dnssec',
'bin/del-dnssec',
'bin/list-dnssec',
],
'AUTHOR' => 'Jorj Bauer <jorj@jorj.org>', 'AUTHOR' => 'Jorj Bauer <jorj@jorj.org>',
); );

40
bin/add-custom Executable file → Normal file
View File

@@ -4,17 +4,45 @@ use strict;
use warnings; use warnings;
use Martnet::DDNS; use Martnet::DDNS;
use Regexp::Common qw/net/; use Regexp::Common qw/net/;
use Getopt::Long qw/GetOptions/;
use JSON::PP qw/encode_json true false/;
sub usage {
die "Usage: add-custom [--enable-dnssec|--disable-dnssec] --master <IPv4|IPv6> <zone.>\n";
}
my $master;
my $enable_dnssec = 0;
my $disable_dnssec = 0;
GetOptions(
'master|m=s' => \$master,
'enable-dnssec' => \$enable_dnssec,
'disable-dnssec' => \$disable_dnssec,
) or usage();
usage() unless defined $master;
die "Cannot specify both --enable-dnssec and --disable-dnssec\n"
if ($enable_dnssec && $disable_dnssec);
my $host = shift || die "No zonename provided\n";
my $host = shift || die "No zonename provided";
my $master = shift;
my $ddns = Martnet::DDNS->new(); my $ddns = Martnet::DDNS->new();
$master ||= $ddns->default_master();
die "Zonename must end in a dot" die "Zonename must end in a dot\n"
unless ($host =~ /^[a-zA-Z0-9\.\-\_]+\.$/); unless ($host =~ /^[a-zA-Z0-9\.\-\_]+\.$/);
my $regex = $RE{net}{IPv4} . '|' . $RE{net}{IPv6}; my $regex = $RE{net}{IPv4} . '|' . $RE{net}{IPv6};
die "Master must be an IPv4 or IPv6 address" die "Master must be an IPv4 or IPv6 address\n"
unless ($master =~ /^$regex$/); unless ($master =~ /^$regex$/);
$ddns->add($host, $master, '_custom'); my $payload = { master => $master };
if ($enable_dnssec) {
$payload->{dnssec} = true;
} elsif ($disable_dnssec) {
$payload->{dnssec} = false;
}
$ddns->add($host, encode_json($payload), '_custom');

41
bin/add-slave Executable file → Normal file
View File

@@ -4,16 +4,45 @@ use strict;
use warnings; use warnings;
use Martnet::DDNS; use Martnet::DDNS;
use Regexp::Common qw/net/; use Regexp::Common qw/net/;
use Getopt::Long qw/GetOptions/;
use JSON::PP qw/encode_json true false/;
my $host = shift || die "No zonename provided"; sub usage {
my $master = shift || die "No master DNS IP provided"; die "Usage: add-slave [--enable-dnssec|--disable-dnssec] --master <IPv4|IPv6> <zone.>\n";
}
die "Zonename must end in a dot" my $master;
my $enable_dnssec = 0;
my $disable_dnssec = 0;
GetOptions(
'master|m=s' => \$master,
'enable-dnssec' => \$enable_dnssec,
'disable-dnssec' => \$disable_dnssec,
) or usage();
usage() unless defined $master;
die "Cannot specify both --enable-dnssec and --disable-dnssec\n"
if ($enable_dnssec && $disable_dnssec);
my $host = shift || die "No zonename provided\n";
my $ddns = Martnet::DDNS->new();
die "Zonename must end in a dot\n"
unless ($host =~ /^[a-zA-Z0-9\.\-\_]+\.$/); unless ($host =~ /^[a-zA-Z0-9\.\-\_]+\.$/);
my $regex = $RE{net}{IPv4} . '|' . $RE{net}{IPv6}; my $regex = $RE{net}{IPv4} . '|' . $RE{net}{IPv6};
die "Master must be an IPv4 or IPv6 address" die "Master must be an IPv4 or IPv6 address\n"
unless ($master =~ /^$regex$/); unless ($master =~ /^$regex$/);
my $ddns = Martnet::DDNS->new(); my $payload = { master => $master };
$ddns->add($host, $master, '_pureslave'); if ($enable_dnssec) {
$payload->{dnssec} = true;
} elsif ($disable_dnssec) {
$payload->{dnssec} = false;
}
$ddns->add($host, encode_json($payload), '_pureslave');

39
bin/add-vhost Executable file → Normal file
View File

@@ -4,16 +4,45 @@ use strict;
use warnings; use warnings;
use Martnet::DDNS; use Martnet::DDNS;
use Regexp::Common qw/net/; use Regexp::Common qw/net/;
use Getopt::Long qw/GetOptions/;
use JSON::PP qw/encode_json true false/;
sub usage {
die "Usage: add-vhost [--enable-dnssec|--disable-dnssec] --master <IPv4|IPv6> <zone.>\n";
}
my $master;
my $enable_dnssec = 0;
my $disable_dnssec = 0;
GetOptions(
'master|m=s' => \$master,
'enable-dnssec' => \$enable_dnssec,
'disable-dnssec' => \$disable_dnssec,
) or usage();
usage() unless defined $master;
die "Cannot specify both --enable-dnssec and --disable-dnssec\n"
if ($enable_dnssec && $disable_dnssec);
my $host = shift || die "No zonename provided\n";
my $host = shift || die "No vhost provided";
my $ddns = Martnet::DDNS->new(); my $ddns = Martnet::DDNS->new();
my $master ||= $ddns->default_master();
die "Hostname must end in a dot" die "Zonename must end in a dot\n"
unless ($host =~ /^[a-zA-Z0-9\.\-\_]+\.$/); unless ($host =~ /^[a-zA-Z0-9\.\-\_]+\.$/);
my $regex = $RE{net}{IPv4} . '|' . $RE{net}{IPv6}; my $regex = $RE{net}{IPv4} . '|' . $RE{net}{IPv6};
die "Master must be an IPv4 or IPv6 address" die "Master must be an IPv4 or IPv6 address\n"
unless ($master =~ /^$regex$/); unless ($master =~ /^$regex$/);
$ddns->add($host, $master, '_vhosts'); my $payload = { master => $master };
if ($enable_dnssec) {
$payload->{dnssec} = true;
} elsif ($disable_dnssec) {
$payload->{dnssec} = false;
}
$ddns->add($host, encode_json($payload), '_vhosts');

0
bin/del-custom Executable file → Normal file
View File

0
bin/del-slave Executable file → Normal file
View File

0
bin/del-vhost Executable file → Normal file
View File

0
bin/is-managed Executable file → Normal file
View File

3
bin/list-all Executable file → Normal file
View File

@@ -8,6 +8,5 @@ my $ddns = Martnet::DDNS->new();
my @vh = $ddns->get(); my @vh = $ddns->get();
foreach my $i (sort {$a->{zone} cmp $b->{zone}} @vh) { foreach my $i (sort {$a->{zone} cmp $b->{zone}} @vh) {
next if ($i->{type} eq '_dnssec'); # Skip DNSSEC flags print $i->{zone}, ". $i->{type} master: ", ($i->{master} // ''), "\n";
print $i->{zone}, ". $i->{type} master: ", $i->{master},"\n";
} }

0
bin/list-custom Executable file → Normal file
View File

0
bin/list-slaves Executable file → Normal file
View File

0
bin/list-vhosts Executable file → Normal file
View File

2
bin/sync-master-vhosts Executable file → Normal file
View File

@@ -52,7 +52,7 @@ if ($changecount) {
} }
close $fh; close $fh;
print "Installing new vhost list\n"; print "Installing new vhost list\n";
system("install -o bind -g bind $path /var/lib/bind/vhost.zones.9"); system("install -o bind -g bind $path /var/lib/bind/unified.zones.9");
print "Reloading DNS files\n"; print "Reloading DNS files\n";
system("/usr/sbin/rndc reload"); system("/usr/sbin/rndc reload");
} }

17
bin/sync-slave Executable file → Normal file
View File

@@ -10,7 +10,7 @@ my $force = shift; # a "force" flag, if the update is big
my $ddns = Martnet::DDNS->new(); my $ddns = Martnet::DDNS->new();
my @vh = $ddns->get(); my @vh = $ddns->get('_pureslave');
my %vhh = map { $_->{zone} => 1 } @vh; my %vhh = map { $_->{zone} => 1 } @vh;
my @all = parse_slavefile("/etc/bind/martnet.slave.zones.9"); my @all = parse_slavefile("/etc/bind/martnet.slave.zones.9");
@@ -62,8 +62,9 @@ sub do_rewrite {
print "Differences found; rewriting slave file.\n"; print "Differences found; rewriting slave file.\n";
foreach my $i (sort {$a->{zone} cmp $b->{zone}} @vh) { foreach my $i (sort {$a->{zone} cmp $b->{zone}} @vh) {
next if ($i->{type} eq '_dnssec'); die "No master(s) found for slave zone $i->{zone}"
print $fh "zone \"$i->{zone}\" { type slave; file \"/var/cache/bind/db.$i->{zone}\"; masters { $i->{master}; }; allow-notify {key \"notify-key\";}; };\n"; unless defined($i->{master}) && $i->{master} ne '';
print $fh "zone \"$i->{zone}\" { type slave; file \"/var/cache/bind/db.$i->{zone}\"; masters { $i->{master}; }; allow-notify {key \"notify-key\";}; };\n";
} }
close $fh; close $fh;
print "Installing new slave host list\n"; print "Installing new slave host list\n";
@@ -89,13 +90,11 @@ sub contains_zone {
foreach my $i (@zl) { foreach my $i (@zl) {
if ($i->{zone} eq $zone->{zone}) { if ($i->{zone} eq $zone->{zone}) {
print "m: '$i->{master}' ne '$zone->{master}'\n" print "m: '$i->{master}' ne '$zone->{master}'\n"
unless ($i->{master} eq $zone->{master}); unless ($i->{master} eq $zone->{master});
return 1
if ($i->{master} eq $zone->{master});
} }
return 1
if ($i->{zone} eq $zone->{zone} &&
$i->{master} eq $zone->{master}
);
} }
return 0; return 0;
} }

6
bin/validate-master Executable file → Normal file
View File

@@ -9,11 +9,7 @@ my $ddns = Martnet::DDNS->new();
my $cfgpath = '/etc/bind'; my $cfgpath = '/etc/bind';
my $datapath = '/var/lib/bind'; my $datapath = '/var/lib/bind';
my %files = ( 'custom.zones.9' => '_custom', my %files = ( 'unified.zones.9' => '*' );
'martnet.zones.9' => '_custom',
'hostedservers.zones.9' => '_custom',
'vhost.zones.9' => '_vhosts',
'martnet.slave.zones.9' => '*' );
our %fixes = ( '_custom' => 'add-custom', our %fixes = ( '_custom' => 'add-custom',
'_vhosts' => 'add-vhost', '_vhosts' => 'add-vhost',