From ad1eea8a1a1cc14c3cbd210228e162dc55b58f10 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?A=2E=20T=C3=A4ffner?= <darkalex@firesplash.de>
Date: Thu, 7 Apr 2016 10:14:47 +0200
Subject: [PATCH] Fixed cron to update serial and not sign directly. This now
issues a job for the cron server which will then generate the zone and sign
it. cleaner solution AND fixes a possible replication (zone-transfer) issue.
---
.../classes/cron.d/550-bind_dnssec.inc.php | 53 +++++++++----------
1 file changed, 26 insertions(+), 27 deletions(-)
diff --git a/server/lib/classes/cron.d/550-bind_dnssec.inc.php b/server/lib/classes/cron.d/550-bind_dnssec.inc.php
index 2d238c7f4c..99360e06ac 100644
--- a/server/lib/classes/cron.d/550-bind_dnssec.inc.php
+++ b/server/lib/classes/cron.d/550-bind_dnssec.inc.php
@@ -34,7 +34,29 @@ DNSSEC-Implementation by Alexander T
class cronjob_bind_dnssec extends cronjob {
// job schedule
- protected $_schedule = '30 3 * * *'; //daily at 3:30 a.m.
+ //protected $_schedule = '30 3 * * *'; //daily at 3:30 a.m.
+ protected $_schedule = '* * * * *'; //temp 4 test
+
+ private function increase_serial($serial){
+ global $app, $conf;
+
+ // increase serial
+ $serial_date = $app->functions->intval(substr($serial, 0, 8));
+ $count = $app->functions->intval(substr($serial, 8, 2));
+ $current_date = date("Ymd");
+ if($serial_date >= $current_date){
+ $count += 1;
+ if ($count > 99) {
+ $serial_date += 1;
+ $count = 0;
+ }
+ $count = str_pad($count, 2, "0", STR_PAD_LEFT);
+ $new_serial = $serial_date.$count;
+ } else {
+ $new_serial = $current_date.'01';
+ }
+ return $new_serial;
+ }
public function onRunJob() {
global $app, $conf;
@@ -54,31 +76,8 @@ class cronjob_bind_dnssec extends cronjob {
$domain = substr($data['origin'], 0, strlen($data['origin'])-1);
if (!file_exists($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain)) return false;
- $app->log('DNSSEC Auto-Resign: Resigning zone '.$domain, LOGLEVEL_INFO);
-
- $zonefile = file_get_contents($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain);
- $keycount=0;
- foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) {
- $includeline = '$INCLUDE '.basename($keyfile);
- if (!preg_match('@'.preg_quote($includeline).'@', $zonefile)) $zonefile .= "\n".$includeline."\n";
- $keycount++;
- }
- if ($keycount != 2) $app->log('DNSSEC Warning: There are more or less than 2 keyfiles for zone '.$domain, LOGLEVEL_WARN);
- file_put_contents($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain, $zonefile);
-
- //Sign the zone and set it valid for max. 16 days
- exec('cd '.escapeshellcmd($dns_config['bind_zonefiles_dir']).';'.
- '/usr/sbin/dnssec-signzone -A -e +1382400 -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o '.escapeshellcmd($domain).' -t '.$filespre.escapeshellcmd($domain));
-
- //Write Data back into DB
- $dnssecdata = "DS-Records:\n".file_get_contents($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.');
- $dnssecdata .= "\n------------------------------------\n\nDNSKEY-Records:\n";
- foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) {
- $dnssecdata .= file_get_contents($keyfile)."\n\n";
- }
-
- $app->db->query('UPDATE dns_soa SET dnssec_info=\''.$dnssecdata.'\', dnssec_initialized=\'Y\', dnssec_last_signed=\''.time().'\' WHERE id='.$data['id']);
- $data = next($soas);
+ $app->log('DNSSEC Auto-Resign: Touching zone '.$domain, LOGLEVEL_INFO);
+ $app->db->datalogUpdate('dns_soa', array("serial" => $this->increase_serial($data['serial'])), 'id', $data['id']);
}
parent::onRunJob();
@@ -86,4 +85,4 @@ class cronjob_bind_dnssec extends cronjob {
}
-?>
+?>
\ No newline at end of file
--
GitLab