diff --git a/TODO.txt b/TODO.txt
index 6dcae104a29e055a6febd2ce4b761d7070052ef3..77b138d282cec79e6df3bc1de1b0b9aa78b59b01 100644
--- a/TODO.txt
+++ b/TODO.txt
@@ -13,6 +13,10 @@ Installer
--------------------------------------
- Add a function to let a server join a existing installation.
+Change named.options.conf and add follwoing lines into options-brackets for DNSSEC-Implementation:
+ dnssec-enable yes;
+ dnssec-validation yes;
+ dnssec-lookaside auto;
Uninstaller
--------------------------------------
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index f22a627da9b30ee7223b6cb3be544447a353f2ee..7643043c9f008658173d5b8e1b53712b083a381c 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -1469,6 +1469,27 @@ class installer_base {
}
+
+ //** writes bind configuration files
+ public function process_bind_file($configfile, $target='/', $absolute=false) {
+ global $conf;
+
+ if ($absolute) $full_file_name = $target.$configfile;
+ else $full_file_name = $conf['ispconfig_install_dir'].$target.$configfile;
+
+ //* Backup exiting file
+ if(is_file($full_file_name)) {
+ copy($full_file_name, $config_dir.$configfile.'~');
+ }
+ $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
+ $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
+ $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
+ $content = str_replace('{mysql_server_ispconfig_database}', $conf['mysql']['database'], $content);
+ $content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
+ $content = str_replace('{ispconfig_install_dir}', $conf['ispconfig_install_dir'], $content);
+ $content = str_replace('{dnssec_conffile}', $conf['ispconfig_install_dir'].'/server/scripts/dnssec-config.sh', $content);
+ wf($full_file_name, $content);
+ }
public function configure_bind() {
global $conf;
@@ -1487,6 +1508,15 @@ class installer_base {
chown($content, $conf['bind']['bind_user']);
chgrp($content, $conf['bind']['bind_group']);
chmod($content, 2770);
+
+ //* Install scripts for dnssec implementation
+ $this->process_bind_file('dnssec-update.sh', '/server/scripts/');
+ $this->process_bind_file('dnssec-create.sh', '/server/scripts/');
+ $this->process_bind_file('dnssec-delete.sh', '/server/scripts/');
+ $this->process_bind_file('dnssec-autoupdate.sh', '/server/scripts/');
+ $this->process_bind_file('dnssec-autopickup.sh', '/server/scripts/');
+ $this->process_bind_file('dnssec-autocreate.sh', '/server/scripts/');
+ $this->process_bind_file('dnssec-config.sh', '/server/scripts/');
}
diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql
index e4fd928f7f07d9a87c8cdca4ee2e1ba80cd7ea2a..afc864d705970fbdfbbcc96ff8e99d64486ca5ab 100644
--- a/install/sql/incremental/upd_dev_collection.sql
+++ b/install/sql/incremental/upd_dev_collection.sql
@@ -192,3 +192,13 @@ ALTER TABLE `web_domain` ADD `ssl_letsencrypt` enum('n','y') NOT NULL DEFAULT 'n
ALTER TABLE `openvz_template` CHANGE `vmguarpages` `vmguarpages` varchar(255) DEFAULT '65536:unlimited';
ALTER TABLE `openvz_template` CHANGE `privvmpages` `privvmpages` varchar(255) DEFAULT '131072:139264';
+
+
+--- DNSSEC-Implementation by dark alex
+--- TODO: Review and resolve conflicts if more has been done in that column
+ALTER TABLE `dns_rr` CHANGE COLUMN `type` `type` ENUM('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') NULL DEFAULT NULL AFTER `name`;
+
+ALTER TABLE `dns_soa`
+ ADD COLUMN `dnssec_initialized` ENUM('Y','N') NOT NULL DEFAULT 'N',
+ ADD COLUMN `dnssec_info` TEXT NULL;
+
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index 672f94bae40e63766b1674d29e0bfe913e9dd864..6138f9c79f74635c03c037912d37ecf8591e7dd0 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -478,7 +478,7 @@ CREATE TABLE `dns_rr` (
`server_id` int(11) NOT NULL default '1',
`zone` int(11) unsigned NOT NULL DEFAULT '0',
`name` varchar(255) NOT NULL DEFAULT '',
- `type` enum('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT') default NULL,
+ `type` enum('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') default NULL,
`data` TEXT NOT NULL DEFAULT '',
`aux` int(11) unsigned NOT NULL default '0',
`ttl` int(11) unsigned NOT NULL default '3600',
@@ -539,6 +539,8 @@ CREATE TABLE `dns_soa` (
`xfer` varchar(255) NOT NULL DEFAULT '',
`also_notify` varchar(255) default NULL,
`update_acl` varchar(255) default NULL,
+ `dnssec_initialized` ENUM('Y','N') NOT NULL DEFAULT 'N',
+ `dnssec_info` TEXT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `origin` (`origin`),
KEY `active` (`active`)
diff --git a/interface/web/dns/form/dns_soa.tform.php b/interface/web/dns/form/dns_soa.tform.php
index 02afa86c53d28af488c8c49bcc8e8a7fbbd67ccd..867bbbcbbeeb37639de4a099c399331b11925067 100644
--- a/interface/web/dns/form/dns_soa.tform.php
+++ b/interface/web/dns/form/dns_soa.tform.php
@@ -264,6 +264,14 @@ $form["tabs"]['dns_soa'] = array (
'default' => 'Y',
'value' => array(0 => 'N', 1 => 'Y')
),
+ 'dnssec_info' => array (
+ 'datatype' => 'TEXT',
+ 'formtype' => 'TEXTAREA',
+ 'default' => '',
+ 'value' => '',
+ 'width' => '30',
+ 'maxlength' => '10000'
+ ),
//#################################
// ENDE Datatable fields
//#################################
diff --git a/interface/web/dns/lib/lang/de_dns_soa.lng b/interface/web/dns/lib/lang/de_dns_soa.lng
index efd6e905515e3b6a16d081e54af5e2397d14c43c..5f675d88c81b8488a72671336810eb5ddd5b6ba9 100644
--- a/interface/web/dns/lib/lang/de_dns_soa.lng
+++ b/interface/web/dns/lib/lang/de_dns_soa.lng
@@ -11,6 +11,7 @@ $wb['minimum_txt'] = 'Minimum';
$wb['ttl_txt'] = 'TTL';
$wb['xfer_txt'] = 'Zonentransfer zu diesen IP Adressen erlauben (mit Komma getrennte Liste)';
$wb['active_txt'] = 'Aktiv';
+$wb['dnssec_info_txt'] = 'DNSSEC DS-Daten für Registry';
$wb['limit_dns_zone_txt'] = 'Die maximale Anzahl an DNS Einträgen für Ihr Konto wurde erreicht.';
$wb['client_txt'] = 'Kunde';
$wb['no_zone_perm'] = 'Sie haben nicht die Berechtigung, einen Eintrag zu dieser DNS Zone hinzuzufügen.';
diff --git a/interface/web/dns/lib/lang/en_dns_soa.lng b/interface/web/dns/lib/lang/en_dns_soa.lng
index 433530c02daf50067a71f9302145303c2f936de5..9566ce71d8ca471047b37d7ecc52172df49e2823 100644
--- a/interface/web/dns/lib/lang/en_dns_soa.lng
+++ b/interface/web/dns/lib/lang/en_dns_soa.lng
@@ -11,6 +11,7 @@ $wb["minimum_txt"] = 'Minimum';
$wb["ttl_txt"] = 'TTL';
$wb["xfer_txt"] = 'Allow zone transfers to
these IPs (comma separated list)';
$wb["active_txt"] = 'Active';
+$wb['dnssec_info_txt'] = 'DNSSEC DS-Data for registry';
$wb["limit_dns_zone_txt"] = 'The max. number of DNS zones for your account is reached.';
$wb["client_txt"] = 'Client';
$wb["no_zone_perm"] = 'You do not have the permission to add a record to this DNS zone.';
diff --git a/interface/web/dns/lib/remote.conf.php b/interface/web/dns/lib/remote.conf.php
index dcabf948575e69ebd707b0f1fd489ce0e6738e0f..ef2ed9e4cc0218a95c67a259bda4437e73cc6ea6 100644
--- a/interface/web/dns/lib/remote.conf.php
+++ b/interface/web/dns/lib/remote.conf.php
@@ -7,6 +7,7 @@ $function_list['dns_alias_get,dns_alias_add,dns_alias_update,dns_alias_delete']
$function_list['dns_cname_get,dns_cname_add,dns_cname_update,dns_cname_delete'] = 'DNS cname functions';
$function_list['dns_hinfo_get,dns_hinfo_add,dns_hinfo_update,dns_hinfo_delete'] = 'DNS hinfo functions';
$function_list['dns_mx_get,dns_mx_add,dns_mx_update,dns_mx_delete'] = 'DNS mx functions';
+$function_list['dns_tlsa_get,dns_tlsa_add,dns_tlsa_update,dns_tlsa_delete'] = 'DNS tlsa functions';
$function_list['dns_ns_get,dns_ns_add,dns_ns_update,dns_ns_delete'] = 'DNS ns functions';
$function_list['dns_ptr_get,dns_ptr_add,dns_ptr_update,dns_ptr_delete'] = 'DNS ptr functions';
$function_list['dns_rp_get,dns_rp_add,dns_rp_update,dns_rp_delete'] = 'DNS rp functions';
diff --git a/interface/web/dns/list/dns_a.list.php b/interface/web/dns/list/dns_a.list.php
index bf5bf1d52dbd2400614b7a33c2ed12ce9a40f153..1c36c13c6798062e640f655f2b526fb3a5e2f880 100644
--- a/interface/web/dns/list/dns_a.list.php
+++ b/interface/web/dns/list/dns_a.list.php
@@ -132,7 +132,7 @@ $liste["item"][] = array( 'field' => "type",
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CNAME'=>'CNAME', 'HINFO'=>'HINFO', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SPF'=>'SPF', 'SRV'=>'SRV', 'TXT'=>'TXT'));
+ 'value' => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CNAME'=>'CNAME', 'HINFO'=>'HINFO', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SPF'=>'SPF', 'SRV'=>'SRV', 'TLSA'=>'TLSA', 'TXT'=>'TXT'));
?>
diff --git a/interface/web/dns/templates/dns_a_list.htm b/interface/web/dns/templates/dns_a_list.htm
index 790fbdcb39d06d29be75da3bc849daf9d3093428..51aa559d364a44b4b0c99788be700e16d33bf700 100644
--- a/interface/web/dns/templates/dns_a_list.htm
+++ b/interface/web/dns/templates/dns_a_list.htm
@@ -30,6 +30,7 @@
+
diff --git a/server/conf/bind_pri.domain.master b/server/conf/bind_pri.domain.master
index 279fbac3517bb75753c560f7c7de30fc35b73f59..0e9c6cd7958507ef3f398bb47c8c51460e390334 100644
--- a/server/conf/bind_pri.domain.master
+++ b/server/conf/bind_pri.domain.master
@@ -41,6 +41,9 @@ $TTL {tmpl_var name='ttl'}
{tmpl_var name='name'} {tmpl_var name='ttl'} SRV {tmpl_var name='aux'} {tmpl_var name='data'}
+
+{tmpl_var name='name'} {tmpl_var name='ttl'} TLSA {tmpl_var name='data'}
+
{tmpl_var name='name'} {tmpl_var name='ttl'} TXT "{tmpl_var name='data'}"
diff --git a/server/plugins-available/bind_plugin.inc.php b/server/plugins-available/bind_plugin.inc.php
index c538cb9570ce2d07ca395a3d808626ed56a129aa..3dd2f8418ddcfed26233a97b188692f466403703 100644
--- a/server/plugins-available/bind_plugin.inc.php
+++ b/server/plugins-available/bind_plugin.inc.php
@@ -163,7 +163,14 @@ class bind_plugin {
if(is_file($filename)) unlink($filename);
if(is_file($filename.'.err')) unlink($filename.'.err');
- }
+
+ //* DNSSEC-Implementation
+ if (strlen($data['old']['origin']) > 3) exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete old keys
+ exec('/usr/local/ispconfig/server/scripts/dnssec-create.sh '.$data['new']['origin']); //Create new keys for new origin
+ }
+
+ //* DNSSEC-Implementation
+ exec('/usr/local/ispconfig/server/scripts/dnssec-update.sh '.$data['new']['origin']);
//* Restart bind nameserver if update_acl is not empty, otherwise reload it
if($data['new']['update_acl'] != '') {
@@ -197,6 +204,9 @@ class bind_plugin {
if(is_file($zone_file_name.'.err')) unlink($zone_file_name.'.err');
$app->log("Deleting BIND domain file: ".$zone_file_name, LOGLEVEL_DEBUG);
+ //* DNSSEC-Implementation
+ exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete keys
+
//* Reload bind nameserver
$app->services->restartServiceDelayed('bind', 'reload');
@@ -342,7 +352,7 @@ class bind_plugin {
//* Loop trough zones
foreach($tmps as $tmp) {
- $zone_file = $pri_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1));
+ $zone_file = $pri_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1)).'.signed'; //.signed is for DNSSEC-Implementation
$options = '';
if(trim($tmp['xfer']) != '') {