DNSSEC-Implementation for BIND-Users (Including TLSA for DANE)

This implements DNSSEC on a full automatic base. Whenever a zone gets added, changed or deleted it will be signed (or in case of deletion the keys get deleted) This adds full dnssec capabilities to the system.

Hints:

• DNSKEY-Records are not visible within ISPConfig as they get added by a script by the server cron.
• If there is low available entropy (<400 bits) new keys will not generate. In this case the zonefile (which was never signed before) stays unsigned until next change of soa or any rr in that zone. IF a key exists zone files will always be signed.
• I recommend installing haveged - especially on VMs - which raises available entropy by a huge amount of bits
• only de and en language included.

The scripts have been tested on my productive 3.0 server for about 4 weeks. I just made small changes and optimizations and did a full test with my branch.

More info: https://www.howtoforge.com/community/threads/bit-hacky-implementation-of-dnssec-patch-and-tlsa-dane.71829/

ANOTHER HINT: Currently the New zone Wizard is not working. This also happens in latest ISPC master branch so I ignored that and files a bug report: http://bugtracker.ispconfig.org/index.php?do=details&task_id=4069