diff --git a/server/plugins-available/bind_plugin.inc.php b/server/plugins-available/bind_plugin.inc.php
index 3dd2f8418ddcfed26233a97b188692f466403703..6ba507ccc65014341992df339195ee5c6c742ab8 100644
--- a/server/plugins-available/bind_plugin.inc.php
+++ b/server/plugins-available/bind_plugin.inc.php
@@ -145,7 +145,15 @@ class bind_plugin {
unset($records_out);
unset($zone);
}
-
+
+ //* DNSSEC-Implementation
+ if($data['old']['origin'] != $data['new']['origin']) {
+ if (@$data['old']['dnssec_initialized'] == 'Y' && strlen(@$data['old']['origin']) > 3) exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.escapeshellcmd($data['old']['origin'])); //delete old keys
+ if ($data['new']['dnssec_wanted'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-create.sh '.escapeshellcmd($data['new']['origin'])); //Create new keys for new origin
+ }
+ if ($data['new']['dnssec_wanted'] == 'Y' AND $data['new']['dnssec_initialized'] == 'N') if ($data['new']['dnssec_wanted'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-create.sh '.escapeshellcmd($data['new']['origin'])); //Create new keys for new origin
+ else if ($data['old']['dnssec_wanted'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-update.sh '.escapeshellcmd($data['new']['origin']));
+
//* rebuild the named.conf file if the origin has changed or when the origin is inserted.
//if($this->action == 'insert' || $data['old']['origin'] != $data['new']['origin']) {
$this->write_named_conf($data, $dns_config);
@@ -163,15 +171,9 @@ class bind_plugin {
if(is_file($filename)) unlink($filename);
if(is_file($filename.'.err')) unlink($filename.'.err');
-
- //* DNSSEC-Implementation
- if (strlen($data['old']['origin']) > 3) exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete old keys
- exec('/usr/local/ispconfig/server/scripts/dnssec-create.sh '.$data['new']['origin']); //Create new keys for new origin
+ if(is_file($filename.'.signed')) unlink($filename.'.signed');
}
- //* DNSSEC-Implementation
- exec('/usr/local/ispconfig/server/scripts/dnssec-update.sh '.$data['new']['origin']);
-
//* Restart bind nameserver if update_acl is not empty, otherwise reload it
if($data['new']['update_acl'] != '') {
$app->services->restartServiceDelayed('bind', 'restart');
@@ -205,7 +207,7 @@ class bind_plugin {
$app->log("Deleting BIND domain file: ".$zone_file_name, LOGLEVEL_DEBUG);
//* DNSSEC-Implementation
- exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete keys
+ if ($data['old']['dnssec_initialized'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete keys
//* Reload bind nameserver
$app->services->restartServiceDelayed('bind', 'reload');
@@ -333,7 +335,7 @@ class bind_plugin {
global $app, $conf;
//* Only write the master file for the current server
- $tmps = $app->db->queryAllRecords("SELECT origin, xfer, also_notify, update_acl FROM dns_soa WHERE active = 'Y' AND server_id=?", $conf["server_id"]);
+ $tmps = $app->db->queryAllRecords("SELECT origin, xfer, also_notify, update_acl, dnssec_initialized FROM dns_soa WHERE active = 'Y' AND server_id=?", $conf["server_id"]);
$zones = array();
//* Check if the current zone that triggered this function has at least one NS record
@@ -352,7 +354,8 @@ class bind_plugin {
//* Loop trough zones
foreach($tmps as $tmp) {
- $zone_file = $pri_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1)).'.signed'; //.signed is for DNSSEC-Implementation
+ $zone_file = $pri_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1));
+ if ($tmp['dnssec_initialized'] == 'Y') $zone_file .= '.signed' //.signed is for DNSSEC-Implementation
$options = '';
if(trim($tmp['xfer']) != '') {