diff --git a/install/tpl/dnssec-delete.sh.master b/install/tpl/dnssec-delete.sh.master
index 984d41a3d6bc8668875f7fbce67ed9eef35422cf..03d54b17c530fa8b9ca6e8e7254e332942e5882a 100644
--- a/install/tpl/dnssec-delete.sh.master
+++ b/install/tpl/dnssec-delete.sh.master
@@ -17,6 +17,7 @@ if [ "$mysqlcheck" = 0 ];then
fi
rm $bindpath/K$pardomain.+*.key
+rm $bindpath/K$pardomain.+*.private
rm "$bindpath/$filespre$pardomain.signed"
rm "$bindpath/dsset-$pardomain."
diff --git a/install/tpl/dnssec-update.sh.master b/install/tpl/dnssec-update.sh.master
index 5fd06942bc40453dd41e69600da31cb126cf2898..1aeff9058aeff2d2b34d10b229869c85fdd14443 100644
--- a/install/tpl/dnssec-update.sh.master
+++ b/install/tpl/dnssec-update.sh.master
@@ -1,13 +1,14 @@
#!/bin/bash
source {dnssec_conffile}
pardomain="${1::-1}"
+cd $bindpath
if [ ! -d $backuppath ]; then mkdir -p $backuppath; fi
#connect to database for testing
mysqlcheck=`mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; show tables;" | wc -c`
if [ "$mysqlcheck" = 0 ];then
echo "$0 could not connect to database"
- cd $curdir
+ cd $curpath
exit 0
fi
@@ -33,8 +34,8 @@ mysqlcheck=`mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; sel
fi
/usr/sbin/dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o $domain -t $filespre$domain
- mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; update dns_soa set serial='$fserial' where origin='$domain.'; update dns_rr set serial='$fserial' WHERE zone=$zoneid"
+ mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; update dns_soa set serial='$fserial', dnssec_info='`cat /tmp/.dnssec-$domain`' where origin='$domain.'; update dns_rr set serial='$fserial' WHERE zone=$zoneid"
echo "DNSSEC for $pardomain has been configured"
-cd $curdir
+cd $curpath
exit 0
diff --git a/interface/web/dns/lib/lang/de_dns_soa.lng b/interface/web/dns/lib/lang/de_dns_soa.lng
index 3cb6ebf248a790dcbcff29d356f1c4188238f4fc..6c475ed072cbc3d30af4acc6514d4f63084c227d 100644
--- a/interface/web/dns/lib/lang/de_dns_soa.lng
+++ b/interface/web/dns/lib/lang/de_dns_soa.lng
@@ -13,6 +13,7 @@ $wb['xfer_txt'] = 'Zonentransfer zu diesen IP Adressen erlauben (mit Komma getre
$wb['active_txt'] = 'Aktiv';
$wb['dnssec_info_txt'] = 'DNSSEC DS-Daten für Registry';
$wb['dnssec_wanted_txt'] = 'Zone signieren (DNSSEC)';
+$wb['dnssec_wanted_info'] = 'Wenn DNSSEC bereits aktiviert war und ein Key erstellt wurde, wird dieser durch deaktivieren nicht gelöscht. Die Zone wird dann jedoch nicht länger signiert ausgeliefert.';
$wb['limit_dns_zone_txt'] = 'Die maximale Anzahl an DNS Einträgen für Ihr Konto wurde erreicht.';
$wb['client_txt'] = 'Kunde';
$wb['no_zone_perm'] = 'Sie haben nicht die Berechtigung, einen Eintrag zu dieser DNS Zone hinzuzufügen.';
diff --git a/interface/web/dns/lib/lang/en_dns_soa.lng b/interface/web/dns/lib/lang/en_dns_soa.lng
index 12f81dd225c2f6441cf0aee8a2ad4c555605230b..9018a6f38f75fca1f37a77c1d2a26f9ca58d2e71 100644
--- a/interface/web/dns/lib/lang/en_dns_soa.lng
+++ b/interface/web/dns/lib/lang/en_dns_soa.lng
@@ -13,6 +13,7 @@ $wb["xfer_txt"] = 'Allow zone transfers to <br />these IPs (comma separated list
$wb["active_txt"] = 'Active';
$wb['dnssec_info_txt'] = 'DNSSEC DS-Data for registry';
$wb['dnssec_wanted_txt'] = 'Sign zone (DNSSEC)';
+$wb['dnssec_wanted_info'] = 'When disabling DNSSEC keys are not going to be deleted if DNSSEC was enabled before and keys already have been generated but the zone will no longer be delievered in signed format afterwards.';
$wb["limit_dns_zone_txt"] = 'The max. number of DNS zones for your account is reached.';
$wb["client_txt"] = 'Client';
$wb["no_zone_perm"] = 'You do not have the permission to add a record to this DNS zone.';
diff --git a/interface/web/dns/templates/dns_soa_edit.htm b/interface/web/dns/templates/dns_soa_edit.htm
index 91833bccef053bec79b39d214bf8e1a32bbfd74e..be2e7fa831367c4e0eb9abadceb5eb3c0bde479c 100644
--- a/interface/web/dns/templates/dns_soa_edit.htm
+++ b/interface/web/dns/templates/dns_soa_edit.htm
@@ -128,12 +128,12 @@
<div class="form-group">
<label class="col-sm-3 control-label">{tmpl_var name='dnssec_wanted_txt'}</label>
<div class="col-sm-9">
- {tmpl_var name='dnssec_wanted'}
- </div>
+ {tmpl_var name='dnssec_wanted'}<br /><small>({tmpl_var name='dnssec_wanted_info'})</small>
+ </div>
</div>
<div class="form-group">
<label for="update_acl" class="col-sm-3 control-label">{tmpl_var name='dnssec_info_txt'}</label>
- <div class="col-sm-9"><textarea readonly="true" rows="5" class="form-control">{tmpl_var name='dnssec_info'}</textarea></div>
+ <div class="col-sm-9"><textarea readonly="true" rows="5" id="dnssec_info" name="dnssec_info" class="form-control">{tmpl_var name='dnssec_info'}</textarea></div>
</div>
<input type="hidden" name="id" value="{tmpl_var name='id'}">
diff --git a/server/plugins-available/bind_plugin.inc.php b/server/plugins-available/bind_plugin.inc.php
index 3836e7e05c3eb5c8b18533a6cf326ef9349373c9..c74f19888550f3f1c410295b59474df0f8104168 100644
--- a/server/plugins-available/bind_plugin.inc.php
+++ b/server/plugins-available/bind_plugin.inc.php
@@ -151,9 +151,8 @@ class bind_plugin {
if (@$data['old']['dnssec_initialized'] == 'Y' && strlen(@$data['old']['origin']) > 3) exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.escapeshellcmd($data['old']['origin'])); //delete old keys
if ($data['new']['dnssec_wanted'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-create.sh '.escapeshellcmd($data['new']['origin'])); //Create new keys for new origin
}
- if ($data['new']['dnssec_wanted'] == 'Y' AND $data['new']['dnssec_initialized'] == 'N') if ($data['new']['dnssec_wanted'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-create.sh '.escapeshellcmd($data['new']['origin'])); //Create new keys for new origin
- else if ($data['old']['dnssec_wanted'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-update.sh '.escapeshellcmd($data['new']['origin']));
- if($data['old']['dnssec_initialized'] == 'Y' && $data['new']['dnssec_wanted'] == 'N') { //delete old signed file if dnssec is no longer wanted
+ else if ($data['new']['dnssec_wanted'] == 'Y' && $data['old']['dnssec_initialized'] == 'N') exec('/usr/local/ispconfig/server/scripts/dnssec-create.sh '.escapeshellcmd($data['new']['origin'])); //Create new keys for new origin
+ else if ($data['new']['dnssec_wanted'] == 'N' && $data['old']['dnssec_initialized'] == 'Y') { //delete old signed file if dnssec is no longer wanted
//TODO : change this when distribution information has been integrated into server record
if (file_exists('/etc/gentoo-release')) {
$filename = $dns_config['bind_zonefiles_dir'].'/pri/'.str_replace("/", "_", substr($data['old']['origin'], 0, -1));
@@ -162,7 +161,7 @@ class bind_plugin {
$filename = $dns_config['bind_zonefiles_dir'].'/pri.'.str_replace("/", "_", substr($data['old']['origin'], 0, -1));
}
if(is_file($filename.'.signed')) unlink($filename.'.signed');
- }
+ } else if ($data['new']['dnssec_wanted'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-update.sh '.escapeshellcmd($data['new']['origin']));
// END DNSSEC
//* rebuild the named.conf file if the origin has changed or when the origin is inserted.
@@ -346,7 +345,7 @@ class bind_plugin {
global $app, $conf;
//* Only write the master file for the current server
- $tmps = $app->db->queryAllRecords("SELECT origin, xfer, also_notify, update_acl, dnssec_initialized FROM dns_soa WHERE active = 'Y' AND server_id=?", $conf["server_id"]);
+ $tmps = $app->db->queryAllRecords("SELECT origin, xfer, also_notify, update_acl, dnssec_wanted FROM dns_soa WHERE active = 'Y' AND server_id=?", $conf["server_id"]);
$zones = array();
//* Check if the current zone that triggered this function has at least one NS record
@@ -364,9 +363,8 @@ class bind_plugin {
//* Loop trough zones
foreach($tmps as $tmp) {
-
$zone_file = $pri_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1));
- if ($tmp['dnssec_initialized'] == 'Y') $zone_file .= '.signed' //.signed is for DNSSEC-Implementation
+ if ($tmp['dnssec_wanted'] == 'Y') $zone_file .= '.signed'; //.signed is for DNSSEC-Implementation
$options = '';
if(trim($tmp['xfer']) != '') {