Commit be9bc3bc authored by A. Täffner's avatar A. Täffner

import previous work (not working completely yet)

parent b6a0ab05
......@@ -13,6 +13,10 @@ Installer
--------------------------------------
- Add a function to let a server join a existing installation.
Change named.options.conf and add follwoing lines into options-brackets for DNSSEC-Implementation:
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
Uninstaller
--------------------------------------
......
......@@ -1469,6 +1469,27 @@ class installer_base {
}
//** writes bind configuration files
public function process_bind_file($configfile, $target='/', $absolute=false) {
global $conf;
if ($absolute) $full_file_name = $target.$configfile;
else $full_file_name = $conf['ispconfig_install_dir'].$target.$configfile;
//* Backup exiting file
if(is_file($full_file_name)) {
copy($full_file_name, $config_dir.$configfile.'~');
}
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
$content = str_replace('{mysql_server_ispconfig_database}', $conf['mysql']['database'], $content);
$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
$content = str_replace('{ispconfig_install_dir}', $conf['ispconfig_install_dir'], $content);
$content = str_replace('{dnssec_conffile}', $conf['ispconfig_install_dir'].'/server/scripts/dnssec-config.sh', $content);
wf($full_file_name, $content);
}
public function configure_bind() {
global $conf;
......@@ -1487,6 +1508,15 @@ class installer_base {
chown($content, $conf['bind']['bind_user']);
chgrp($content, $conf['bind']['bind_group']);
chmod($content, 2770);
//* Install scripts for dnssec implementation
$this->process_bind_file('dnssec-update.sh', '/server/scripts/');
$this->process_bind_file('dnssec-create.sh', '/server/scripts/');
$this->process_bind_file('dnssec-delete.sh', '/server/scripts/');
$this->process_bind_file('dnssec-autoupdate.sh', '/server/scripts/');
$this->process_bind_file('dnssec-autopickup.sh', '/server/scripts/');
$this->process_bind_file('dnssec-autocreate.sh', '/server/scripts/');
$this->process_bind_file('dnssec-config.sh', '/server/scripts/');
}
......
......@@ -192,3 +192,13 @@ ALTER TABLE `web_domain` ADD `ssl_letsencrypt` enum('n','y') NOT NULL DEFAULT 'n
ALTER TABLE `openvz_template` CHANGE `vmguarpages` `vmguarpages` varchar(255) DEFAULT '65536:unlimited';
ALTER TABLE `openvz_template` CHANGE `privvmpages` `privvmpages` varchar(255) DEFAULT '131072:139264';
--- DNSSEC-Implementation by dark alex
--- TODO: Review and resolve conflicts if more has been done in that column
ALTER TABLE `dns_rr` CHANGE COLUMN `type` `type` ENUM('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') NULL DEFAULT NULL AFTER `name`;
ALTER TABLE `dns_soa`
ADD COLUMN `dnssec_initialized` ENUM('Y','N') NOT NULL DEFAULT 'N',
ADD COLUMN `dnssec_info` TEXT NULL;
......@@ -478,7 +478,7 @@ CREATE TABLE `dns_rr` (
`server_id` int(11) NOT NULL default '1',
`zone` int(11) unsigned NOT NULL DEFAULT '0',
`name` varchar(255) NOT NULL DEFAULT '',
`type` enum('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT') default NULL,
`type` enum('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') default NULL,
`data` TEXT NOT NULL DEFAULT '',
`aux` int(11) unsigned NOT NULL default '0',
`ttl` int(11) unsigned NOT NULL default '3600',
......@@ -539,6 +539,8 @@ CREATE TABLE `dns_soa` (
`xfer` varchar(255) NOT NULL DEFAULT '',
`also_notify` varchar(255) default NULL,
`update_acl` varchar(255) default NULL,
`dnssec_initialized` ENUM('Y','N') NOT NULL DEFAULT 'N',
`dnssec_info` TEXT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `origin` (`origin`),
KEY `active` (`active`)
......
......@@ -264,6 +264,14 @@ $form["tabs"]['dns_soa'] = array (
'default' => 'Y',
'value' => array(0 => 'N', 1 => 'Y')
),
'dnssec_info' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
'default' => '',
'value' => '',
'width' => '30',
'maxlength' => '10000'
),
//#################################
// ENDE Datatable fields
//#################################
......
......@@ -11,6 +11,7 @@ $wb['minimum_txt'] = 'Minimum';
$wb['ttl_txt'] = 'TTL';
$wb['xfer_txt'] = 'Zonentransfer zu diesen IP Adressen erlauben (mit Komma getrennte Liste)';
$wb['active_txt'] = 'Aktiv';
$wb['dnssec_info_txt'] = 'DNSSEC DS-Daten für Registry';
$wb['limit_dns_zone_txt'] = 'Die maximale Anzahl an DNS Einträgen für Ihr Konto wurde erreicht.';
$wb['client_txt'] = 'Kunde';
$wb['no_zone_perm'] = 'Sie haben nicht die Berechtigung, einen Eintrag zu dieser DNS Zone hinzuzufügen.';
......
......@@ -11,6 +11,7 @@ $wb["minimum_txt"] = 'Minimum';
$wb["ttl_txt"] = 'TTL';
$wb["xfer_txt"] = 'Allow zone transfers to <br />these IPs (comma separated list)';
$wb["active_txt"] = 'Active';
$wb['dnssec_info_txt'] = 'DNSSEC DS-Data for registry';
$wb["limit_dns_zone_txt"] = 'The max. number of DNS zones for your account is reached.';
$wb["client_txt"] = 'Client';
$wb["no_zone_perm"] = 'You do not have the permission to add a record to this DNS zone.';
......
......@@ -7,6 +7,7 @@ $function_list['dns_alias_get,dns_alias_add,dns_alias_update,dns_alias_delete']
$function_list['dns_cname_get,dns_cname_add,dns_cname_update,dns_cname_delete'] = 'DNS cname functions';
$function_list['dns_hinfo_get,dns_hinfo_add,dns_hinfo_update,dns_hinfo_delete'] = 'DNS hinfo functions';
$function_list['dns_mx_get,dns_mx_add,dns_mx_update,dns_mx_delete'] = 'DNS mx functions';
$function_list['dns_tlsa_get,dns_tlsa_add,dns_tlsa_update,dns_tlsa_delete'] = 'DNS tlsa functions';
$function_list['dns_ns_get,dns_ns_add,dns_ns_update,dns_ns_delete'] = 'DNS ns functions';
$function_list['dns_ptr_get,dns_ptr_add,dns_ptr_update,dns_ptr_delete'] = 'DNS ptr functions';
$function_list['dns_rp_get,dns_rp_add,dns_rp_update,dns_rp_delete'] = 'DNS rp functions';
......
......@@ -132,7 +132,7 @@ $liste["item"][] = array( 'field' => "type",
'prefix' => "",
'suffix' => "",
'width' => "",
'value' => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CNAME'=>'CNAME', 'HINFO'=>'HINFO', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SPF'=>'SPF', 'SRV'=>'SRV', 'TXT'=>'TXT'));
'value' => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CNAME'=>'CNAME', 'HINFO'=>'HINFO', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SPF'=>'SPF', 'SRV'=>'SRV', 'TLSA'=>'TLSA', 'TXT'=>'TXT'));
?>
......@@ -30,6 +30,7 @@
<button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_rp_edit.php?zone={tmpl_var name='parent_id'}">RP</button>
<button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_spf_edit.php?zone={tmpl_var name='parent_id'}">SPF</button>
<button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_srv_edit.php?zone={tmpl_var name='parent_id'}">SRV</button>
<button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_tlsa_edit.php?zone={tmpl_var name='parent_id'}">TLSA</button>
<button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_txt_edit.php?zone={tmpl_var name='parent_id'}">TXT</button>
</div>
......
......@@ -41,6 +41,9 @@ $TTL {tmpl_var name='ttl'}
<tmpl_if name="type" op='==' value='SRV'>
{tmpl_var name='name'} {tmpl_var name='ttl'} SRV {tmpl_var name='aux'} {tmpl_var name='data'}
</tmpl_if>
<tmpl_if name="type" op='==' value='TLSA'>
{tmpl_var name='name'} {tmpl_var name='ttl'} TLSA {tmpl_var name='data'}
</tmpl_if>
<tmpl_if name="type" op='==' value='TXT'>
{tmpl_var name='name'} {tmpl_var name='ttl'} TXT "{tmpl_var name='data'}"
</tmpl_if>
......
......@@ -163,7 +163,14 @@ class bind_plugin {
if(is_file($filename)) unlink($filename);
if(is_file($filename.'.err')) unlink($filename.'.err');
}
//* DNSSEC-Implementation
if (strlen($data['old']['origin']) > 3) exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete old keys
exec('/usr/local/ispconfig/server/scripts/dnssec-create.sh '.$data['new']['origin']); //Create new keys for new origin
}
//* DNSSEC-Implementation
exec('/usr/local/ispconfig/server/scripts/dnssec-update.sh '.$data['new']['origin']);
//* Restart bind nameserver if update_acl is not empty, otherwise reload it
if($data['new']['update_acl'] != '') {
......@@ -197,6 +204,9 @@ class bind_plugin {
if(is_file($zone_file_name.'.err')) unlink($zone_file_name.'.err');
$app->log("Deleting BIND domain file: ".$zone_file_name, LOGLEVEL_DEBUG);
//* DNSSEC-Implementation
exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete keys
//* Reload bind nameserver
$app->services->restartServiceDelayed('bind', 'reload');
......@@ -342,7 +352,7 @@ class bind_plugin {
//* Loop trough zones
foreach($tmps as $tmp) {
$zone_file = $pri_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1));
$zone_file = $pri_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1)).'.signed'; //.signed is for DNSSEC-Implementation
$options = '';
if(trim($tmp['xfer']) != '') {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment