From 6a25accffe0c2818e00dc3ad5dd3eb3a47c76291 Mon Sep 17 00:00:00 2001
From: A. Täffner <darkalex@firesplash.de>
Date: Fri, 22 Jan 2016 13:11:31 -0500
Subject: [PATCH] import previous work (not working completely yet)
---
TODO.txt | 4 ++
interface/web/dns/lib/lang/en_dns_soa.lng | 1
interface/web/dns/list/dns_a.list.php | 2
install/lib/installer_base.lib.php | 30 +++++++++++++++
install/sql/ispconfig3.sql | 4 +
interface/web/dns/form/dns_soa.tform.php | 8 ++++
install/sql/incremental/upd_dev_collection.sql | 8 ++++
interface/web/dns/lib/remote.conf.php | 1
interface/web/dns/templates/dns_a_list.htm | 1
server/conf/bind_pri.domain.master | 3 +
server/plugins-available/bind_plugin.inc.php | 14 ++++++-
interface/web/dns/lib/lang/de_dns_soa.lng | 1
12 files changed, 73 insertions(+), 4 deletions(-)
diff --git a/TODO.txt b/TODO.txt
index 6dcae10..77b138d 100644
--- a/TODO.txt
+++ b/TODO.txt
@@ -13,6 +13,10 @@
--------------------------------------
- Add a function to let a server join a existing installation.
+Change named.options.conf and add follwoing lines into options-brackets for DNSSEC-Implementation:
+ dnssec-enable yes;
+ dnssec-validation yes;
+ dnssec-lookaside auto;
Uninstaller
--------------------------------------
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index f22a627..7643043 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -1469,6 +1469,27 @@
}
+
+ //** writes bind configuration files
+ public function process_bind_file($configfile, $target='/', $absolute=false) {
+ global $conf;
+
+ if ($absolute) $full_file_name = $target.$configfile;
+ else $full_file_name = $conf['ispconfig_install_dir'].$target.$configfile;
+
+ //* Backup exiting file
+ if(is_file($full_file_name)) {
+ copy($full_file_name, $config_dir.$configfile.'~');
+ }
+ $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
+ $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
+ $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
+ $content = str_replace('{mysql_server_ispconfig_database}', $conf['mysql']['database'], $content);
+ $content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
+ $content = str_replace('{ispconfig_install_dir}', $conf['ispconfig_install_dir'], $content);
+ $content = str_replace('{dnssec_conffile}', $conf['ispconfig_install_dir'].'/server/scripts/dnssec-config.sh', $content);
+ wf($full_file_name, $content);
+ }
public function configure_bind() {
global $conf;
@@ -1487,6 +1508,15 @@
chown($content, $conf['bind']['bind_user']);
chgrp($content, $conf['bind']['bind_group']);
chmod($content, 2770);
+
+ //* Install scripts for dnssec implementation
+ $this->process_bind_file('dnssec-update.sh', '/server/scripts/');
+ $this->process_bind_file('dnssec-create.sh', '/server/scripts/');
+ $this->process_bind_file('dnssec-delete.sh', '/server/scripts/');
+ $this->process_bind_file('dnssec-autoupdate.sh', '/server/scripts/');
+ $this->process_bind_file('dnssec-autopickup.sh', '/server/scripts/');
+ $this->process_bind_file('dnssec-autocreate.sh', '/server/scripts/');
+ $this->process_bind_file('dnssec-config.sh', '/server/scripts/');
}
diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql
index 624d748..865f349 100644
--- a/install/sql/incremental/upd_dev_collection.sql
+++ b/install/sql/incremental/upd_dev_collection.sql
@@ -203,3 +203,11 @@
ALTER TABLE `mail_forwarding` ADD COLUMN `allow_send_as` ENUM('n','y') NOT NULL DEFAULT 'n' AFTER `active`;
UPDATE `mail_forwarding` SET `allow_send_as` = 'y' WHERE `type` = 'alias';
+
+--- DNSSEC-Implementation by dark alex
+--- TODO: Review and resolve conflicts if more has been done in that column
+ALTER TABLE `dns_rr` CHANGE COLUMN `type` `type` ENUM('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') NULL DEFAULT NULL AFTER `name`;
+
+ALTER TABLE `dns_soa`
+ ADD COLUMN `dnssec_initialized` ENUM('Y','N') NOT NULL DEFAULT 'N',
+ ADD COLUMN `dnssec_info` TEXT NULL;
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index f77bbf4..9cf3499 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -478,7 +478,7 @@
`server_id` int(11) NOT NULL default '1',
`zone` int(11) unsigned NOT NULL DEFAULT '0',
`name` varchar(255) NOT NULL DEFAULT '',
- `type` enum('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT') default NULL,
+ `type` enum('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') default NULL,
`data` TEXT NOT NULL DEFAULT '',
`aux` int(11) unsigned NOT NULL default '0',
`ttl` int(11) unsigned NOT NULL default '3600',
@@ -539,6 +539,8 @@
`xfer` varchar(255) NOT NULL DEFAULT '',
`also_notify` varchar(255) default NULL,
`update_acl` varchar(255) default NULL,
+ `dnssec_initialized` ENUM('Y','N') NOT NULL DEFAULT 'N',
+ `dnssec_info` TEXT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `origin` (`origin`),
KEY `active` (`active`)
diff --git a/interface/web/dns/form/dns_soa.tform.php b/interface/web/dns/form/dns_soa.tform.php
index 02afa86..867bbbc 100644
--- a/interface/web/dns/form/dns_soa.tform.php
+++ b/interface/web/dns/form/dns_soa.tform.php
@@ -264,6 +264,14 @@
'default' => 'Y',
'value' => array(0 => 'N', 1 => 'Y')
),
+ 'dnssec_info' => array (
+ 'datatype' => 'TEXT',
+ 'formtype' => 'TEXTAREA',
+ 'default' => '',
+ 'value' => '',
+ 'width' => '30',
+ 'maxlength' => '10000'
+ ),
//#################################
// ENDE Datatable fields
//#################################
diff --git a/interface/web/dns/lib/lang/de_dns_soa.lng b/interface/web/dns/lib/lang/de_dns_soa.lng
index efd6e90..5f675d8 100644
--- a/interface/web/dns/lib/lang/de_dns_soa.lng
+++ b/interface/web/dns/lib/lang/de_dns_soa.lng
@@ -11,6 +11,7 @@
$wb['ttl_txt'] = 'TTL';
$wb['xfer_txt'] = 'Zonentransfer zu diesen IP Adressen erlauben (mit Komma getrennte Liste)';
$wb['active_txt'] = 'Aktiv';
+$wb['dnssec_info_txt'] = 'DNSSEC DS-Daten für Registry';
$wb['limit_dns_zone_txt'] = 'Die maximale Anzahl an DNS Einträgen für Ihr Konto wurde erreicht.';
$wb['client_txt'] = 'Kunde';
$wb['no_zone_perm'] = 'Sie haben nicht die Berechtigung, einen Eintrag zu dieser DNS Zone hinzuzufügen.';
diff --git a/interface/web/dns/lib/lang/en_dns_soa.lng b/interface/web/dns/lib/lang/en_dns_soa.lng
index 433530c..9566ce7 100644
--- a/interface/web/dns/lib/lang/en_dns_soa.lng
+++ b/interface/web/dns/lib/lang/en_dns_soa.lng
@@ -11,6 +11,7 @@
$wb["ttl_txt"] = 'TTL';
$wb["xfer_txt"] = 'Allow zone transfers to <br />these IPs (comma separated list)';
$wb["active_txt"] = 'Active';
+$wb['dnssec_info_txt'] = 'DNSSEC DS-Data for registry';
$wb["limit_dns_zone_txt"] = 'The max. number of DNS zones for your account is reached.';
$wb["client_txt"] = 'Client';
$wb["no_zone_perm"] = 'You do not have the permission to add a record to this DNS zone.';
diff --git a/interface/web/dns/lib/remote.conf.php b/interface/web/dns/lib/remote.conf.php
index dcabf94..ef2ed9e 100644
--- a/interface/web/dns/lib/remote.conf.php
+++ b/interface/web/dns/lib/remote.conf.php
@@ -7,6 +7,7 @@
$function_list['dns_cname_get,dns_cname_add,dns_cname_update,dns_cname_delete'] = 'DNS cname functions';
$function_list['dns_hinfo_get,dns_hinfo_add,dns_hinfo_update,dns_hinfo_delete'] = 'DNS hinfo functions';
$function_list['dns_mx_get,dns_mx_add,dns_mx_update,dns_mx_delete'] = 'DNS mx functions';
+$function_list['dns_tlsa_get,dns_tlsa_add,dns_tlsa_update,dns_tlsa_delete'] = 'DNS tlsa functions';
$function_list['dns_ns_get,dns_ns_add,dns_ns_update,dns_ns_delete'] = 'DNS ns functions';
$function_list['dns_ptr_get,dns_ptr_add,dns_ptr_update,dns_ptr_delete'] = 'DNS ptr functions';
$function_list['dns_rp_get,dns_rp_add,dns_rp_update,dns_rp_delete'] = 'DNS rp functions';
diff --git a/interface/web/dns/list/dns_a.list.php b/interface/web/dns/list/dns_a.list.php
index bf5bf1d..1c36c13 100644
--- a/interface/web/dns/list/dns_a.list.php
+++ b/interface/web/dns/list/dns_a.list.php
@@ -132,7 +132,7 @@
'prefix' => "",
'suffix' => "",
'width' => "",
- 'value' => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CNAME'=>'CNAME', 'HINFO'=>'HINFO', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SPF'=>'SPF', 'SRV'=>'SRV', 'TXT'=>'TXT'));
+ 'value' => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CNAME'=>'CNAME', 'HINFO'=>'HINFO', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SPF'=>'SPF', 'SRV'=>'SRV', 'TLSA'=>'TLSA', 'TXT'=>'TXT'));
?>
diff --git a/interface/web/dns/templates/dns_a_list.htm b/interface/web/dns/templates/dns_a_list.htm
index 790fbdc..51aa559 100644
--- a/interface/web/dns/templates/dns_a_list.htm
+++ b/interface/web/dns/templates/dns_a_list.htm
@@ -30,6 +30,7 @@
<button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_rp_edit.php?zone={tmpl_var name='parent_id'}">RP</button>
<button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_spf_edit.php?zone={tmpl_var name='parent_id'}">SPF</button>
<button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_srv_edit.php?zone={tmpl_var name='parent_id'}">SRV</button>
+ <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_tlsa_edit.php?zone={tmpl_var name='parent_id'}">TLSA</button>
<button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_txt_edit.php?zone={tmpl_var name='parent_id'}">TXT</button>
</div>
diff --git a/server/conf/bind_pri.domain.master b/server/conf/bind_pri.domain.master
index 279fbac..0e9c6cd 100644
--- a/server/conf/bind_pri.domain.master
+++ b/server/conf/bind_pri.domain.master
@@ -41,6 +41,9 @@
<tmpl_if name="type" op='==' value='SRV'>
{tmpl_var name='name'} {tmpl_var name='ttl'} SRV {tmpl_var name='aux'} {tmpl_var name='data'}
</tmpl_if>
+<tmpl_if name="type" op='==' value='TLSA'>
+{tmpl_var name='name'} {tmpl_var name='ttl'} TLSA {tmpl_var name='data'}
+</tmpl_if>
<tmpl_if name="type" op='==' value='TXT'>
{tmpl_var name='name'} {tmpl_var name='ttl'} TXT "{tmpl_var name='data'}"
</tmpl_if>
diff --git a/server/plugins-available/bind_plugin.inc.php b/server/plugins-available/bind_plugin.inc.php
index c538cb9..3dd2f84 100644
--- a/server/plugins-available/bind_plugin.inc.php
+++ b/server/plugins-available/bind_plugin.inc.php
@@ -163,7 +163,14 @@
if(is_file($filename)) unlink($filename);
if(is_file($filename.'.err')) unlink($filename.'.err');
- }
+
+ //* DNSSEC-Implementation
+ if (strlen($data['old']['origin']) > 3) exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete old keys
+ exec('/usr/local/ispconfig/server/scripts/dnssec-create.sh '.$data['new']['origin']); //Create new keys for new origin
+ }
+
+ //* DNSSEC-Implementation
+ exec('/usr/local/ispconfig/server/scripts/dnssec-update.sh '.$data['new']['origin']);
//* Restart bind nameserver if update_acl is not empty, otherwise reload it
if($data['new']['update_acl'] != '') {
@@ -197,6 +204,9 @@
if(is_file($zone_file_name.'.err')) unlink($zone_file_name.'.err');
$app->log("Deleting BIND domain file: ".$zone_file_name, LOGLEVEL_DEBUG);
+ //* DNSSEC-Implementation
+ exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete keys
+
//* Reload bind nameserver
$app->services->restartServiceDelayed('bind', 'reload');
@@ -342,7 +352,7 @@
//* Loop trough zones
foreach($tmps as $tmp) {
- $zone_file = $pri_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1));
+ $zone_file = $pri_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1)).'.signed'; //.signed is for DNSSEC-Implementation
$options = '';
if(trim($tmp['xfer']) != '') {
--
Gitblit v1.9.1