Added tnotify
This commit is contained in:
parent
36d607cac0
commit
ac800cb412
51
rdns-manager
51
rdns-manager
|
@ -7,7 +7,7 @@ use strict;
|
|||
use warnings;
|
||||
|
||||
package DNS::Reverse::Manager;
|
||||
use vars '$VERSION'; $VERSION = '1.0.0'; #Version number
|
||||
use vars '$VERSION'; $VERSION = '1.1.0'; #Version number
|
||||
|
||||
use Data::Validate::IP qw(is_public_ipv4 is_public_ipv6); #for validating v4/v6 addresses
|
||||
use Getopt::Long qw(:config posix_default bundling pass_through); #for intelligently handling cli arguments
|
||||
|
@ -23,6 +23,7 @@ my $net_type = "cpanel"; #This was originally written to
|
|||
my $nsd_type = "bind9"; #I might in the future support more than just bind9.
|
||||
|
||||
#variables for arguments
|
||||
my $help = '';
|
||||
my $verify = '';
|
||||
my $force = '';
|
||||
my $reset = '';
|
||||
|
@ -41,10 +42,36 @@ sub nicedie {
|
|||
print "\n";
|
||||
exit 1;
|
||||
}
|
||||
sub print_help {
|
||||
print
|
||||
"rdns-manager v$VERSION by Matthew Connelly, 2014-15
|
||||
Manager script for in-addr.arpa and ip6.arpa zones.
|
||||
Source at https://github.com/MaffC/script-collection/blob/master/rdns-manager
|
||||
|
||||
Usage: rdns-manager [options] [IP address[, hostname]]
|
||||
Basic usage:
|
||||
- Get current rDNS for IP 1.2.3.4: rdns-manager 1.2.3.4
|
||||
- Set rDNS for 1.2.3.4 to example.org: rdns-manager 1.2.3.4 example.org
|
||||
|
||||
Options:
|
||||
-h, --help: This help text.
|
||||
-v, --verify-rdns: Verify the set PTR record resolves once the zone has been synchronised.
|
||||
-r, --reset: Reset [IP address] to the set default rDNS.
|
||||
-p, --populate: Populate the given IPv4 reverse zone with default rDNS records. Does not support IPv6 zones.
|
||||
-d, --no-sync: Do not synchronise the DNS zone after making changes. Use this for making bulk changes.
|
||||
-s, --force-sync: Force-synchronise the DNS zone for [IP address]. Use after making bulk changes.
|
||||
-R, --remove-ptr: Delete the PTR record for [IP address] from its zone.
|
||||
|
||||
Configuration:
|
||||
--reset-hostname=[default rDNS]: Use in combination with -r, --reset.
|
||||
--dns-server=[IP address]: Change what DNS server is used for forward and reverse DNS queries.
|
||||
"
|
||||
exit;
|
||||
}
|
||||
sub validate_domain {
|
||||
use Data::Validate::Domain qw(is_domain);
|
||||
require Regexp::Common;
|
||||
my $domain = shift;
|
||||
return 1 if is_domain $domain;
|
||||
return 1 if $domain =~ /^$RE{net}{domain}\.?$/;
|
||||
return 0;
|
||||
}
|
||||
sub validate_ip {
|
||||
|
@ -62,8 +89,6 @@ sub get_arpa {
|
|||
Net::IP->new($ip)->reverse_ip =~ /^(.*)\.(.{$len}ip6\.arpa)\.$/;
|
||||
return ($1,$2);
|
||||
}
|
||||
#TODO make these work for DNS roundrobins. I doubt anyone would be stupid enough to have more than one PTR of the same name
|
||||
# and i'm not sure if it's even legal, but hey.
|
||||
sub does_fqdn_match {
|
||||
my ($fqdn,$ip) = @_;
|
||||
my $r = Net::DNS::Resolver->new(recurse => 1,tcp_timepit => 5,udp_timeout => 5,nameservers => [$def_dns,]);
|
||||
|
@ -71,7 +96,6 @@ sub does_fqdn_match {
|
|||
$p = $r->search($fqdn, 'AAAA') unless is_public_ipv4 $ip;
|
||||
return 0 unless defined $p;
|
||||
my @res = $p->answer;
|
||||
#due to IPv6 shortening, we need to use Net::IP here
|
||||
return 1 unless scalar @res < 1 or Net::IP->new($res[0]->address)->ip ne Net::IP->new($ip)->ip;
|
||||
return 0;
|
||||
}
|
||||
|
@ -116,7 +140,7 @@ sub does_record_exist {
|
|||
return 0;
|
||||
}
|
||||
sub generate_soa_serial {
|
||||
use POSIX qw(strftime);
|
||||
require POSIX qw(strftime);
|
||||
my $cur_serial = shift;
|
||||
my $yyyymmdd = strftime "%Y%m%d", localtime;
|
||||
return $cur_serial+1 if $cur_serial =~ /^$yyyymmdd[0-9]{2}$/;
|
||||
|
@ -191,6 +215,8 @@ sub do_sync {
|
|||
GetOptions
|
||||
'reset-hostname=s' => \$def_rdns,
|
||||
'dns-server=s' => \$def_dns,
|
||||
'prefixlen=i' => \$prefixlen,
|
||||
'h|help' => \$help,
|
||||
'v|verify-rdns' => \$verify,
|
||||
'f|force' => \$force,
|
||||
'r|reset' => \$reset,
|
||||
|
@ -199,20 +225,19 @@ GetOptions
|
|||
's|force-sync' => \$fsync,
|
||||
'R|remove-ptr' => \$delptr;
|
||||
|
||||
$help and print_help;
|
||||
#get IP and domain, validate.
|
||||
my $ip = shift or nicedie "No IP given!";
|
||||
$prefixlen = $1 if $ip =~ s/\/([0-9]+)//; #split off prefixlen (if given) into variable for later use
|
||||
$prefixlen = $1 if $ip =~ s/\/([0-9]+)$//; #split off prefixlen (if given) into variable for later use
|
||||
nicedie "Invalid IP address '$ip'!" unless validate_ip $ip;
|
||||
my $domain = shift;
|
||||
nicedie "Invalid FQDN '$domain'!" if defined $domain and !validate_domain $domain;
|
||||
$domain =~ s/([a-zA-Z])$/$1./ if defined $domain; #Append final period if it doesn't exist
|
||||
|
||||
#Main program flow
|
||||
#Argument intelligence. Omitting this probably won't impact program flow much but it's important that the user know they're stupid.
|
||||
nicedie "You seem to have specified both --no-sync and --force-sync. Please make your mind up." if $nosync and $fsync;
|
||||
nicedie "You seem to have specified some combination of --reset, --remove-ptr and --force. Please make your mind up." if ($reset and $delptr) or (($reset or $delptr) and $force);
|
||||
nicedie "You seem to have specified arguments that don't make sense together. Please make your mind up." if ($newzone and ($delptr or $reset or $force)) or ($verify and !defined $domain) or (defined $domain and ($newzone or $delptr or $reset));
|
||||
#Argument validation
|
||||
nicedie "Invalid arguments" if ($nosync and $fsync) or ($force and ($reset or $delptr)) or ($reset and $delptr) or (($verify or $force) and !defined $domain) or ($newzone and ($delptr or $reset or $force or defined $domain) or (defined $domain and ($delptr or $reset));
|
||||
|
||||
#Main program flow
|
||||
#Simple check that the zone exists. This was a for/when statement, but this script needs perl 5.8.8 compat, so for/given and when are out.
|
||||
my ($trec,$tz) = get_arpa $ip;
|
||||
nicedie "Authoritative zone for IP $ip doesn't exist! Please create zone $tz or ensure you specified the correct subnet mask if this is an IPv6 address!" if does_zone_exist($ip) == -2;
|
||||
|
|
|
@ -20,5 +20,6 @@ This readme contains an up to date list of all scripts in the repo + their descr
|
|||
- ifls: Perl - Script to collect all interfaces on the system and provide an easily-viewed list of their IPs
|
||||
- mailview: Perl - Script to parse HTML email and format it in a text-reader-friendly way.
|
||||
- nscheck: Bash - DNS diagnosis script
|
||||
- queryresume-maff.pl: Perl - Irssi script to autoload chat history in query windows. Heavily modified from https://github.com/irssi/scripts.irssi.org/blob/gh-pages/scripts/queryresume.pl
|
||||
- pscrot & pscrot.rc: Perl - OSX-oriented but likely easily ported daemon for uploading screenshots and such. pscrot.rc is the configuration file, and should be stored at ~/.pscrotrc
|
||||
- tnotify: Perl - Cron-based script to notify the user when there are tickets waiting on a WHMCS helpdesk
|
||||
- watchd & watchd.conf: Bash - Script designed to run as a cronjob, alerting the user to any events.
|
||||
|
|
|
@ -0,0 +1,115 @@
|
|||
#!/usr/bin/env perl
|
||||
|
||||
package Net::WHMCS::Integration::OSX;
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
no warnings qw/experimental/;
|
||||
use v5.14;
|
||||
use Digest::MD5 qw/md5_hex/;
|
||||
use HTTP::Date;
|
||||
use JSON::PP;
|
||||
use LWP::UserAgent;
|
||||
use Maff::Common::OSX qw/nc_notify/;
|
||||
use Maff::Common::Time qw/relative_time/;
|
||||
|
||||
# Configuration
|
||||
our $username = "";
|
||||
our $password = "";
|
||||
our $apitoken = "";
|
||||
$password = md5_hex $password;
|
||||
|
||||
my $whmcsinstall = "";
|
||||
my $endpoint = "$whmcsinstall/includes/api.php";
|
||||
my $maxsubjlen = 32;
|
||||
my $knownpath = "$ENV{HOME}/.tnotifyd_known";
|
||||
|
||||
my $whmcs;
|
||||
|
||||
sub readknown {
|
||||
open my $kn, "<$knownpath";
|
||||
my $json = <$kn>;
|
||||
$json = decode_json $json;
|
||||
close $kn;
|
||||
return $json;
|
||||
}
|
||||
sub writeknown {
|
||||
open my $kn, ">$knownpath";
|
||||
my $json = JSON::PP->new->encode(@_);
|
||||
print $kn $json;
|
||||
close $kn;
|
||||
}
|
||||
sub known {
|
||||
my $k = readknown;
|
||||
my ($id,$ts) = @_;
|
||||
return 1 if defined $k->{$id} and $k->{$id} == $ts;
|
||||
$k->{$id}=$ts;
|
||||
writeknown $k;
|
||||
return 0;
|
||||
}
|
||||
sub fetchWaitingTickets {
|
||||
my %pfields = (
|
||||
"username" => $username,
|
||||
"password" => $password,
|
||||
"accesskey" => $apitoken,
|
||||
"action" => "gettickets",
|
||||
"status" => "Awaiting Reply",
|
||||
#"status" => "All Active Tickets",
|
||||
"limitnum" => 50,
|
||||
"responsetype" => "json",
|
||||
);
|
||||
my $lwp = new LWP::UserAgent(timeout => 100);
|
||||
$lwp->agent('perl/whmcs-api');
|
||||
my $response = $lwp->post($endpoint, \%pfields);
|
||||
return $response->decoded_content;
|
||||
}
|
||||
sub build_single {
|
||||
my $tnum = shift || 0;
|
||||
my $ticket = $whmcs->{tickets}->{ticket}->[$tnum];
|
||||
my ($tid,$tsubj,$ttime,$tstat);
|
||||
$tid = $ticket->{tid}; $ttime = $ticket->{lastreply};
|
||||
$tsubj = $ticket->{subject}; $tstat = $ticket->{status};
|
||||
$tsubj = substr($tsubj,0,$maxsubjlen)."…" if length $tsubj > $maxsubjlen;
|
||||
$ttime =~ s/$/ -0700/; $ttime = str2time $ttime;
|
||||
return if known $tid, $ttime;
|
||||
$ttime = relative_time $ttime;
|
||||
$tstat = "opened" if $tstat eq "Open"; $tstat = "response" if $tstat eq "Customer-Reply";
|
||||
return ("New ticket $tstat","#$tid: $tsubj ($ttime)");
|
||||
}
|
||||
sub build_many {
|
||||
my ($openc,$replc,$esclc,$othc,$ltnum) = (0,0,0,0,0);
|
||||
for(my $t=0;$t<$whmcs->{numreturned};$t++) {
|
||||
my $ticket = $whmcs->{tickets}->{ticket}->[$t];
|
||||
my $tid = $ticket->{tid};
|
||||
my $ttime = $ticket->{lastreply}; $ttime =~ s/$/ -0700/; $ttime = str2time $ttime;
|
||||
next if known $tid, $ttime;
|
||||
$ltnum=$t;
|
||||
for($ticket->{status}) {
|
||||
$openc++ when /Open/;
|
||||
$replc++ when /Customer-Reply/;
|
||||
$esclc++ when /Escalated/i;
|
||||
default { $othc++ }
|
||||
}
|
||||
}
|
||||
my $tc = ($openc+$replc+$esclc+$othc);
|
||||
return unless $tc;
|
||||
return build_single $ltnum if $tc == 1;
|
||||
my $tstr = "";
|
||||
$openc and $tstr .= "$openc open";
|
||||
$replc and $tstr .= (length $tstr? ', ' : '')."$replc replied to";
|
||||
$esclc and $tstr .= (length $tstr? ', ' : '')."$esclc escalated";
|
||||
$othc and $tstr .= (length $tstr? ', ' : '')."$othc misc.";
|
||||
return ("New tickets waiting",$tstr);
|
||||
}
|
||||
sub build {
|
||||
$whmcs = fetchWaitingTickets;
|
||||
return ("Error","Failed to parse response from WHMCS: $whmcs") if $whmcs !~ /^{/;
|
||||
$whmcs = decode_json $whmcs;
|
||||
return ("Error","Failed to fetch tickets from WHMCS") if $whmcs->{result} ne "success";
|
||||
return unless $whmcs->{numreturned};
|
||||
return build_single if $whmcs->{numreturned} == 1;
|
||||
return build_many;
|
||||
}
|
||||
my ($t,$m) = build or exit 0;
|
||||
nc_notify $t, $m;
|
169
wdns
169
wdns
|
@ -1,12 +1,11 @@
|
|||
#!/usr/local/bin/bash
|
||||
#wdns - Script to edit specific zones or the master zones conf file
|
||||
#Generate random string of characters. This is to ensure we're not directly editing things
|
||||
#TODO: Make the creation and management of reverse zones easier.
|
||||
#TODO: Make the 'zones' file easier to manage. Automate creation, editing and removal of entries.
|
||||
RAND=$(cat /dev/urandom|tr -cd "[:alnum:]"|head -c 8)
|
||||
FILETOEDIT=""
|
||||
ORIGDIR="/etc/namedb/"
|
||||
CHECKBIN="/usr/sbin/named-checkconf"
|
||||
ORIGDIR="/usr/local/etc/namedb"
|
||||
SUBDIR=""
|
||||
NAMEDRC="/usr/local/etc/rc.d/named"
|
||||
CHECKBIN="/usr/local/sbin/named-checkconf"
|
||||
CHECKRUN="$CHECKBIN /tmp/named.$RAND"
|
||||
UPDATE_SOA=0
|
||||
USAGE="wdns - Small bash script for maintaining BIND9 configs.
|
||||
|
@ -23,150 +22,128 @@ USAGE="wdns - Small bash script for maintaining BIND9 configs.
|
|||
# wnds -rs domain.name - resign DNSSEC-secured zone"
|
||||
if [ "$1" == "" ]; then
|
||||
echo "$USAGE"
|
||||
exit 1
|
||||
return 1
|
||||
elif [ "$1" == "named.conf" ]; then
|
||||
#Edit the master config by default
|
||||
echo "No zone specified, editing named.conf."
|
||||
FILETOEDIT="named.conf"
|
||||
elif [ "$1" == "-h" ]; then
|
||||
echo "$USAGE"
|
||||
exit 0
|
||||
return 0
|
||||
elif [ "$1" == "-d" ]; then
|
||||
if [ "$2" == "" ]; then
|
||||
echo "$USAGE"
|
||||
exit 1
|
||||
return 1
|
||||
fi
|
||||
echo "Deleting zone for $2."
|
||||
if [ ! -f /etc/namedb/master/$2 ]; then
|
||||
if [ ! -f $ORIGDIR/master/$2 ]; then
|
||||
echo "Error: Zonefile for $2 doesn't exist!"
|
||||
exit 1
|
||||
return 1
|
||||
fi
|
||||
rm /etc/namedb/master/$2
|
||||
rm $ORIGDIR/master/$2
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Error: Failed to delete zonefile /etc/namedb/master/$2."
|
||||
exit 1
|
||||
echo "Error: Failed to delete zonefile $ORIGDIR/master/$2."
|
||||
return 1
|
||||
fi
|
||||
exit 0
|
||||
return 0
|
||||
elif [ "$1" == "-l" ]; then
|
||||
echo "The following forward zones exist:"
|
||||
ls -l /etc/namedb/master|egrep -v "\.db$|new.domain|\.last|\.arpa|\.signed$|^total "|awk '{print $9}'|sort
|
||||
ls -l $ORIGDIR/master|egrep -v "\.db$|new.domain|\.last|\.arpa|\.signed|\.jbk|\.jnl|\.signed\.jnl$|^total "|awk '{print $9}'|sort
|
||||
echo
|
||||
echo "The following reverse zones exist:"
|
||||
ls -l /etc/namedb/master/|egrep "\.arpa$"|egrep -v "\.last|\.signed$"|awk '{print $9}'|sort
|
||||
exit 0
|
||||
ls -l $ORIGDIR/master/|egrep "\.arpa$"|egrep -v "\.last|\.signed$"|awk '{print $9}'|sort
|
||||
return 0
|
||||
elif [ "$1" == "-n" ]; then
|
||||
if [ "$2" == "" ]; then
|
||||
echo "$USAGE"
|
||||
exit 1
|
||||
return 1
|
||||
fi
|
||||
echo "Creating new zone for $2."
|
||||
if [ -f /etc/namedb/master/$2 ]; then
|
||||
if [ -f $ORIGDIR/master/$2 ]; then
|
||||
echo "Error: Zonefile for $2 already exists. Use -nz to overwrite with new zone!"
|
||||
exit 1
|
||||
return 1
|
||||
fi
|
||||
#TODO: Validate input.
|
||||
cat /etc/namedb/master/new.domain|sed "s/new\.domain/$2/g">/etc/namedb/master/$2
|
||||
cat $ORIGDIR/master/new.domain|sed "s/new\.domain/$2/g">$ORIGDIR/master/$2
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Error: Failed to copy zone template to /etc/namedb/master/$2"
|
||||
exit 1
|
||||
echo "Error: Failed to copy zone template to $ORIGDIR/master/$2"
|
||||
return 1
|
||||
fi
|
||||
echo "Zone for $2 created. Run the following on all slaves:"
|
||||
#TODO: Add zone to slaves
|
||||
read -p "Hit exit to open it for editing, or Ctrl-C to exit."
|
||||
read -p "Hit return to open it for editing, or Ctrl-C to exit."
|
||||
wdns $2
|
||||
exit 0
|
||||
return 0
|
||||
elif [ "$1" == "-nz" ]; then
|
||||
if [ "$2" == "" ]; then
|
||||
echo "$USAGE"
|
||||
exit 1
|
||||
return 1
|
||||
fi
|
||||
echo "Recreating zone for $2."
|
||||
if [ ! -f /etc/namedb/master/$2 ]; then
|
||||
if [ ! -f $ORIGDIR/master/$2 ]; then
|
||||
echo "Error: Zonefile for $2 does not exist. Use -n to create a new zone!"
|
||||
exit 1
|
||||
return 1
|
||||
fi
|
||||
#TODO: Validate input.
|
||||
cat /etc/namedb/master/new.domain|sed "s/new\.domain/$2/g">/etc/namedb/master/$2
|
||||
cat $ORIGDIR/master/new.domain|sed "s/new\.domain/$2/g">$ORIGDIR/master/$2
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Error: Failed to copy zone template to /etc/namedb/master/$2"
|
||||
exit 1
|
||||
echo "Error: Failed to copy zone template to $ORIGDIR/master/$2"
|
||||
return 1
|
||||
fi
|
||||
read -p "Zone recreated. Hit exit to open it for editing, or Ctrl-C to exit."
|
||||
read -p "Zone recreated. Hit return to open it for editing, or Ctrl-C to exit."
|
||||
wdns $2
|
||||
exit 0
|
||||
return 0
|
||||
elif [ "$1" == "-s" ]; then
|
||||
if [ "$2" == "" ]; then
|
||||
echo "$USAGE"
|
||||
exit 1
|
||||
return 1
|
||||
fi
|
||||
if [ ! -f /etc/namedb/master/$2 ]; then
|
||||
if [ ! -f $ORIGDIR/master/$2 ]; then
|
||||
echo "Error: Zonefile for $2 does not exist. Use -n to create a new zone!"
|
||||
exit 1
|
||||
return 1
|
||||
fi
|
||||
ZONE=$2
|
||||
DNSSEC_DIR="/etc/namedb/dnssec"
|
||||
DNSSEC_DIR="$ORIGDIR/keys"
|
||||
DSKEYG_MSG="$(dnssec-keygen -f KSK -a RSASHA256 -b 2048 -K $DNSSEC_DIR -n ZONE $ZONE. 2>&1)"
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "DNSSEC signing key generation failed! Error: $DSKEYG_MSG"
|
||||
exit 1
|
||||
return 1
|
||||
fi
|
||||
mv $DNSSEC_DIR/K$ZONE.+*.key $DNSSEC_DIR/K$ZONE.KSK.key
|
||||
mv $DNSSEC_DIR/K$ZONE.+*.private $DNSSEC_DIR/K$ZONE.KSK.private
|
||||
DSKEYG_MSG="$(dnssec-keygen -a RSASHA256 -b 2048 -K $DNSSEC_DIR -n ZONE $ZONE. 2>&1)"
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "DNSSEC zone signing key generation failed! Error: $DSKEYG_MSG"
|
||||
exit 1
|
||||
return 1
|
||||
fi
|
||||
mv $DNSSEC_DIR/K$ZONE.+*.key $DNSSEC_DIR/K$ZONE.ZSK.key
|
||||
mv $DNSSEC_DIR/K$ZONE.+*.private $DNSSEC_DIR/K$ZONE.ZSK.private
|
||||
echo "The following lines must now be added to the zone file for $ZONE, right after the nameserver records:
|
||||
\$include $DNSSEC_DIR/K$ZONE.KSK.key
|
||||
\$include $DNSSEC_DIR/K$ZONE.ZSK.key
|
||||
|
||||
After this has been done, please remember to edit the zone definition in your bind config to change the zone file to '/etc/namedb/master/$ZONE.signed'" && echo
|
||||
read -p "Press enter to open the zone for editing, or Ctrl-C to exit and add these later."
|
||||
wdns $ZONE
|
||||
exit 0
|
||||
echo "DNSSEC key generation complete. Add the following to the zone configuration in zones.conf:
|
||||
key-directory \"$ORIGDIR/keys\";
|
||||
auto-dnssec maintain;
|
||||
inline-signing yes;" && echo
|
||||
read -p "Press enter to open named.conf.zones for editing, or Ctrl-C to exit and add these later."
|
||||
wdns zones
|
||||
return 0
|
||||
elif [ "$1" == "-rs" ]; then
|
||||
if [ "$2" == "" ]; then
|
||||
echo "$USAGE"
|
||||
exit 1
|
||||
return 1
|
||||
fi
|
||||
if [ ! -f /etc/namedb/master/$2 ]; then
|
||||
if [ ! -f $ORIGDIR/master/$2 ]; then
|
||||
echo "Error: Zonefile for $2 does not exist. Use -n to create a new zone!"
|
||||
exit 1
|
||||
return 1
|
||||
fi
|
||||
ZONE=$2
|
||||
DNSSEC_DIR="/etc/namedb/dnssec"
|
||||
if [ ! -f /etc/namedb/master/$ZONE.signed ]; then
|
||||
DNSSEC_DIR="$ORIGDIR/dnssec"
|
||||
if [ ! -f $ORIGDIR/master/$ZONE.signed ]; then
|
||||
echo "Zone $ZONE doesn't appear to be DNSSEC-enabled! Use -s to sign an unsigned zone!"
|
||||
exit 1
|
||||
return 1
|
||||
fi
|
||||
if [ ! -f $DNSSEC_DIR/K$ZONE.KSK.key -o ! -f $DNSSEC_DIR/K$ZONE.ZSK.key ]; then
|
||||
echo "Signing keys for $ZONE don't exist! Use -s to sign an unsigned zone!"
|
||||
exit 1
|
||||
return 1
|
||||
fi
|
||||
#sorry
|
||||
ORIGDIR="/etc/namedb/master/"
|
||||
SOA="$(cat "$ORIGDIR$ZONE"|grep "; Serial"|sed -E 's/;.*//g;s/[[:space:]]*//g')"
|
||||
SOA_VERSION="$(echo $SOA|tail -c2)"
|
||||
SOA_DATE="$(echo $SOA|head -c8)"
|
||||
SOA_NEW_DATE="$(date "+%Y%m%d")"
|
||||
if [[ "$SOA_DATE" == "$SOA_NEW_DATE" ]]; then
|
||||
SOA_VERSION="$(echo "$SOA_VERSION+1"|bc)"
|
||||
if [ "$(echo "$(echo "$SOA_VERSION"|wc -c|tr -cd '[:alnum:]')-1"|bc)" == "1" ]; then
|
||||
SOA_VERSION="0$SOA_VERSION"
|
||||
fi
|
||||
else
|
||||
SOA_VERSION="00"
|
||||
SOA_DATE="$SOA_NEW_DATE"
|
||||
fi
|
||||
cat "$ORIGDIR$ZONE"|sed "s/$SOA/$SOA_DATE$SOA_VERSION/">/tmp/soatmp$ZONE
|
||||
mv /tmp/soatmp$ZONE $ORIGDIR$ZONE
|
||||
DNSSEC_OUT="$(dnssec-signzone -o $ZONE -e +31536000 -d /etc/namedb/dnssec -K /etc/namedb/dnssec -k /etc/namedb/dnssec/K$ZONE.KSK.key /etc/namedb/master/$ZONE /etc/namedb/dnssec/K$ZONE.ZSK.key 2>&1)"
|
||||
DNSSEC_OUT="$(dnssec-signzone -o $ZONE -d $DNSSEC_DIR -K $DNSSEC_DIR -k $DNSSEC_DIR/K$ZONE.KSK.key $ORIGDIR/master/$ZONE $DNSSEC_DIR/K$ZONE.ZSK.key 2>&1)"
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "DNSSEC signing failed! Error: $DNSSEC_OUT"
|
||||
exit 1
|
||||
return 1
|
||||
fi
|
||||
echo "Zone $ZONE resigned."
|
||||
#Reload zones
|
||||
|
@ -174,32 +151,32 @@ elif [ "$1" == "-rs" ]; then
|
|||
/etc/rc.d/named reload
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Error while reloading named!"
|
||||
exit 1
|
||||
return 1
|
||||
fi
|
||||
exit 0
|
||||
return 0
|
||||
else
|
||||
#Check if we want to edit the master zones config
|
||||
if [ "$1" == "zones" ]; then
|
||||
echo "Editing zones.conf."
|
||||
FILETOEDIT="zones.conf"
|
||||
FILETOEDIT="/named.conf.zones"
|
||||
else
|
||||
#Edit a specific zonefile
|
||||
if [ ! -f /etc/namedb/master/$1 ]; then
|
||||
if [ ! -f $ORIGDIR/master/$1 ]; then
|
||||
#Error out if the zone doesn't exist. Zones should be created using the newzone function
|
||||
echo "Zone for $1 doesn't exist!"
|
||||
exit 1
|
||||
return 1
|
||||
fi
|
||||
echo "Editing zonefile for $1."
|
||||
SUBDIR="/master/"
|
||||
FILETOEDIT="$1"
|
||||
ORIGDIR="/etc/namedb/master/"
|
||||
CHECKBIN="/usr/sbin/named-checkzone"
|
||||
CHECKBIN="/usr/local/sbin/named-checkzone"
|
||||
CHECKRUN="$CHECKBIN $1 /tmp/named.$RAND"
|
||||
UPDATE_SOA=1
|
||||
fi
|
||||
fi
|
||||
if [ $UPDATE_SOA -eq 1 ]; then
|
||||
#Update SOA
|
||||
SOA="$(cat "$ORIGDIR$FILETOEDIT"|grep "; Serial"|sed -E 's/;.*//g;s/[[:space:]]*//g')"
|
||||
SOA="$(cat "$ORIGDIR$SUBDIR$FILETOEDIT"|grep "; Serial"|sed -E 's/;.*//g;s/[[:space:]]*//g')"
|
||||
SOA_VERSION="$(echo $SOA|tail -c2)"
|
||||
SOA_DATE="$(echo $SOA|head -c8)"
|
||||
SOA_NEW_DATE="$(date "+%Y%m%d")"
|
||||
|
@ -212,9 +189,9 @@ if [ $UPDATE_SOA -eq 1 ]; then
|
|||
SOA_VERSION="00"
|
||||
SOA_DATE="$SOA_NEW_DATE"
|
||||
fi
|
||||
cat "$ORIGDIR$FILETOEDIT"|sed "s/$SOA/$SOA_DATE$SOA_VERSION/">/tmp/named.$RAND
|
||||
cat "$ORIGDIR$SUBDIR$FILETOEDIT"|sed "s/$SOA/$SOA_DATE$SOA_VERSION/">/tmp/named.$RAND
|
||||
else
|
||||
cp "$ORIGDIR$FILETOEDIT" /tmp/named.$RAND
|
||||
cp "$ORIGDIR$SUBDIR$FILETOEDIT" /tmp/named.$RAND
|
||||
fi
|
||||
#Generate MD5 sum of the original file
|
||||
ORIGHASH=$(md5 -q /tmp/named.$RAND)
|
||||
|
@ -224,7 +201,7 @@ for (( ; ; )); do
|
|||
NEWHASH=$(md5 -q /tmp/named.$RAND)
|
||||
if [ "$ORIGHASH" == "$NEWHASH" ]; then
|
||||
echo "No changes made to $FILETOEDIT."
|
||||
exit 0
|
||||
return 0
|
||||
fi
|
||||
echo -n "Checking $FILETOEDIT for errors... "
|
||||
CHECK_OUT=$($CHECKRUN)
|
||||
|
@ -232,25 +209,17 @@ for (( ; ; )); do
|
|||
#Changes cleared named-checkzone
|
||||
echo "No errors."
|
||||
#Make a backup of the previous known-good zone, just in case
|
||||
cp "$ORIGDIR$FILETOEDIT" "$ORIGDIR$FILETOEDIT.last"
|
||||
cp "$ORIGDIR$SUBDIR$FILETOEDIT" "$ORIGDIR$SUBDIR$FILETOEDIT.last"
|
||||
#Move the new zone in over the old one
|
||||
mv /tmp/named.$RAND "$ORIGDIR$FILETOEDIT"
|
||||
#DNSSEC
|
||||
if [ -f /etc/namedb/dnssec/K$1.KSK.key ]; then
|
||||
echo "Signing zone"
|
||||
DNSSEC_OUT="$(dnssec-signzone -o $1 -e +31536000 -d /etc/namedb/dnssec -K /etc/namedb/dnssec -k /etc/namedb/dnssec/K$1.KSK.key /etc/namedb/master/$1 /etc/namedb/dnssec/K$1.ZSK.key 2>&1)"
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Failed to sign zone!\n$DNSSEC_OUT"
|
||||
fi
|
||||
fi
|
||||
mv /tmp/named.$RAND "$ORIGDIR$SUBDIR$FILETOEDIT"
|
||||
#Reload zones
|
||||
echo "Reloading named"
|
||||
/etc/rc.d/named reload
|
||||
$NAMEDRC reload
|
||||
if [ $? -eq 0 ]; then
|
||||
break
|
||||
else
|
||||
echo "Error while reloading named!"
|
||||
exit 1
|
||||
return 1
|
||||
fi
|
||||
else
|
||||
#Changes didn't clear named-checkzone
|
||||
|
|
Loading…
Reference in New Issue