From: Stricted <info@stricted.de>
Date: Wed, 3 Jun 2015 11:27:05 +0000 (+0200)
Subject: improve bind9.php
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=2bba853aa46db6ff3df79142681f8ae920cbcb72;p=GitHub%2FStricted%2FDomain-Control-Panel.git

improve bind9.php
---

diff --git a/bind9.php b/bind9.php
index b1c8a3a..89d15a5 100644
--- a/bind9.php
+++ b/bind9.php
@@ -4,32 +4,43 @@
  * @license     GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
  * @copyright   2014-2015 Jan Altensen (Stricted)
  */
-$data = file_get_contents("https://dns.stricted.net/API/?key=xxx");
+$data = file_get_contents("https://dns-control.eu/API/?key=xxx");
 $data = json_decode($data, true);
 if (is_array($data) && !isset($data['error'])) {
 	shell_exec("rm -rf /srv/bind/*");
 	
 	foreach ($data as $zone) {
-		$out = $zone['soa']['origin']."\t".$zone['soa']['minimum']."\tIN\tSOA\t".$zone['soa']['ns']."\t".$zone['soa']['mbox']." (\n";
+		$out = $zone['soa']['origin']."\t".$zone['soa']['minimum']."\tIN\tSOA\t".$zone['soa']['ns']." ".$zone['soa']['mbox']." (\n";
 		$out .=	"\t\t\t\t".$zone['soa']['serial']."\t; Serial\n";
 		$out .=	"\t\t\t\t".$zone['soa']['refresh']."\t\t; Refresh\n";
 		$out .=	"\t\t\t\t".$zone['soa']['retry']."\t\t; Retry\n";
 		$out .=	"\t\t\t\t".$zone['soa']['expire']."\t\t; Expire\n";
 		$out .=	"\t\t\t\t180 )\t\t; Negative Cache TTL\n";
 		$out .=	";\n";
-		
+
+		$signed = false;
+		$zsk = false;
+		$ksk = false;
 		foreach ($zone['rr'] as $record) {
-			if ($record['type'] == "MX" || $record['type'] == "SRV" || $record['type'] == "TLSA" || $record['type'] == "DS") {
+			if ($record['type'] == "DNSKEY") {
+				if ($record['aux'] == 256) {
+					$zsk = true;
+				}
+				else if ($record['aux'] == 257) {
+					$ksk = true;
+				}
+				
 				$out .= $record['name']."\t".$record['ttl']."\tIN\t".$record['type']."\t".$record['aux']."\t".$record['data']."\n";
 			}
-			else if ($record['type'] == "TXT") {
+			else if ($record['type'] == "MX" || $record['type'] == "SRV" || $record['type'] == "TLSA" || $record['type'] == "DS") {
+				$out .= $record['name']."\t".$record['ttl']."\tIN\t".$record['type']."\t".$record['aux']."\t".$record['data']."\n";
+			}
+			elseif ($record['type'] == "TXT") {
 				$txt = $record['data'];
 				
 				if (strpos($txt, " ") !== false) {
 					if (substr($txt, -1) != '"' && substr($txt, 0, 1) != '"') {
-						if (substr($txt, -1) != "'" && substr($txt, 0, 1) != "'") {
-							$record['data'] = '"'.$txt.'"';
-						}
+						$record['data'] = '"'.$txt.'"';
 					}
 				}
 				
@@ -44,12 +55,12 @@ if (is_array($data) && !isset($data['error'])) {
 			}
 		}
 		
-		
-		$zsk = false;
-		$ksk = false;
+		$zskkey = false;
+		$kskkey = false;
 		foreach ($zone['sec'] as $sec) {
-			if (!file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/")) {
-				shell_exec("mkdir -p /srv/bind/dnssec/".$zone['soa']['origin']."/");
+			$dir = "/srv/bind/dnssec/".$zone['soa']['origin']."/";
+			if (!file_exists($dir)) {
+				shell_exec("mkdir -p ".$dir);
 			}
 			
 			if ($sec['type'] == "ZSK" || $sec['type'] == "KSK") {
@@ -58,31 +69,40 @@ if (is_array($data) && !isset($data['error'])) {
 					$filename1 = getFileName ($zone['soa']['origin'], $sec['algo'], $match[2], "pub");
 					$filename2 = getFileName ($zone['soa']['origin'], $sec['algo'], $match[2], "priv");
 										
-					if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1)) {
-						unlink("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1);
+					if (file_exists($dir.$filename1)) {
+						unlink($dir.$filename1);
 					}
 					
-					if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2)) {
-						unlink("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2);
+					if (file_exists($dir.$filename2)) {
+						unlink($dir.$filename2);
 					}
 					
-					$handler = fOpen("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1, "a+");
+					$handler = fOpen($dir.$filename1, "a+");
 					fWrite($handler, $sec['public']);
 					fClose($handler);
 					
-					$handler = fOpen("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2, "a+");
+					$handler = fOpen($dir.$filename2, "a+");
 					fWrite($handler, $sec['private']);
 					fClose($handler);
 					
-					if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1) && file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2)) {
-						preg_match("/".$zone['soa']['origin']." IN DNSKEY ([0-9]+) ([0-9]+) ([0-9]+) ([\s\S]+)/i", $sec['public'], $match);
-						$out .= $zone['soa']['origin']."\t60\tIN\tDNSKEY\t".$match[1]."\t".$match[2]." ".$match[3]." ".$match[4]."\n";
+					if (file_exists($dir.$filename1) && file_exists($dir.$filename2)) {
+						/* fallback for missing DNSKEY record */
+						if ($zsk === false || $ksk === false) {
+							preg_match("/".$zone['soa']['origin']." IN DNSKEY ([0-9]+) ([0-9]+) ([0-9]+) ([\s\S]+)/i", $sec['public'], $match);
+							$out .= $zone['soa']['origin']."\t60\tIN\tDNSKEY\t".$match[1]."\t".$match[2]." ".$match[3]." ".$match[4]."\n";
+							if ($sec['type'] == "ZSK") {
+								$zsk = true;
+							}
+							else if ($sec['type'] == "KSK") {
+								$ksk = true;
+							}
+						}
 						
 						if ($sec['type'] == "ZSK") {
-							$zsk = true;
+							$zskkey = true;
 						}
-						else if ($sec['type'] == "ZSK") {
-							$ksk = true;
+						else if ($sec['type'] == "KSK") {
+							$kskkey = true;
 						}
 					}
 				}
@@ -90,10 +110,14 @@ if (is_array($data) && !isset($data['error'])) {
 		}
 		
 		$sign = false;
-		if ($zsk === true && $ksk === true) {
+		if ($zsk === true && $ksk === true && $zskkey === true && $kskkey === true) {
 			$sign = true;
 		}
 		
+		$handler = fOpen("/srv/bind/".$zone['soa']['origin']."db" , "a+");
+		fWrite($handler , $out);
+		fClose($handler);
+		
 		$signed = false;
 		if ($sign === true) {
 			shell_exec("cd /srv/bind/ && /usr/sbin/dnssec-signzone -r /dev/urandom -A -N INCREMENT -K /srv/bind/dnssec/".$zone['soa']['origin']."/ -o ".$zone['soa']['origin']." -t ".$zone['soa']['origin']."db");
@@ -107,14 +131,15 @@ if (is_array($data) && !isset($data['error'])) {
 		$cout .= "\tnotify no;\n";
 		$cout .= "\tfile \"/srv/bind/".$zone['soa']['origin']."db".($signed === true ? ".signed" : "")."\";\n";
 		$cout .= "};\n\n";
+
+		$handler = fOpen("/srv/bind/domains.cfg" , "a+");
+		fWrite($handler , $cout);
+		fClose($handler);
+
 		
-		$handler = fopen("/srv/bind/domains.cfg", "a+");
-		fwrite($handler, $cout);
-		fclose($handler);
-		
-		$handler = fopen("/srv/bind/".$zone['soa']['origin']."db", "a+");
-		fwrite($handler, $out);
-		fclose($handler);
+		if ($signed === true) {
+			shell_exec("cd /srv/bind/ && /usr/sbin/dnssec-signzone -r /dev/urandom -A -N INCREMENT -K /srv/bind/dnssec/".$zone['soa']['origin']."/ -o ".$zone['soa']['origin']." -t ".$zone['soa']['origin']."db");
+		}
 	}
 	shell_exec("/etc/init.d/bind9 reload");
 }