Commit | Line | Data |
---|---|---|
2aa91ff2 S |
1 | <?php |
2 | /** | |
3 | * @author Jan Altensen (Stricted) | |
4 | * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php> | |
5 | * @copyright 2014-2015 Jan Altensen (Stricted) | |
6 | */ | |
7 | $data = file_get_contents("https://dns.stricted.net/API/?key=xxx"); | |
8 | $data = json_decode($data, true); | |
9 | if (is_array($data) && !isset($data['error'])) { | |
10 | shell_exec("rm -rf /srv/bind/*"); | |
11 | ||
12 | foreach ($data as $zone) { | |
d8929762 | 13 | $out = $zone['soa']['origin']."\t".$zone['soa']['minimum']."\tIN\tSOA\t".$zone['soa']['ns']."\t".$zone['soa']['mbox']." (\n"; |
2aa91ff2 S |
14 | $out .= "\t\t\t\t".$zone['soa']['serial']."\t; Serial\n"; |
15 | $out .= "\t\t\t\t".$zone['soa']['refresh']."\t\t; Refresh\n"; | |
16 | $out .= "\t\t\t\t".$zone['soa']['retry']."\t\t; Retry\n"; | |
17 | $out .= "\t\t\t\t".$zone['soa']['expire']."\t\t; Expire\n"; | |
18 | $out .= "\t\t\t\t180 )\t\t; Negative Cache TTL\n"; | |
19 | $out .= ";\n"; | |
20 | ||
21 | foreach ($zone['rr'] as $record) { | |
c3013d9c | 22 | if ($record['type'] == "MX" || $record['type'] == "SRV" || $record['type'] == "TLSA" || $record['type'] == "DS") { |
2aa91ff2 S |
23 | $out .= $record['name']."\t".$record['ttl']."\tIN\t".$record['type']."\t".$record['aux']."\t".$record['data']."\n"; |
24 | } | |
25 | else if ($record['type'] == "TXT") { | |
26 | $txt = $record['data']; | |
27 | ||
28 | if (strpos($txt, " ") !== false) { | |
29 | if (substr($txt, -1) != '"' && substr($txt, 0, 1) != '"') { | |
30 | if (substr($txt, -1) != "'" && substr($txt, 0, 1) != "'") { | |
31 | $record['data'] = '"'.$txt.'"'; | |
32 | } | |
33 | } | |
34 | } | |
35 | ||
36 | if (strpos($record['data'], "v=spf1") !== false) { | |
37 | $out .= $record['name']."\t".$record['ttl']."\tIN\tSPF\t" . $record['data']."\n"; | |
38 | } | |
39 | ||
40 | $out .= $record['name']."\t".$record['ttl']."\tIN\t".$record['type']."\t" . $record['data']."\n"; | |
41 | } | |
42 | else { | |
43 | $out .= $record['name']."\t".$record['ttl']."\tIN\t".$record['type']."\t\t" . $record['data']."\n"; | |
44 | } | |
45 | } | |
46 | ||
47 | ||
48 | $zsk = false; | |
49 | $ksk = false; | |
50 | foreach ($zone['sec'] as $sec) { | |
51 | if (!file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/")) { | |
52 | shell_exec("mkdir -p /srv/bind/dnssec/".$zone['soa']['origin']."/"); | |
53 | } | |
54 | ||
c3013d9c | 55 | if ($sec['type'] == "ZSK" || $sec['type'] == "KSK") { |
2aa91ff2 S |
56 | if (!empty($sec['public']) && !empty($sec['private'])) { |
57 | preg_match("/; This is a (key|zone)-signing key, keyid ([0-9]+), for ".$zone['soa']['origin']."/i", $sec['public'], $match); | |
58 | $filename1 = getFileName ($zone['soa']['origin'], $sec['algo'], $match[2], "pub"); | |
59 | $filename2 = getFileName ($zone['soa']['origin'], $sec['algo'], $match[2], "priv"); | |
60 | ||
61 | if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1)) { | |
62 | unlink("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1); | |
63 | } | |
64 | ||
65 | if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2)) { | |
66 | unlink("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2); | |
67 | } | |
68 | ||
69 | $handler = fOpen("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1, "a+"); | |
70 | fWrite($handler, $sec['public']); | |
71 | fClose($handler); | |
72 | ||
73 | $handler = fOpen("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2, "a+"); | |
74 | fWrite($handler, $sec['private']); | |
75 | fClose($handler); | |
76 | ||
77 | if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1) && file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2)) { | |
78 | preg_match("/".$zone['soa']['origin']." IN DNSKEY ([0-9]+) ([0-9]+) ([0-9]+) ([\s\S]+)/i", $sec['public'], $match); | |
79 | $out .= $zone['soa']['origin']."\t60\tIN\tDNSKEY\t".$match[1]."\t".$match[2]." ".$match[3]." ".$match[4]."\n"; | |
c3013d9c S |
80 | |
81 | if ($sec['type'] == "ZSK") { | |
82 | $zsk = true; | |
83 | } | |
84 | else if ($sec['type'] == "ZSK") { | |
85 | $ksk = true; | |
86 | } | |
2aa91ff2 S |
87 | } |
88 | } | |
89 | } | |
90 | } | |
91 | ||
c3013d9c | 92 | $sign = false; |
2aa91ff2 | 93 | if ($zsk === true && $ksk === true) { |
c3013d9c S |
94 | $sign = true; |
95 | } | |
96 | ||
97 | $signed = false; | |
98 | if ($sign === true) { | |
99 | shell_exec("cd /srv/bind/ && /usr/sbin/dnssec-signzone -r /dev/urandom -A -N INCREMENT -K /srv/bind/dnssec/".$zone['soa']['origin']."/ -o ".$zone['soa']['origin']." -t ".$zone['soa']['origin']."db"); | |
100 | if (file_exists("/srv/bind/".$zone['soa']['origin']."db.signed")) { | |
101 | $signed = true; | |
102 | } | |
2aa91ff2 S |
103 | } |
104 | ||
105 | $cout = "zone \"" . $zone['soa']['origin'] . "\" {\n"; | |
106 | $cout .= "\ttype master;\n"; | |
107 | $cout .= "\tnotify no;\n"; | |
108 | $cout .= "\tfile \"/srv/bind/".$zone['soa']['origin']."db".($signed === true ? ".signed" : "")."\";\n"; | |
109 | $cout .= "};\n\n"; | |
110 | ||
c3013d9c S |
111 | $handler = fopen("/srv/bind/domains.cfg", "a+"); |
112 | fwrite($handler, $cout); | |
113 | fclose($handler); | |
2aa91ff2 | 114 | |
c3013d9c S |
115 | $handler = fopen("/srv/bind/".$zone['soa']['origin']."db", "a+"); |
116 | fwrite($handler, $out); | |
117 | fclose($handler); | |
2aa91ff2 S |
118 | } |
119 | shell_exec("/etc/init.d/bind9 reload"); | |
120 | } | |
121 | ||
122 | function getFileName ($zone, $algo, $id, $type) { | |
123 | $len = strlen($id); | |
124 | if ($len == "1") { | |
125 | $id = "0000".$id; | |
126 | } | |
127 | else if ($len == "2") { | |
128 | $id = "000".$id; | |
129 | } | |
130 | else if ($len == "3") { | |
131 | $id = "00".$id; | |
132 | } | |
133 | else if ($len == "4") { | |
134 | $id = "0".$id; | |
135 | } | |
136 | if ($type == "pub") { | |
137 | $type = "key"; | |
138 | } | |
139 | else if ($type == "priv") { | |
140 | $type = "private"; | |
141 | } | |
142 | ||
143 | if ($algo == "8") { | |
144 | $algo = "008"; | |
145 | } | |
146 | else if ($algo == "10") { | |
147 | $algo = "010"; | |
148 | } | |
149 | ||
150 | return "K".$zone."+".$algo."+".$id.".".$type; | |
151 | } |