Commit | Line | Data |
---|---|---|
2aa91ff2 S |
1 | <?php |
2 | /** | |
3 | * @author Jan Altensen (Stricted) | |
4 | * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php> | |
5 | * @copyright 2014-2015 Jan Altensen (Stricted) | |
6 | */ | |
7 | $data = file_get_contents("https://dns.stricted.net/API/?key=xxx"); | |
8 | $data = json_decode($data, true); | |
9 | if (is_array($data) && !isset($data['error'])) { | |
10 | shell_exec("rm -rf /srv/bind/*"); | |
11 | ||
12 | foreach ($data as $zone) { | |
13 | $out = $zone['soa']['origin']." ".$zone['soa']['minimum']." IN SOA ".$zone['soa']['ns']." ".$zone['soa']['mbox']." (\n"; | |
14 | $out .= "\t\t\t\t".$zone['soa']['serial']."\t; Serial\n"; | |
15 | $out .= "\t\t\t\t".$zone['soa']['refresh']."\t\t; Refresh\n"; | |
16 | $out .= "\t\t\t\t".$zone['soa']['retry']."\t\t; Retry\n"; | |
17 | $out .= "\t\t\t\t".$zone['soa']['expire']."\t\t; Expire\n"; | |
18 | $out .= "\t\t\t\t180 )\t\t; Negative Cache TTL\n"; | |
19 | $out .= ";\n"; | |
20 | ||
21 | foreach ($zone['rr'] as $record) { | |
22 | if ($record['type'] == "DNSKEY") { | |
23 | // nothing | |
24 | } | |
25 | else if ($record['type'] == "MX" || $record['type'] == "SRV" || $record['type'] == "TLSA" || $record['type'] == "DS") { | |
26 | $out .= $record['name']."\t".$record['ttl']."\tIN\t".$record['type']."\t".$record['aux']."\t".$record['data']."\n"; | |
27 | } | |
28 | else if ($record['type'] == "TXT") { | |
29 | $txt = $record['data']; | |
30 | ||
31 | if (strpos($txt, " ") !== false) { | |
32 | if (substr($txt, -1) != '"' && substr($txt, 0, 1) != '"') { | |
33 | if (substr($txt, -1) != "'" && substr($txt, 0, 1) != "'") { | |
34 | $record['data'] = '"'.$txt.'"'; | |
35 | } | |
36 | } | |
37 | } | |
38 | ||
39 | if (strpos($record['data'], "v=spf1") !== false) { | |
40 | $out .= $record['name']."\t".$record['ttl']."\tIN\tSPF\t" . $record['data']."\n"; | |
41 | } | |
42 | ||
43 | $out .= $record['name']."\t".$record['ttl']."\tIN\t".$record['type']."\t" . $record['data']."\n"; | |
44 | } | |
45 | else { | |
46 | $out .= $record['name']."\t".$record['ttl']."\tIN\t".$record['type']."\t\t" . $record['data']."\n"; | |
47 | } | |
48 | } | |
49 | ||
50 | ||
51 | $zsk = false; | |
52 | $ksk = false; | |
53 | foreach ($zone['sec'] as $sec) { | |
54 | if (!file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/")) { | |
55 | shell_exec("mkdir -p /srv/bind/dnssec/".$zone['soa']['origin']."/"); | |
56 | } | |
57 | ||
58 | if ($sec['type'] == "ZSK") { | |
59 | if (!empty($sec['public']) && !empty($sec['private'])) { | |
60 | preg_match("/; This is a (key|zone)-signing key, keyid ([0-9]+), for ".$zone['soa']['origin']."/i", $sec['public'], $match); | |
61 | $filename1 = getFileName ($zone['soa']['origin'], $sec['algo'], $match[2], "pub"); | |
62 | $filename2 = getFileName ($zone['soa']['origin'], $sec['algo'], $match[2], "priv"); | |
63 | ||
64 | if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1)) { | |
65 | unlink("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1); | |
66 | } | |
67 | ||
68 | if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2)) { | |
69 | unlink("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2); | |
70 | } | |
71 | ||
72 | $handler = fOpen("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1, "a+"); | |
73 | fWrite($handler, $sec['public']); | |
74 | fClose($handler); | |
75 | ||
76 | $handler = fOpen("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2, "a+"); | |
77 | fWrite($handler, $sec['private']); | |
78 | fClose($handler); | |
79 | ||
80 | if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1) && file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2)) { | |
81 | preg_match("/".$zone['soa']['origin']." IN DNSKEY ([0-9]+) ([0-9]+) ([0-9]+) ([\s\S]+)/i", $sec['public'], $match); | |
82 | $out .= $zone['soa']['origin']."\t60\tIN\tDNSKEY\t".$match[1]."\t".$match[2]." ".$match[3]." ".$match[4]."\n"; | |
83 | $zsk = true; | |
84 | } | |
85 | } | |
86 | } | |
87 | else if ($sec['type'] == "KSK") { | |
88 | if (!empty($sec['public']) && !empty($sec['private'])) { | |
89 | preg_match("/; This is a (key|zone)-signing key, keyid ([0-9]+), for ([a-z0-9.-]+)/i", $sec['public'], $match); | |
90 | $filename1 = getFileName ($zone['soa']['origin'], $sec['algo'], $match[2], "pub"); | |
91 | $filename2 = getFileName ($zone['soa']['origin'], $sec['algo'], $match[2], "priv"); | |
92 | ||
93 | if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1)) { | |
94 | unlink("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1); | |
95 | } | |
96 | ||
97 | if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2)) { | |
98 | unlink("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2); | |
99 | } | |
100 | ||
101 | $handler = fOpen("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1, "a+"); | |
102 | fWrite($handler, $sec['public']); | |
103 | fClose($handler); | |
104 | ||
105 | $handler = fOpen("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2, "a+"); | |
106 | fWrite($handler, $sec['private']); | |
107 | fClose($handler); | |
108 | ||
109 | if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1) && file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2)) { | |
110 | preg_match("/".$zone['soa']['origin']." IN DNSKEY ([0-9]+) ([0-9]+) ([0-9]+) ([\s\S]+)/i", $sec['public'], $match); | |
111 | $out .= $zone['soa']['origin']."\t60\tIN\tDNSKEY\t".$match[1]."\t".$match[2]." ".$match[3]." ".$match[4]."\n"; | |
112 | $ksk = true; | |
113 | } | |
114 | } | |
115 | } | |
116 | } | |
117 | ||
118 | $signed = false; | |
119 | if ($zsk === true && $ksk === true) { | |
120 | $signed = true; | |
121 | } | |
122 | ||
123 | $cout = "zone \"" . $zone['soa']['origin'] . "\" {\n"; | |
124 | $cout .= "\ttype master;\n"; | |
125 | $cout .= "\tnotify no;\n"; | |
126 | $cout .= "\tfile \"/srv/bind/".$zone['soa']['origin']."db".($signed === true ? ".signed" : "")."\";\n"; | |
127 | $cout .= "};\n\n"; | |
128 | ||
129 | $handler = fOpen("/srv/bind/domains.cfg", "a+"); | |
130 | fWrite($handler, $cout); | |
131 | fClose($handler); | |
132 | $handler = fOpen("/srv/bind/".$zone['soa']['origin']."db", "a+"); | |
133 | fWrite($handler, $out); | |
134 | fClose($handler); | |
135 | ||
136 | if ($signed === true) { | |
137 | shell_exec("cd /srv/bind/ && /usr/sbin/dnssec-signzone -r /dev/urandom -A -N INCREMENT -K /srv/bind/dnssec/".$zone['soa']['origin']."/ -o ".$zone['soa']['origin']." -t ".$zone['soa']['origin']."db"); | |
138 | } | |
139 | } | |
140 | shell_exec("/etc/init.d/bind9 reload"); | |
141 | } | |
142 | ||
143 | function getFileName ($zone, $algo, $id, $type) { | |
144 | $len = strlen($id); | |
145 | if ($len == "1") { | |
146 | $id = "0000".$id; | |
147 | } | |
148 | else if ($len == "2") { | |
149 | $id = "000".$id; | |
150 | } | |
151 | else if ($len == "3") { | |
152 | $id = "00".$id; | |
153 | } | |
154 | else if ($len == "4") { | |
155 | $id = "0".$id; | |
156 | } | |
157 | if ($type == "pub") { | |
158 | $type = "key"; | |
159 | } | |
160 | else if ($type == "priv") { | |
161 | $type = "private"; | |
162 | } | |
163 | ||
164 | if ($algo == "8") { | |
165 | $algo = "008"; | |
166 | } | |
167 | else if ($algo == "10") { | |
168 | $algo = "010"; | |
169 | } | |
170 | ||
171 | return "K".$zone."+".$algo."+".$id.".".$type; | |
172 | } |