[GitHub/Stricted/Domain-Control-Panel.git] / bind9.php

<?php
/**
 * @author      Jan Altensen (Stricted)
 * @license     GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
 * @copyright   2014-2015 Jan Altensen (Stricted)
 */
$data = file_get_contents("https://dns.stricted.net/API/?key=xxx");
$data = json_decode($data, true);
if (is_array($data) && !isset($data['error'])) {
	shell_exec("rm -rf /srv/bind/*");
	
	foreach ($data as $zone) {
		$out = $zone['soa']['origin']."     ".$zone['soa']['minimum']."  IN      SOA     ".$zone['soa']['ns']." ".$zone['soa']['mbox']." (\n";
		$out .=	"\t\t\t\t".$zone['soa']['serial']."\t; Serial\n";
		$out .=	"\t\t\t\t".$zone['soa']['refresh']."\t\t; Refresh\n";
		$out .=	"\t\t\t\t".$zone['soa']['retry']."\t\t; Retry\n";
		$out .=	"\t\t\t\t".$zone['soa']['expire']."\t\t; Expire\n";
		$out .=	"\t\t\t\t180 )\t\t; Negative Cache TTL\n";
		$out .=	";\n";
		
		foreach ($zone['rr'] as $record) {
			if ($record['type'] == "DNSKEY") {
				// nothing
			}
			else if ($record['type'] == "MX" || $record['type'] == "SRV" || $record['type'] == "TLSA" || $record['type'] == "DS") {
				$out .= $record['name']."\t".$record['ttl']."\tIN\t".$record['type']."\t".$record['aux']."\t".$record['data']."\n";
			}
			else if ($record['type'] == "TXT") {
				$txt = $record['data'];
				
				if (strpos($txt, " ") !== false) {
					if (substr($txt, -1) != '"' && substr($txt, 0, 1) != '"') {
						if (substr($txt, -1) != "'" && substr($txt, 0, 1) != "'") {
							$record['data'] = '"'.$txt.'"';
						}
					}
				}
				
				if (strpos($record['data'], "v=spf1") !== false) {
					$out .= $record['name']."\t".$record['ttl']."\tIN\tSPF\t" . $record['data']."\n";
				}
				
				$out .= $record['name']."\t".$record['ttl']."\tIN\t".$record['type']."\t" . $record['data']."\n";
			}
			else {
				$out .= $record['name']."\t".$record['ttl']."\tIN\t".$record['type']."\t\t" . $record['data']."\n";
			}
		}
		
		
		$zsk = false;
		$ksk = false;
		foreach ($zone['sec'] as $sec) {
			if (!file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/")) {
				shell_exec("mkdir -p /srv/bind/dnssec/".$zone['soa']['origin']."/");
			}
			
			if ($sec['type'] == "ZSK") {
				if (!empty($sec['public']) && !empty($sec['private'])) {
					preg_match("/; This is a (key|zone)-signing key, keyid ([0-9]+), for ".$zone['soa']['origin']."/i", $sec['public'], $match);
					$filename1 = getFileName ($zone['soa']['origin'], $sec['algo'], $match[2], "pub");
					$filename2 = getFileName ($zone['soa']['origin'], $sec['algo'], $match[2], "priv");
										
					if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1)) {
						unlink("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1);
					}
					
					if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2)) {
						unlink("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2);
					}
					
					$handler = fOpen("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1, "a+");
					fWrite($handler, $sec['public']);
					fClose($handler);
					
					$handler = fOpen("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2, "a+");
					fWrite($handler, $sec['private']);
					fClose($handler);
					
					if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1) && file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2)) {
						preg_match("/".$zone['soa']['origin']." IN DNSKEY ([0-9]+) ([0-9]+) ([0-9]+) ([\s\S]+)/i", $sec['public'], $match);
						$out .= $zone['soa']['origin']."\t60\tIN\tDNSKEY\t".$match[1]."\t".$match[2]." ".$match[3]." ".$match[4]."\n";
						$zsk = true;
					}
				}
			}
			else if ($sec['type'] == "KSK") {
				if (!empty($sec['public']) && !empty($sec['private'])) {
					preg_match("/; This is a (key|zone)-signing key, keyid ([0-9]+), for ([a-z0-9.-]+)/i", $sec['public'], $match);
					$filename1 = getFileName ($zone['soa']['origin'], $sec['algo'], $match[2], "pub");
					$filename2 = getFileName ($zone['soa']['origin'], $sec['algo'], $match[2], "priv");
					
					if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1)) {
						unlink("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1);
					}
					
					if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2)) {
						unlink("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2);
					}
					
					$handler = fOpen("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1, "a+");
					fWrite($handler, $sec['public']);
					fClose($handler);
					
					$handler = fOpen("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2, "a+");
					fWrite($handler, $sec['private']);
					fClose($handler);
					
					if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1) && file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2)) {
						preg_match("/".$zone['soa']['origin']." IN DNSKEY ([0-9]+) ([0-9]+) ([0-9]+) ([\s\S]+)/i", $sec['public'], $match);
						$out .= $zone['soa']['origin']."\t60\tIN\tDNSKEY\t".$match[1]."\t".$match[2]." ".$match[3]." ".$match[4]."\n";
						$ksk = true;
					}
				}
			}
		}
		
		$signed = false;
		if ($zsk === true && $ksk === true) {
			$signed = true;
		}
		
		$cout = "zone \"" . $zone['soa']['origin'] . "\" {\n";
		$cout .= "\ttype master;\n";
		$cout .= "\tnotify no;\n";
		$cout .= "\tfile \"/srv/bind/".$zone['soa']['origin']."db".($signed === true ? ".signed" : "")."\";\n";
		$cout .= "};\n\n";
		
		$handler = fOpen("/srv/bind/domains.cfg", "a+");
		fWrite($handler, $cout);
		fClose($handler);
		$handler = fOpen("/srv/bind/".$zone['soa']['origin']."db", "a+");
		fWrite($handler, $out);
		fClose($handler);
		
		if ($signed === true) {
			shell_exec("cd /srv/bind/ && /usr/sbin/dnssec-signzone -r /dev/urandom -A -N INCREMENT -K /srv/bind/dnssec/".$zone['soa']['origin']."/ -o ".$zone['soa']['origin']." -t ".$zone['soa']['origin']."db");
		}
	}
	shell_exec("/etc/init.d/bind9 reload");
}

function getFileName ($zone, $algo, $id, $type) {
	$len = strlen($id);
	if ($len == "1") {
		$id = "0000".$id;
	}
	else if ($len == "2") {
		$id = "000".$id;
	}
	else if ($len == "3") {
		$id = "00".$id;
	}
	else if ($len == "4") {
		$id = "0".$id;
	}
	if ($type == "pub") {
		$type = "key";
	}
	else if ($type == "priv") {
		$type = "private";
	}
	
	if ($algo == "8") {
		$algo = "008";
	}
	else if ($algo == "10") {
		$algo = "010";
	}
	
	return "K".$zone."+".$algo."+".$id.".".$type;
}
Commit	Line	Data
2aa91ff2 S	1	<?php
	2	/**
	3	* @author Jan Altensen (Stricted)
	4	* @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
	5	* @copyright 2014-2015 Jan Altensen (Stricted)
	6	*/
	7	$data = file_get_contents("https://dns.stricted.net/API/?key=xxx");
	8	$data = json_decode($data, true);
	9	if (is_array($data) && !isset($data['error'])) {
	10	shell_exec("rm -rf /srv/bind/*");
	11
	12	foreach ($data as $zone) {
	13	$out = $zone['soa']['origin']." ".$zone['soa']['minimum']." IN SOA ".$zone['soa']['ns']." ".$zone['soa']['mbox']." (\n";
	14	$out .= "\t\t\t\t".$zone['soa']['serial']."\t; Serial\n";
	15	$out .= "\t\t\t\t".$zone['soa']['refresh']."\t\t; Refresh\n";
	16	$out .= "\t\t\t\t".$zone['soa']['retry']."\t\t; Retry\n";
	17	$out .= "\t\t\t\t".$zone['soa']['expire']."\t\t; Expire\n";
	18	$out .= "\t\t\t\t180 )\t\t; Negative Cache TTL\n";
	19	$out .= ";\n";
	20
	21	foreach ($zone['rr'] as $record) {
	22	if ($record['type'] == "DNSKEY") {
	23	// nothing
	24	}
	25	else if ($record['type'] == "MX" \|\| $record['type'] == "SRV" \|\| $record['type'] == "TLSA" \|\| $record['type'] == "DS") {
	26	$out .= $record['name']."\t".$record['ttl']."\tIN\t".$record['type']."\t".$record['aux']."\t".$record['data']."\n";
	27	}
	28	else if ($record['type'] == "TXT") {
	29	$txt = $record['data'];
	30
	31	if (strpos($txt, " ") !== false) {
	32	if (substr($txt, -1) != '"' && substr($txt, 0, 1) != '"') {
	33	if (substr($txt, -1) != "'" && substr($txt, 0, 1) != "'") {
	34	$record['data'] = '"'.$txt.'"';
	35	}
	36	}
	37	}
	38
	39	if (strpos($record['data'], "v=spf1") !== false) {
	40	$out .= $record['name']."\t".$record['ttl']."\tIN\tSPF\t" . $record['data']."\n";
	41	}
	42
	43	$out .= $record['name']."\t".$record['ttl']."\tIN\t".$record['type']."\t" . $record['data']."\n";
	44	}
	45	else {
	46	$out .= $record['name']."\t".$record['ttl']."\tIN\t".$record['type']."\t\t" . $record['data']."\n";
	47	}
	48	}
	49
	50
	51	$zsk = false;
	52	$ksk = false;
	53	foreach ($zone['sec'] as $sec) {
	54	if (!file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/")) {
	55	shell_exec("mkdir -p /srv/bind/dnssec/".$zone['soa']['origin']."/");
	56	}
	57
	58	if ($sec['type'] == "ZSK") {
	59	if (!empty($sec['public']) && !empty($sec['private'])) {
	60	preg_match("/; This is a (key\|zone)-signing key, keyid ([0-9]+), for ".$zone['soa']['origin']."/i", $sec['public'], $match);
	61	$filename1 = getFileName ($zone['soa']['origin'], $sec['algo'], $match[2], "pub");
	62	$filename2 = getFileName ($zone['soa']['origin'], $sec['algo'], $match[2], "priv");
	63
	64	if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1)) {
65	unlink("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1);
66	}
67
68	if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2)) {
69	unlink("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2);
70	}
71
72	$handler = fOpen("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1, "a+");
73	fWrite($handler, $sec['public']);
74	fClose($handler);
75
76	$handler = fOpen("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2, "a+");
77	fWrite($handler, $sec['private']);
78	fClose($handler);
79
80	if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1) && file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2)) {
81	preg_match("/".$zone['soa']['origin']." IN DNSKEY ([0-9]+) ([0-9]+) ([0-9]+) ([\s\S]+)/i", $sec['public'], $match);
82	$out .= $zone['soa']['origin']."\t60\tIN\tDNSKEY\t".$match[1]."\t".$match[2]." ".$match[3]." ".$match[4]."\n";
83	$zsk = true;
84	}
85	}
86	}
87	else if ($sec['type'] == "KSK") {
88	if (!empty($sec['public']) && !empty($sec['private'])) {
89	preg_match("/; This is a (key\|zone)-signing key, keyid ([0-9]+), for ([a-z0-9.-]+)/i", $sec['public'], $match);
90	$filename1 = getFileName ($zone['soa']['origin'], $sec['algo'], $match[2], "pub");
91	$filename2 = getFileName ($zone['soa']['origin'], $sec['algo'], $match[2], "priv");
92
93	if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1)) {
94	unlink("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1);
95	}
96
97	if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2)) {
98	unlink("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2);
99	}
100
101	$handler = fOpen("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1, "a+");
102	fWrite($handler, $sec['public']);
103	fClose($handler);
104
105	$handler = fOpen("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2, "a+");
106	fWrite($handler, $sec['private']);
107	fClose($handler);
108
109	if (file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename1) && file_exists("/srv/bind/dnssec/".$zone['soa']['origin']."/".$filename2)) {
110	preg_match("/".$zone['soa']['origin']." IN DNSKEY ([0-9]+) ([0-9]+) ([0-9]+) ([\s\S]+)/i", $sec['public'], $match);
111	$out .= $zone['soa']['origin']."\t60\tIN\tDNSKEY\t".$match[1]."\t".$match[2]." ".$match[3]." ".$match[4]."\n";
112	$ksk = true;
113	}
114	}
115	}
116	}
117
118	$signed = false;
119	if ($zsk === true && $ksk === true) {
120	$signed = true;
121	}
122
123	$cout = "zone \"" . $zone['soa']['origin'] . "\" {\n";
124	$cout .= "\ttype master;\n";
125	$cout .= "\tnotify no;\n";
126	$cout .= "\tfile \"/srv/bind/".$zone['soa']['origin']."db".($signed === true ? ".signed" : "")."\";\n";
127	$cout .= "};\n\n";
128
129	$handler = fOpen("/srv/bind/domains.cfg", "a+");
130	fWrite($handler, $cout);
131	fClose($handler);
132	$handler = fOpen("/srv/bind/".$zone['soa']['origin']."db", "a+");
133	fWrite($handler, $out);
134	fClose($handler);
135
136	if ($signed === true) {
137	shell_exec("cd /srv/bind/ && /usr/sbin/dnssec-signzone -r /dev/urandom -A -N INCREMENT -K /srv/bind/dnssec/".$zone['soa']['origin']."/ -o ".$zone['soa']['origin']." -t ".$zone['soa']['origin']."db");
138	}
139	}
140	shell_exec("/etc/init.d/bind9 reload");
141	}
142
143	function getFileName ($zone, $algo, $id, $type) {
144	$len = strlen($id);
145	if ($len == "1") {
146	$id = "0000".$id;
147	}
148	else if ($len == "2") {
149	$id = "000".$id;
150	}
151	else if ($len == "3") {
152	$id = "00".$id;
153	}
154	else if ($len == "4") {
155	$id = "0".$id;
156	}
157	if ($type == "pub") {
158	$type = "key";
159	}
160	else if ($type == "priv") {
161	$type = "private";
162	}
163
164	if ($algo == "8") {
165	$algo = "008";
166	}
167	else if ($algo == "10") {
168	$algo = "010";
169	}
170
171	return "K".$zone."+".$algo."+".$id.".".$type;
172	}