Commit | Line | Data |
---|---|---|
2aa91ff2 S |
1 | <?php |
2 | /** | |
3 | * @author Jan Altensen (Stricted) | |
4 | * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php> | |
d4779364 | 5 | * @copyright 2014-2016 Jan Altensen (Stricted) |
2aa91ff2 | 6 | */ |
2bba853a | 7 | $data = file_get_contents("https://dns-control.eu/API/?key=xxx"); |
2aa91ff2 S |
8 | $data = json_decode($data, true); |
9 | if (is_array($data) && !isset($data['error'])) { | |
10 | shell_exec("rm -rf /srv/bind/*"); | |
11 | ||
12 | foreach ($data as $zone) { | |
2bba853a | 13 | $out = $zone['soa']['origin']."\t".$zone['soa']['minimum']."\tIN\tSOA\t".$zone['soa']['ns']." ".$zone['soa']['mbox']." (\n"; |
2aa91ff2 S |
14 | $out .= "\t\t\t\t".$zone['soa']['serial']."\t; Serial\n"; |
15 | $out .= "\t\t\t\t".$zone['soa']['refresh']."\t\t; Refresh\n"; | |
16 | $out .= "\t\t\t\t".$zone['soa']['retry']."\t\t; Retry\n"; | |
17 | $out .= "\t\t\t\t".$zone['soa']['expire']."\t\t; Expire\n"; | |
18 | $out .= "\t\t\t\t180 )\t\t; Negative Cache TTL\n"; | |
19 | $out .= ";\n"; | |
2bba853a S |
20 | |
21 | $signed = false; | |
22 | $zsk = false; | |
23 | $ksk = false; | |
2aa91ff2 | 24 | foreach ($zone['rr'] as $record) { |
2bba853a S |
25 | if ($record['type'] == "DNSKEY") { |
26 | if ($record['aux'] == 256) { | |
27 | $zsk = true; | |
28 | } | |
29 | else if ($record['aux'] == 257) { | |
30 | $ksk = true; | |
31 | } | |
32 | ||
2aa91ff2 S |
33 | $out .= $record['name']."\t".$record['ttl']."\tIN\t".$record['type']."\t".$record['aux']."\t".$record['data']."\n"; |
34 | } | |
2bba853a S |
35 | else if ($record['type'] == "MX" || $record['type'] == "SRV" || $record['type'] == "TLSA" || $record['type'] == "DS") { |
36 | $out .= $record['name']."\t".$record['ttl']."\tIN\t".$record['type']."\t".$record['aux']."\t".$record['data']."\n"; | |
37 | } | |
0c266d48 | 38 | else if ($record['type'] == "TXT") { |
2aa91ff2 S |
39 | $txt = $record['data']; |
40 | ||
41 | if (strpos($txt, " ") !== false) { | |
42 | if (substr($txt, -1) != '"' && substr($txt, 0, 1) != '"') { | |
2bba853a | 43 | $record['data'] = '"'.$txt.'"'; |
2aa91ff2 S |
44 | } |
45 | } | |
46 | ||
47 | if (strpos($record['data'], "v=spf1") !== false) { | |
48 | $out .= $record['name']."\t".$record['ttl']."\tIN\tSPF\t" . $record['data']."\n"; | |
49 | } | |
50 | ||
51 | $out .= $record['name']."\t".$record['ttl']."\tIN\t".$record['type']."\t" . $record['data']."\n"; | |
52 | } | |
53 | else { | |
54 | $out .= $record['name']."\t".$record['ttl']."\tIN\t".$record['type']."\t\t" . $record['data']."\n"; | |
55 | } | |
56 | } | |
57 | ||
2bba853a S |
58 | $zskkey = false; |
59 | $kskkey = false; | |
2aa91ff2 | 60 | foreach ($zone['sec'] as $sec) { |
2bba853a S |
61 | $dir = "/srv/bind/dnssec/".$zone['soa']['origin']."/"; |
62 | if (!file_exists($dir)) { | |
63 | shell_exec("mkdir -p ".$dir); | |
2aa91ff2 S |
64 | } |
65 | ||
c3013d9c | 66 | if ($sec['type'] == "ZSK" || $sec['type'] == "KSK") { |
2aa91ff2 S |
67 | if (!empty($sec['public']) && !empty($sec['private'])) { |
68 | preg_match("/; This is a (key|zone)-signing key, keyid ([0-9]+), for ".$zone['soa']['origin']."/i", $sec['public'], $match); | |
69 | $filename1 = getFileName ($zone['soa']['origin'], $sec['algo'], $match[2], "pub"); | |
70 | $filename2 = getFileName ($zone['soa']['origin'], $sec['algo'], $match[2], "priv"); | |
71 | ||
2bba853a S |
72 | if (file_exists($dir.$filename1)) { |
73 | unlink($dir.$filename1); | |
2aa91ff2 S |
74 | } |
75 | ||
2bba853a S |
76 | if (file_exists($dir.$filename2)) { |
77 | unlink($dir.$filename2); | |
2aa91ff2 S |
78 | } |
79 | ||
2bba853a | 80 | $handler = fOpen($dir.$filename1, "a+"); |
2aa91ff2 S |
81 | fWrite($handler, $sec['public']); |
82 | fClose($handler); | |
83 | ||
2bba853a | 84 | $handler = fOpen($dir.$filename2, "a+"); |
2aa91ff2 S |
85 | fWrite($handler, $sec['private']); |
86 | fClose($handler); | |
87 | ||
2bba853a S |
88 | if (file_exists($dir.$filename1) && file_exists($dir.$filename2)) { |
89 | /* fallback for missing DNSKEY record */ | |
90 | if ($zsk === false || $ksk === false) { | |
91 | preg_match("/".$zone['soa']['origin']." IN DNSKEY ([0-9]+) ([0-9]+) ([0-9]+) ([\s\S]+)/i", $sec['public'], $match); | |
92 | $out .= $zone['soa']['origin']."\t60\tIN\tDNSKEY\t".$match[1]."\t".$match[2]." ".$match[3]." ".$match[4]."\n"; | |
93 | if ($sec['type'] == "ZSK") { | |
94 | $zsk = true; | |
95 | } | |
96 | else if ($sec['type'] == "KSK") { | |
97 | $ksk = true; | |
98 | } | |
99 | } | |
c3013d9c S |
100 | |
101 | if ($sec['type'] == "ZSK") { | |
2bba853a | 102 | $zskkey = true; |
c3013d9c | 103 | } |
2bba853a S |
104 | else if ($sec['type'] == "KSK") { |
105 | $kskkey = true; | |
c3013d9c | 106 | } |
2aa91ff2 S |
107 | } |
108 | } | |
109 | } | |
110 | } | |
111 | ||
c3013d9c | 112 | $sign = false; |
2bba853a | 113 | if ($zsk === true && $ksk === true && $zskkey === true && $kskkey === true) { |
c3013d9c S |
114 | $sign = true; |
115 | } | |
116 | ||
0c266d48 S |
117 | $handler = fOpen("/srv/bind/".$zone['soa']['origin']."db", "a+"); |
118 | fWrite($handler, $out); | |
2bba853a S |
119 | fClose($handler); |
120 | ||
c3013d9c S |
121 | $signed = false; |
122 | if ($sign === true) { | |
123 | shell_exec("cd /srv/bind/ && /usr/sbin/dnssec-signzone -r /dev/urandom -A -N INCREMENT -K /srv/bind/dnssec/".$zone['soa']['origin']."/ -o ".$zone['soa']['origin']." -t ".$zone['soa']['origin']."db"); | |
124 | if (file_exists("/srv/bind/".$zone['soa']['origin']."db.signed")) { | |
125 | $signed = true; | |
126 | } | |
2aa91ff2 S |
127 | } |
128 | ||
129 | $cout = "zone \"" . $zone['soa']['origin'] . "\" {\n"; | |
130 | $cout .= "\ttype master;\n"; | |
131 | $cout .= "\tnotify no;\n"; | |
132 | $cout .= "\tfile \"/srv/bind/".$zone['soa']['origin']."db".($signed === true ? ".signed" : "")."\";\n"; | |
133 | $cout .= "};\n\n"; | |
2bba853a | 134 | |
0c266d48 S |
135 | $handler = fOpen("/srv/bind/domains.cfg", "a+"); |
136 | fWrite($handler, $cout); | |
2bba853a | 137 | fClose($handler); |
2aa91ff2 | 138 | } |
0c266d48 | 139 | |
2aa91ff2 S |
140 | shell_exec("/etc/init.d/bind9 reload"); |
141 | } | |
142 | ||
143 | function getFileName ($zone, $algo, $id, $type) { | |
144 | $len = strlen($id); | |
145 | if ($len == "1") { | |
146 | $id = "0000".$id; | |
147 | } | |
148 | else if ($len == "2") { | |
149 | $id = "000".$id; | |
150 | } | |
151 | else if ($len == "3") { | |
152 | $id = "00".$id; | |
153 | } | |
154 | else if ($len == "4") { | |
155 | $id = "0".$id; | |
156 | } | |
157 | if ($type == "pub") { | |
158 | $type = "key"; | |
159 | } | |
160 | else if ($type == "priv") { | |
161 | $type = "private"; | |
162 | } | |
163 | ||
164 | if ($algo == "8") { | |
165 | $algo = "008"; | |
166 | } | |
167 | else if ($algo == "10") { | |
168 | $algo = "010"; | |
169 | } | |
170 | ||
171 | return "K".$zone."+".$algo."+".$id.".".$type; | |
172 | } |