diff options
author | Marcello Coutinho <marcellocoutinho@gmail.com> | 2013-10-23 18:11:00 -0200 |
---|---|---|
committer | Marcello Coutinho <marcellocoutinho@gmail.com> | 2013-10-23 18:11:00 -0200 |
commit | bddbf46510b426f60a32ed26c0698822b991d7f3 (patch) | |
tree | f878d5508b0379ae768b037dd0375d0761742dfe /config/bind/bind.inc | |
parent | 600c422388506b0b42a25ce61eacf18e43e04822 (diff) | |
download | pfsense-packages-bddbf46510b426f60a32ed26c0698822b991d7f3.tar.gz pfsense-packages-bddbf46510b426f60a32ed26c0698822b991d7f3.tar.bz2 pfsense-packages-bddbf46510b426f60a32ed26c0698822b991d7f3.zip |
bind - include redirect zone type, enable/disable zone option and fix sync code
Diffstat (limited to 'config/bind/bind.inc')
-rw-r--r-- | config/bind/bind.inc | 83 |
1 files changed, 62 insertions, 21 deletions
diff --git a/config/bind/bind.inc b/config/bind/bind.inc index 6ae870db..60fa23d5 100644 --- a/config/bind/bind.inc +++ b/config/bind/bind.inc @@ -60,9 +60,19 @@ function bind_zone_validate($post, $input_errors){ if( $_POST['forwarders'] == "") $input_errors[] = 'The field \'Forwarders\' is required for forward zones.'; break; + case 'redirect': + $_POST['tll']=300; + $_POST['refresh']=0; + $_POST['serial']=0; + $_POST['retry']=0; + $_POST['expire']=0; + $_POST['minimum']=0; + if($_POST['mail']=='') + $input_errors[] = "The field 'Mail Admin Zone' is required for {$_POST['type']} zones."; + default: if($_POST['nameserver']=='') - $input_errors[] = 'The field \'Name server\' is required for master zones.'; + $input_errors[] = "The field 'Name server' is required for {$_POST['type']} zones."; for ($i=0;$i < count($_POST);$i++){ if (key_exists("hostname$i",$_POST)){ if ($_POST['reverso']=="on"){ @@ -261,12 +271,7 @@ EOD; $bind_conf .= "\tmatch-clients { $viewmatchclients;};\n"; $bind_conf .= "\tallow-recursion { $viewallowrecursion;};\n"; $bind_conf .= "\t$viewcustomoptions\n\n"; - - $bind_conf .="\tzone \".\" {\n"; - $bind_conf .="\t\ttype hint;\n"; - $bind_conf .="\t\tfile \"/etc/namedb/named.root\";\n"; - $bind_conf .= "\t};\n\n"; - + if(is_array($config["installedpackages"]["bindzone"])) $bindzone = $config["installedpackages"]["bindzone"]["config"]; else @@ -276,8 +281,13 @@ EOD; for ($x=0; $x<sizeof($bindzone); $x++) { $zone = $bindzone[$x]; - + if ($zone['disabled']=="on"){ + continue; + } $zonename = $zone['name']; + if ($zonename=="."){ + $custom_root_zone[$i]=true; + } $zonetype = $zone['type']; $zoneview = $zone['view']; $zonecustom = base64_decode($zone['custom']); @@ -313,31 +323,39 @@ EOD; switch ($zonetype){ case "slave": $bind_conf .= "\t\tmasters { $zoneipslave; };\n"; + $bind_conf .= "\t\tallow-transfer {none;};\n"; + $bind_conf .= "\t\tnotify no;\n"; break; case "forward": $bind_conf .= "\t\tforward only;\n"; $bind_conf .= "\t\tforwarders { $zoneforwarders; };\n"; break; + case "redirect": + $bind_conf .= "\t\t# While using redirect zones,NXDOMAIN Redirection will not override DNSSEC\n"; + $bind_conf .= "\t\t# If the client has requested DNSSEC records (DO=1) and the NXDOMAIN response is signed then no substitution will occur\n"; + $bind_conf .= "\t\t# https://kb.isc.org/article/AA-00376/192/BIND-9.9-redirect-zones-for-NXDOMAIN-redirection.html\n"; + break; default: $bind_conf .= "\t\tallow-update { $zoneallowupdate;};\n"; $bind_conf .= "\t\tallow-query { $zoneallowquery;};\n"; $bind_conf .= "\t\tallow-transfer { $zoneallowtransfer;};\n"; - } - if ($zone['dnssec']=="on"){ - //https://kb.isc.org/article/AA-00626/ - $bind_conf .="\n\t\t# look for dnssec keys here:\n"; - $bind_conf .="\t\tkey-directory \"/etc/namedb/keys\";\n\n"; - $bind_conf .="\t\t# publish and activate dnssec keys:\n"; - $bind_conf .="\t\tauto-dnssec maintain;\n\n"; - $bind_conf .="\t\t# use inline signing:\n"; - $bind_conf .="\t\tinline-signing yes;\n\n"; - } + if ($zone['dnssec']=="on"){ + //https://kb.isc.org/article/AA-00626/ + $bind_conf .="\n\t\t# look for dnssec keys here:\n"; + $bind_conf .="\t\tkey-directory \"/etc/namedb/keys\";\n\n"; + $bind_conf .="\t\t# publish and activate dnssec keys:\n"; + $bind_conf .="\t\tauto-dnssec maintain;\n\n"; + $bind_conf .="\t\t# use inline signing:\n"; + $bind_conf .="\t\tinline-signing yes;\n\n"; + } + } if ($zonecustom != '') $bind_conf .= "\t\t$zonecustom\n"; $bind_conf .= "\t};\n\n"; switch($zonetype){ + case "redirect": case "master": //check/update slave dir permission chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype","bind"); @@ -369,7 +387,7 @@ EOD; $zone_conf .= ";\tDatabase file {$zonename}.DB for {$zonename} zone.\n"; $zone_conf .= ";\tDo not edit this file!!!\n"; $zone_conf .= ";\tZone version {$zoneserial}\n;\n"; - if($zonereverso == "on") + if($zonereverso == "on" || $zonetype =="redirect") $zone_conf .= "@\t IN SOA $zonenameserver. \t $zonemail. (\n"; else $zone_conf .= "$zonename.\t IN SOA $zonenameserver. \t $zonemail. (\n"; @@ -445,6 +463,12 @@ EOD; } } } + if (!$custom_root_zone[$i]){ + $bind_conf .="\tzone \".\" {\n"; + $bind_conf .="\t\ttype hint;\n"; + $bind_conf .="\t\tfile \"/etc/namedb/named.root\";\n"; + $bind_conf .= "\t};\n\n"; + } if($write_config > 0){ write_config("save result config file for zone on xml"); } @@ -489,6 +513,8 @@ EOD; mwexec("/usr/local/etc/rc.d/named.sh restart"); else mwexec("/usr/local/etc/rc.d/named.sh stop"); + //sync to backup servers + bind_sync_on_changes(); conf_mount_ro(); } @@ -546,6 +572,21 @@ function bind_print_javascript_type_zone(){ document.iform.expire.disabled = 1; document.iform.minimum.disabled = 1; break; + case 'redirect': + document.iform.slaveip.disabled = 1; + document.iform.tll.disabled = 1; + document.iform.nameserver.disabled = 0; + document.iform.reverso.disabled = 1; + document.iform.forwarders.disabled = 1; + document.iform.dnssec.disabled = 1; + document.iform.ipns.disabled = 1; + document.iform.mail.disabled = 0; + document.iform.serial.disabled = 0; + document.iform.refresh.disabled = 0; + document.iform.retry.disabled = 0; + document.iform.expire.disabled = 0; + document.iform.minimum.disabled = 0; + break; } } --> @@ -602,8 +643,8 @@ function delete_log_file(){ /* Uses XMLRPC to synchronize the changes to a remote node */ function bind_sync_on_changes() { global $config, $g; - if (is_array($config['installedpackages']['bind']['config'])){ - $bind_sync=$config['installedpackages']['bind']['config'][0]; + if (is_array($config['installedpackages']['bindsync']['config'])){ + $bind_sync=$config['installedpackages']['bindsync']['config'][0]; $synconchanges = $bind_sync['synconchanges']; $synctimeout = $bind_sync['synctimeout']; $master_zone_ip=$bind_sync['masterip']; |