aboutsummaryrefslogtreecommitdiffstats
path: root/config/bind/bind.inc
diff options
context:
space:
mode:
authorMarcello Coutinho <marcellocoutinho@gmail.com>2013-10-23 18:11:00 -0200
committerMarcello Coutinho <marcellocoutinho@gmail.com>2013-10-23 18:11:00 -0200
commitbddbf46510b426f60a32ed26c0698822b991d7f3 (patch)
treef878d5508b0379ae768b037dd0375d0761742dfe /config/bind/bind.inc
parent600c422388506b0b42a25ce61eacf18e43e04822 (diff)
downloadpfsense-packages-bddbf46510b426f60a32ed26c0698822b991d7f3.tar.gz
pfsense-packages-bddbf46510b426f60a32ed26c0698822b991d7f3.tar.bz2
pfsense-packages-bddbf46510b426f60a32ed26c0698822b991d7f3.zip
bind - include redirect zone type, enable/disable zone option and fix sync code
Diffstat (limited to 'config/bind/bind.inc')
-rw-r--r--config/bind/bind.inc83
1 files changed, 62 insertions, 21 deletions
diff --git a/config/bind/bind.inc b/config/bind/bind.inc
index 6ae870db..60fa23d5 100644
--- a/config/bind/bind.inc
+++ b/config/bind/bind.inc
@@ -60,9 +60,19 @@ function bind_zone_validate($post, $input_errors){
if( $_POST['forwarders'] == "")
$input_errors[] = 'The field \'Forwarders\' is required for forward zones.';
break;
+ case 'redirect':
+ $_POST['tll']=300;
+ $_POST['refresh']=0;
+ $_POST['serial']=0;
+ $_POST['retry']=0;
+ $_POST['expire']=0;
+ $_POST['minimum']=0;
+ if($_POST['mail']=='')
+ $input_errors[] = "The field 'Mail Admin Zone' is required for {$_POST['type']} zones.";
+
default:
if($_POST['nameserver']=='')
- $input_errors[] = 'The field \'Name server\' is required for master zones.';
+ $input_errors[] = "The field 'Name server' is required for {$_POST['type']} zones.";
for ($i=0;$i < count($_POST);$i++){
if (key_exists("hostname$i",$_POST)){
if ($_POST['reverso']=="on"){
@@ -261,12 +271,7 @@ EOD;
$bind_conf .= "\tmatch-clients { $viewmatchclients;};\n";
$bind_conf .= "\tallow-recursion { $viewallowrecursion;};\n";
$bind_conf .= "\t$viewcustomoptions\n\n";
-
- $bind_conf .="\tzone \".\" {\n";
- $bind_conf .="\t\ttype hint;\n";
- $bind_conf .="\t\tfile \"/etc/namedb/named.root\";\n";
- $bind_conf .= "\t};\n\n";
-
+
if(is_array($config["installedpackages"]["bindzone"]))
$bindzone = $config["installedpackages"]["bindzone"]["config"];
else
@@ -276,8 +281,13 @@ EOD;
for ($x=0; $x<sizeof($bindzone); $x++)
{
$zone = $bindzone[$x];
-
+ if ($zone['disabled']=="on"){
+ continue;
+ }
$zonename = $zone['name'];
+ if ($zonename=="."){
+ $custom_root_zone[$i]=true;
+ }
$zonetype = $zone['type'];
$zoneview = $zone['view'];
$zonecustom = base64_decode($zone['custom']);
@@ -313,31 +323,39 @@ EOD;
switch ($zonetype){
case "slave":
$bind_conf .= "\t\tmasters { $zoneipslave; };\n";
+ $bind_conf .= "\t\tallow-transfer {none;};\n";
+ $bind_conf .= "\t\tnotify no;\n";
break;
case "forward":
$bind_conf .= "\t\tforward only;\n";
$bind_conf .= "\t\tforwarders { $zoneforwarders; };\n";
break;
+ case "redirect":
+ $bind_conf .= "\t\t# While using redirect zones,NXDOMAIN Redirection will not override DNSSEC\n";
+ $bind_conf .= "\t\t# If the client has requested DNSSEC records (DO=1) and the NXDOMAIN response is signed then no substitution will occur\n";
+ $bind_conf .= "\t\t# https://kb.isc.org/article/AA-00376/192/BIND-9.9-redirect-zones-for-NXDOMAIN-redirection.html\n";
+ break;
default:
$bind_conf .= "\t\tallow-update { $zoneallowupdate;};\n";
$bind_conf .= "\t\tallow-query { $zoneallowquery;};\n";
$bind_conf .= "\t\tallow-transfer { $zoneallowtransfer;};\n";
- }
- if ($zone['dnssec']=="on"){
- //https://kb.isc.org/article/AA-00626/
- $bind_conf .="\n\t\t# look for dnssec keys here:\n";
- $bind_conf .="\t\tkey-directory \"/etc/namedb/keys\";\n\n";
- $bind_conf .="\t\t# publish and activate dnssec keys:\n";
- $bind_conf .="\t\tauto-dnssec maintain;\n\n";
- $bind_conf .="\t\t# use inline signing:\n";
- $bind_conf .="\t\tinline-signing yes;\n\n";
- }
+ if ($zone['dnssec']=="on"){
+ //https://kb.isc.org/article/AA-00626/
+ $bind_conf .="\n\t\t# look for dnssec keys here:\n";
+ $bind_conf .="\t\tkey-directory \"/etc/namedb/keys\";\n\n";
+ $bind_conf .="\t\t# publish and activate dnssec keys:\n";
+ $bind_conf .="\t\tauto-dnssec maintain;\n\n";
+ $bind_conf .="\t\t# use inline signing:\n";
+ $bind_conf .="\t\tinline-signing yes;\n\n";
+ }
+ }
if ($zonecustom != '')
$bind_conf .= "\t\t$zonecustom\n";
$bind_conf .= "\t};\n\n";
switch($zonetype){
+ case "redirect":
case "master":
//check/update slave dir permission
chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype","bind");
@@ -369,7 +387,7 @@ EOD;
$zone_conf .= ";\tDatabase file {$zonename}.DB for {$zonename} zone.\n";
$zone_conf .= ";\tDo not edit this file!!!\n";
$zone_conf .= ";\tZone version {$zoneserial}\n;\n";
- if($zonereverso == "on")
+ if($zonereverso == "on" || $zonetype =="redirect")
$zone_conf .= "@\t IN SOA $zonenameserver. \t $zonemail. (\n";
else
$zone_conf .= "$zonename.\t IN SOA $zonenameserver. \t $zonemail. (\n";
@@ -445,6 +463,12 @@ EOD;
}
}
}
+ if (!$custom_root_zone[$i]){
+ $bind_conf .="\tzone \".\" {\n";
+ $bind_conf .="\t\ttype hint;\n";
+ $bind_conf .="\t\tfile \"/etc/namedb/named.root\";\n";
+ $bind_conf .= "\t};\n\n";
+ }
if($write_config > 0){
write_config("save result config file for zone on xml");
}
@@ -489,6 +513,8 @@ EOD;
mwexec("/usr/local/etc/rc.d/named.sh restart");
else
mwexec("/usr/local/etc/rc.d/named.sh stop");
+ //sync to backup servers
+ bind_sync_on_changes();
conf_mount_ro();
}
@@ -546,6 +572,21 @@ function bind_print_javascript_type_zone(){
document.iform.expire.disabled = 1;
document.iform.minimum.disabled = 1;
break;
+ case 'redirect':
+ document.iform.slaveip.disabled = 1;
+ document.iform.tll.disabled = 1;
+ document.iform.nameserver.disabled = 0;
+ document.iform.reverso.disabled = 1;
+ document.iform.forwarders.disabled = 1;
+ document.iform.dnssec.disabled = 1;
+ document.iform.ipns.disabled = 1;
+ document.iform.mail.disabled = 0;
+ document.iform.serial.disabled = 0;
+ document.iform.refresh.disabled = 0;
+ document.iform.retry.disabled = 0;
+ document.iform.expire.disabled = 0;
+ document.iform.minimum.disabled = 0;
+ break;
}
}
-->
@@ -602,8 +643,8 @@ function delete_log_file(){
/* Uses XMLRPC to synchronize the changes to a remote node */
function bind_sync_on_changes() {
global $config, $g;
- if (is_array($config['installedpackages']['bind']['config'])){
- $bind_sync=$config['installedpackages']['bind']['config'][0];
+ if (is_array($config['installedpackages']['bindsync']['config'])){
+ $bind_sync=$config['installedpackages']['bindsync']['config'][0];
$synconchanges = $bind_sync['synconchanges'];
$synctimeout = $bind_sync['synctimeout'];
$master_zone_ip=$bind_sync['masterip'];