diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2015-04-07 17:46:28 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2015-04-07 17:46:28 -0300 |
| commit | 0f6e32810dabf2c257e5a7658c7163e0f0dacad5 (patch) | |
| tree | 10e850451a3234f2aa014aebd657015d80cc9aef /config/bind/bind.inc | |
| parent | 68f78d106986f2bc12fa3f3e57d35edd503ab448 (diff) | |
| parent | 2b81eb361ef2074d8ce60484e4a41a426be2ab23 (diff) | |
| download | pfsense-packages-0f6e32810dabf2c257e5a7658c7163e0f0dacad5.tar.gz pfsense-packages-0f6e32810dabf2c257e5a7658c7163e0f0dacad5.tar.bz2 pfsense-packages-0f6e32810dabf2c257e5a7658c7163e0f0dacad5.zip | |
Merge pull request #850 from gogglespisano/bind
Diffstat (limited to 'config/bind/bind.inc')
| -rw-r--r-- | config/bind/bind.inc | 1140 |
1 files changed, 606 insertions, 534 deletions
diff --git a/config/bind/bind.inc b/config/bind/bind.inc index 54d536d0..dc4a9de9 100644 --- a/config/bind/bind.inc +++ b/config/bind/bind.inc @@ -36,107 +36,124 @@ require_once('util.inc'); require_once('pfsense-utils.inc'); require_once('pkg-utils.inc'); require_once('service-utils.inc'); -if(!function_exists("filter_configure")) +if (!function_exists("filter_configure")) { require_once("filter.inc"); +} + +$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); +if ($pf_version > 2.0) { + define('BIND_LOCALBASE', '/usr/pbi/bind-'.php_uname("m")); +} else { + define('BIND_LOCALBASE', '/usr/local'); +} -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version > 2.0) - define('BIND_LOCALBASE', '/usr/pbi/bind-' . php_uname("m")); -else - define('BIND_LOCALBASE','/usr/local'); +define('CHROOT_LOCALBASE', '/cf/named'); -define('CHROOT_LOCALBASE','/cf/named'); +function bind_zone_validate($post, &$input_errors) +{ + if (array_key_exists("mail", $_POST)) { + $_POST['mail'] = preg_replace("/@/", ".", $post['mail']); + } -function bind_zone_validate($post, &$input_errors){ - if (key_exists("mail",$_POST)) - $_POST['mail']=preg_replace("/@/",".",$post['mail']); - - switch ($_POST['type']){ + switch ($_POST['type']) { case 'slave': - if( $_POST['slaveip'] == "") + if ($_POST['slaveip'] == "") { $input_errors[] = 'The field \'Master Zone IP\' is required for slave zones.'; - break; + } + break; case 'forward': - if( $_POST['forwarders'] == "") - $input_errors[] = 'The field \'Forwarders\' is required for forward zones.'; - break; + if ($_POST['forwarders'] == "") { + $input_errors[] = 'The field \'Forwarders\' is required for forward zones.'; + } + break; case 'redirect': - $_POST['tll']=300; - $_POST['refresh']=0; - $_POST['serial']=0; - $_POST['retry']=0; - $_POST['expire']=0; - $_POST['minimum']=0; - if($_POST['mail']=='') + $_POST['tll'] = 300; + $_POST['refresh'] = 0; + $_POST['serial'] = 0; + $_POST['retry'] = 0; + $_POST['expire'] = 0; + $_POST['minimum'] = 0; + if ($_POST['mail'] == '') { $input_errors[] = "The field 'Mail Admin Zone' is required for {$_POST['type']} zones."; - + } default: - if($_POST['nameserver']=='') + if ($_POST['nameserver'] == '') { $input_errors[] = "The field 'Name server' is required for {$_POST['type']} zones."; - for ($i=0;$i < count($_POST);$i++){ - if (key_exists("hostname$i",$_POST)){ - if ($_POST['reverso']=="on"){ - $_POST["hostvalue$i"]=""; - if (!preg_match("/(PTR|NS)/",$_POST["hosttype$i"])) + } + for ($i = 0; $i < count($_POST); $i++) { + if (array_key_exists("hostname$i", $_POST)) { + if ($_POST['reverso'] == "on") { + $_POST["hostvalue$i"] = ""; + if (!preg_match("/(PTR|NS)/", $_POST["hosttype$i"])) { $input_errors[] = 'On reverse zones, valid record types are NS or PTR'; } - if (preg_match("/(MX|NS)/",$_POST["hosttype$i"])) - $_POST["hostname$i"]=""; - if (!preg_match("/(MX|NS)/",$_POST["hosttype$i"]) && $_POST["hostname$i"]=="") + } + if (preg_match("/(MX|NS)/", $_POST["hosttype$i"])) { + $_POST["hostname$i"] = ""; + } + if (!preg_match("/(MX|NS)/", $_POST["hosttype$i"]) && $_POST["hostname$i"] == "") { $input_errors[] = 'Record cannot be empty for '.$_POST["hosttype$i"].' type '; - if ($_POST["hosttype$i"]=="MX" && $_POST["hostvalue$i"]=="") - $_POST["hostvalue$i"]="10"; - if ($_POST["hosttype$i"]!="MX" && $_POST["hostvalue$i"]!="") - $_POST["hostvalue$i"]=""; - if ($_POST["hostdst$i"]=="") + } + if ($_POST["hosttype$i"] == "MX" && $_POST["hostvalue$i"] == "") { + $_POST["hostvalue$i"] = "10"; + } + if ($_POST["hosttype$i"] != "MX" && $_POST["hostvalue$i"] != "") { + $_POST["hostvalue$i"] = ""; + } + if ($_POST["hostdst$i"] == "") { $input_errors[] = 'Alias or IP address cannot be empty.'; + } } } - } + break; + } } -function bind_sync(){ +function bind_sync() +{ global $config; conf_mount_rw(); //create rndc - $rndc_confgen="/usr/local/sbin/rndc-confgen"; - if (!file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsense") && file_exists($rndc_confgen)){ - exec("$rndc_confgen ",$rndc_conf); - foreach($rndc_conf as $line) - $confgen_file.="$line\n"; - file_put_contents(BIND_LOCALBASE."/etc/rndc-confgen.pfsense",$confgen_file); + $rndc_confgen = "/usr/local/sbin/rndc-confgen"; + if (!file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsense") && file_exists($rndc_confgen)) { + exec("$rndc_confgen ", $rndc_conf); + foreach ($rndc_conf as $line) { + $confgen_file .= "$line\n"; } - if (file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsense")){ - $rndc_conf=file(BIND_LOCALBASE."/etc/rndc-confgen.pfsense"); - $confgen="rndc.conf"; - $rndc_bindconf=""; - foreach ($rndc_conf as $line){ - if ($confgen =="rndc.conf"){ - if (!preg_match ("/^#/",$line)) - $rndc_file.=$line; - } - else{ - if (!preg_match ("/named.conf/",$line)) - $rndc_bindconf.=preg_replace('/#/',"",$line); + file_put_contents(BIND_LOCALBASE."/etc/rndc-confgen.pfsense", $confgen_file); + } + if (file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsense")) { + $rndc_conf = file(BIND_LOCALBASE."/etc/rndc-confgen.pfsense"); + $confgen = "rndc.conf"; + $rndc_bindconf = ""; + foreach ($rndc_conf as $line) { + if ($confgen == "rndc.conf") { + if (!preg_match("/^#/", $line)) { + $rndc_file .= $line; } - if (preg_match("/named.conf/",$line)){ - $confgen="named.conf"; - file_put_contents(BIND_LOCALBASE."/etc/rndc.conf",$rndc_file); + } else { + if (!preg_match("/named.conf/", $line)) { + $rndc_bindconf .= preg_replace('/#/', "", $line); } + } + if (preg_match("/named.conf/", $line)) { + $confgen = "named.conf"; + file_put_contents(BIND_LOCALBASE."/etc/rndc.conf", $rndc_file); + } } } - - $bind = $config["installedpackages"]["bind"]["config"][0]; + + $bind = $config['installedpackages']['bind']['config'][0]; $bind_enable = $bind['enable_bind']; $bind_forwarder = $bind['bind_forwarder']; $forwarder_ips = $bind['bind_forwarder_ips']; - $ram_limit = ($bind['bind_ram_limit']?$bind['bind_ram_limit']:"256M"); + $ram_limit = ($bind['bind_ram_limit'] ? $bind['bind_ram_limit'] : "256M"); $hide_version = $bind['bind_hide_version']; $bind_notify = $bind['bind_notify']; $custom_options = base64_decode($bind['bind_custom_options']); $bind_logging = $bind['bind_logging']; - $bind_conf ="#Bind pfsense configuration\n"; - $bind_conf .="#Do not edit this file!!!\n\n"; + $bind_conf = "#Bind pfsense configuration\n"; + $bind_conf .= "#Do not edit this file!!!\n\n"; $bind_conf .= "$rndc_bindconf\n"; $bind_conf .= <<<EOD @@ -145,280 +162,310 @@ options { pid-file "/var/run/named/pid"; statistics-file "/var/log/named.stats"; max-cache-size {$ram_limit}; - + EOD; // check response rate limit option //https://kb.isc.org/article/AA-01000/0/A-Quick-Introduction-to-Response-Rate-Limiting.html //http://ss.vix.su/~vjs/rl-arm.html - if ($bind['rate_enabled']=="on"){ - $rate_limit=($bind['rate_limit']?$bind['rate_limit']:"15"); - $log_only=($bind['log_only']=="no"?"no":"yes"); + if ($bind['rate_enabled'] == "on") { + $rate_limit = ($bind['rate_limit'] ? $bind['rate_limit'] : "15"); + $log_only = ($bind['log_only'] == "no" ? "no" : "yes"); $bind_conf .= <<<EOD - rate-limit { - responses-per-second {$rate_limit}; - log-only {$log_only}; - }; - + rate-limit { + responses-per-second { $rate_limit }; + log-only { $log_only }; + }; + EOD; } //check ips to listen on - if (preg_match("/All/",$bind['listenon'])){ - $bind_listenonv6="any;"; - $bind_listenon="any;"; - } - else{ - $bind_listenonv6=""; - $bind_listenon =""; - foreach (explode(',',$bind['listenon']) as $listenon){ - if (is_ipaddrv6($listenon)) + if (preg_match("/All/", $bind['listenon'])) { + $bind_listenonv6 = "any;"; + $bind_listenon = "any;"; + } else { + $bind_listenonv6 = ""; + $bind_listenon = ""; + foreach (explode(',', $bind['listenon']) as $listenon) { + if (is_ipaddrv6($listenon)) { $bind_listenonv6 .= $listenon."; "; - elseif (is_ipaddr($listenon)) + } elseif (is_ipaddr($listenon)) { $bind_listenon .= $listenon."; "; - else{ - $listenon=(pfSense_get_interface_addresses(convert_friendly_interface_to_real_interface_name($listenon))); - if (is_ipaddr($listenon['ipaddr'])) + } else { + $listenon = (pfSense_get_interface_addresses(convert_friendly_interface_to_real_interface_name($listenon))); + if (is_ipaddr($listenon['ipaddr'])) { $bind_listenon .= $listenon['ipaddr']."; "; - if(is_ipaddrv6($listenon['ipaddr6'])) + } + if (is_ipaddrv6($listenon['ipaddr6'])) { $bind_listenonv6 .= $listenon['ipaddr6']."; "; - } + } + } } } - $bind_listenonv6=($bind_listenonv6==""?"none;":$bind_listenonv6); - $bind_listenon=($bind_listenon==""?"none;":$bind_listenon); - //print "<PRE>$bind_listenonv6 $bind_listenon"; - if (key_exists("ipv6allow",$config['system'])){ - $bind_conf .="\t\tlisten-on-v6 { $bind_listenonv6 };\n"; - } - $bind_conf .="\t\tlisten-on { $bind_listenon };\n"; + $bind_listenonv6 = ($bind_listenonv6 == "" ? "none;" : $bind_listenonv6); + $bind_listenon = ($bind_listenon == "" ? "none;" : $bind_listenon); + // print "<PRE>$bind_listenonv6 $bind_listenon"; + if (array_key_exists("ipv6allow", $config['system'])) { + $bind_conf .= "\t\tlisten-on-v6 { $bind_listenonv6 };\n"; + } + $bind_conf .= "\tlisten-on { $bind_listenon };\n"; - #forwarder config - if ($bind_forwarder == on) - $bind_conf .="\t\tforwarders { $forwarder_ips };\n"; - if ($bind_notify == on) - $bind_conf .="\t\tnotify yes;\n"; - if ($hide_version == on) - $bind_conf .="\t\tversion none;\n"; + // forwarder config + if ($bind_forwarder == 'on') { + $bind_conf .= "\t\tforwarders { $forwarder_ips };\n"; + } + if ($bind_notify == 'on') { + $bind_conf .= "\t\tnotify yes;\n"; + } + if ($hide_version == 'on') { + $bind_conf .= "\t\tversion none;\n"; + } - $bind_conf .= preg_replace("/^/m","\t\t",$custom_options); + $bind_conf .= preg_replace("/^/m", "\t", $custom_options); $bind_conf .= "\n\t};\n\n"; - - if ($bind_logging == on){ + + if ($bind_logging == 'on') { //check if bind is included on syslog - $syslog_files=array("/etc/inc/system.inc","/var/etc/syslog.conf"); - $restart_syslog=0; - foreach ($syslog_files as $syslog_file){ - $syslog_file_data=file_get_contents($syslog_file); - if ( !preg_match("/dnsmasq,named,filterdns/",$syslog_file_data) || !preg_match("/'dnsmasq','named','filterdns'/",$syslog_file_data) ) { - $syslog_file_data=preg_replace("/dnsmasq,filterdns/","dnsmasq,named,filterdns",$syslog_file_data); - $syslog_file_data=preg_replace("/'dnsmasq','filterdns'/","'dnsmasq','named','filterdns'",$syslog_file_data); - file_put_contents($syslog_file,$syslog_file_data); + $syslog_files = array("/etc/inc/system.inc", "/var/etc/syslog.conf"); + $restart_syslog = 0; + foreach ($syslog_files as $syslog_file) { + $syslog_file_data = file_get_contents($syslog_file); + if (!preg_match("/dnsmasq,named,filterdns/", $syslog_file_data) || !preg_match("/'dnsmasq','named','filterdns'/", $syslog_file_data)) { + $syslog_file_data = preg_replace("/dnsmasq,filterdns/", "dnsmasq,named,filterdns", $syslog_file_data); + $syslog_file_data = preg_replace("/'dnsmasq','filterdns'/", "'dnsmasq','named','filterdns'", $syslog_file_data); + file_put_contents($syslog_file, $syslog_file_data); $restart_syslog++; - } } - if ($restart_syslog > 0){ + } + if ($restart_syslog > 0) { system("/usr/bin/killall -HUP syslogd"); } - $log_categories=explode(",",$bind['log_options']); - $log_severity=($bind['log_severity']?$bind['log_severity']:'default'); - if (sizeof($log_categories) > 0 && $log_categories[0]!=""){ + $log_categories = explode(",", $bind['log_options']); + $log_severity = ($bind['log_severity'] ? $bind['log_severity'] : 'default'); + if (sizeof($log_categories) > 0 && $log_categories[0] != "") { $bind_conf .= <<<EOD - - logging { - channel custom { - syslog daemon; - print-time no; - print-severity yes; - print-category yes; - severity {$log_severity}; - }; + +logging { + channel custom { + syslog daemon; + print-time no; + print-severity yes; + print-category yes; + severity {$log_severity}; + }; EOD; - foreach ($log_categories as $category) - $bind_conf .="\t\t\tcategory $category\t{custom;};\n"; - $bind_conf .="\t\t};\n\n"; - } - } - else { - $bind_conf .="\t\tlogging { category default { null; }; };\n\n"; - } - - #Config Zone domain - if(!is_array($config["installedpackages"]["bindacls"]) || !is_array($config["installedpackages"]["bindacls"]["config"])){ - $config["installedpackages"]["bindacls"]["config"][] = - array("name"=>"none","description"=>"BIND Built-in ACL","row"=>array("value"=>"","description"=>"")); - $config["installedpackages"]["bindacls"]["config"][] = - array("name"=>"any","description"=>"BIND Built-in ACL","row"=>array("value"=>"","description"=>"")); - $config["installedpackages"]["bindacls"]["config"][] = - array("name"=>"localhost","description"=>"BIND Built-in ACL","row"=>array("value"=>"","description"=>"")); - $config["installedpackages"]["bindacls"]["config"][] = - array("name"=>"localnets","description"=>"BIND Built-in ACL","row"=>array("value"=>"","description"=>"")); - write_config("Create BIND Built-in ACLs"); + foreach ($log_categories as $category) { + $bind_conf .= "\t\t\tcategory $category\t{custom;};\n"; + } + $bind_conf .= "\t\t};\n\n"; } - $bindacls = $config["installedpackages"]["bindacls"]["config"]; - for ($i=0; $i<sizeof($bindacls); $i++) - { + } else { + $bind_conf .= "\t\tlogging { category default { null; }; };\n\n"; + } + + // Config Zone domain + + // Add ACLS + if (!is_array($config['installedpackages']['bindacls']) || !is_array($config['installedpackages']['bindacls']['config'])) { + $config['installedpackages']['bindacls']['config'][] = + array("name" => "none", "description" => "BIND Built-in ACL", "row" => array("value" => "", "description" => "")); + $config['installedpackages']['bindacls']['config'][] = + array("name" => "any", "description" => "BIND Built-in ACL", "row" => array("value" => "", "description" => "")); + $config['installedpackages']['bindacls']['config'][] = + array("name" => "localhost", "description" => "BIND Built-in ACL", "row" => array("value" => "", "description" => "")); + $config['installedpackages']['bindacls']['config'][] = + array("name" => "localnets", "description" => "BIND Built-in ACL", "row" => array("value" => "", "description" => "")); + write_config("Create BIND Built-in ACLs"); + } + $bindacls = $config['installedpackages']['bindacls']['config']; + for ($i = 0; $i < sizeof($bindacls); $i++) { $aclname = $bindacls[$i]['name']; $aclhost = $bindacls[$i]['row']; - if($aclname != "none" && $aclname != "any" && $aclname != "localhost" && $aclname != "localnets"){ - $bind_conf .= "acl \"$aclname\" {\n"; - for ($u=0; $u<sizeof($aclhost); $u++) - { + if ($aclname != "none" && $aclname != "any" && $aclname != "localhost" && $aclname != "localnets") { + $bind_conf .= "acl \"$aclname\" {\n"; + for ($u = 0; $u < sizeof($aclhost); $u++) { $aclhostvalue = $aclhost[$u]['value']; $bind_conf .= "\t$aclhostvalue;\n"; } $bind_conf .= "};\n\n"; - } - } - - if(is_array($config["installedpackages"]["bindviews"])) - $bindview = $config["installedpackages"]["bindviews"]["config"]; - else - $bindview =array(); - - for ($i=0; $i<sizeof($bindview); $i++) - { - $views = $config["installedpackages"]["bindviews"]["config"][$i]; + } + } + + // Add Views + if (is_array($config['installedpackages']['bindviews'])) { + $bindview = $config['installedpackages']['bindviews']['config']; + } else { + $bindview = array(); + } + + for ($i = 0; $i < sizeof($bindview); $i++) { + $views = $config['installedpackages']['bindviews']['config'][$i]; $viewname = $views['name']; - $viewrecursion = $views['recursion']; - if($views['match-clients'] == '') + $viewrecursion = $views['recursion']; + if ($views['match-clients'] == '') { $viewmatchclients = "none"; - else - $viewmatchclients = str_replace(',','; ',$views['match-clients']); - if($views['allow-recursion'] == '') + } else { + $viewmatchclients = str_replace(',', '; ', $views['match-clients']); + } + if ($views['allow-recursion'] == '') { $viewallowrecursion = "none"; - else - $viewallowrecursion = str_replace(',','; ',$views['allow-recursion']); + } else { + $viewallowrecursion = str_replace(',', '; ', $views['allow-recursion']); + } $viewcustomoptions = base64_decode($views['bind_custom_options']); - - $bind_conf .= "view \"$viewname\" { \n\n"; - $bind_conf .= "\trecursion $viewrecursion;\n"; - $bind_conf .= "\tmatch-clients { $viewmatchclients;};\n"; - $bind_conf .= "\tallow-recursion { $viewallowrecursion;};\n"; - $bind_conf .= "\t$viewcustomoptions\n\n"; - - if(is_array($config["installedpackages"]["bindzone"])) - $bindzone = $config["installedpackages"]["bindzone"]["config"]; - else - $bindzone =array(); - $write_config=0; - for ($x=0; $x<sizeof($bindzone); $x++) - { + $bind_conf .= "view \"$viewname\" { \n\n"; + $bind_conf .= "\trecursion $viewrecursion;\n"; + $bind_conf .= "\tmatch-clients { $viewmatchclients; };\n"; + $bind_conf .= "\tallow-recursion { $viewallowrecursion; };\n"; + $bind_conf .= "\t$viewcustomoptions\n\n"; + + if (is_array($config['installedpackages']['bindzone'])) { + $bindzone = $config['installedpackages']['bindzone']['config']; + } else { + $bindzone = array(); + } + + // Add Zones in View + $write_config = 0; + for ($x = 0; $x < sizeof($bindzone); $x++) { $zone = $bindzone[$x]; - if ($zone['disabled']=="on"){ + if ($zone['disabled'] == "on") { continue; - } + } $zonename = $zone['name']; - if ($zonename=="."){ - $custom_root_zone[$i]=true; + if ($zonename == ".") { + $custom_root_zone[$i] = true; } $zonetype = $zone['type']; $zoneview = $zone['view']; $zonecustom = base64_decode($zone['custom']); $zoneipslave = $zone['slaveip']; - $zoneforwarders=$zone['forwarders']; + $zoneforwarders = $zone['forwarders']; $zonereverso = $zone['reverso']; - - if (!(is_dir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview"))) - mkdir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview",0755,true); - - if($zone['allowupdate'] == '') + + // Ensure zone view folder exists + if (!(is_dir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview"))) { + mkdir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview", 0755, true); + } + + if ($zone['allowupdate'] == '') { $zoneallowupdate = "none"; - else - $zoneallowupdate = str_replace(',','; ',$zone['allowupdate']); - if($zone['allowquery'] == '') + } else { + $zoneallowupdate = str_replace(',', '; ', $zone['allowupdate']); + } + if ($zone['allowquery'] == '') { $zoneallowquery = "none"; - else - $zoneallowquery = str_replace(',','; ',$zone['allowquery']); - if($zone['allowtransfer'] == '') + } else { + $zoneallowquery = str_replace(',', '; ', $zone['allowquery']); + } + if ($zone['allowtransfer'] == '') { $zoneallowtransfer = "none"; - else - $zoneallowtransfer = str_replace(',','; ',$zone['allowtransfer']); - - if ($zoneview == $viewname){ - if($zonereverso == "on") - $bind_conf .= "\tzone \"$zonename.in-addr.arpa\" {\n"; - else - $bind_conf .= "\tzone \"$zonename\" {\n"; - - $bind_conf .= "\t\ttype $zonetype;\n"; - if ($zonetype != "forward") - $bind_conf .= "\t\tfile \"/etc/namedb/$zonetype/$zoneview/$zonename.DB\";\n"; - switch ($zonetype){ - case "slave": - $bind_conf .= "\t\tmasters { $zoneipslave; };\n"; - $bind_conf .= "\t\tallow-transfer { $zoneallowtransfer;};\n"; - $bind_conf .= "\t\tnotify no;\n"; - break; - case "forward": - $bind_conf .= "\t\tforward only;\n"; - $bind_conf .= "\t\tforwarders { $zoneforwarders; };\n"; - break; - case "redirect": - $bind_conf .= "\t\t# While using redirect zones,NXDOMAIN Redirection will not override DNSSEC\n"; - $bind_conf .= "\t\t# If the client has requested DNSSEC records (DO=1) and the NXDOMAIN response is signed then no substitution will occur\n"; - $bind_conf .= "\t\t# https://kb.isc.org/article/AA-00376/192/BIND-9.9-redirect-zones-for-NXDOMAIN-redirection.html\n"; - break; - default: - $bind_conf .= "\t\tallow-update { $zoneallowupdate;};\n"; - $bind_conf .= "\t\tallow-query { $zoneallowquery;};\n"; - $bind_conf .= "\t\tallow-transfer { $zoneallowtransfer;};\n"; - if ($zone['dnssec']=="on"){ - //https://kb.isc.org/article/AA-00626/ - $bind_conf .="\n\t\t# look for dnssec keys here:\n"; - $bind_conf .="\t\tkey-directory \"/etc/namedb/keys\";\n\n"; - $bind_conf .="\t\t# publish and activate dnssec keys:\n"; - $bind_conf .="\t\tauto-dnssec maintain;\n\n"; - $bind_conf .="\t\t# use inline signing:\n"; - $bind_conf .="\t\tinline-signing yes;\n\n"; - } - } - if ($zonecustom != '') - $bind_conf .= "\t\t$zonecustom\n"; - - $bind_conf .= "\t};\n\n"; - - switch($zonetype){ - case "redirect": - case "master": - //check/update slave dir permission - chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype","bind"); - chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview","bind"); - $zonetll = ($zone['tll']?$zone['tll']:"43200"); - $zonemail = ($zone['mail']?$zone['mail']:"zonemaster.{$zonename}"); - $zonemail = preg_replace("/@/",".",$zonemail); + } else { + $zoneallowtransfer = str_replace(',', '; ', $zone['allowtransfer']); + } + + if ($zoneview == $viewname) { + // Add zone name + if ($zonereverso == "on") { + $bind_conf .= "\tzone \"$zonename.in-addr.arpa\" {\n"; + } else { + $bind_conf .= "\tzone \"$zonename\" {\n"; + } + + // Add zone file (if not forwarder) + $bind_conf .= "\t\ttype $zonetype;\n"; + if ($zonetype != "forward") { + $bind_conf .= "\t\tfile \"/etc/namedb/$zonetype/$zoneview/$zonename.DB\";\n"; + } + + // Add zone statements + switch ($zonetype) { + case 'slave': + $bind_conf .= "\t\tmasters { $zoneipslave; };\n"; + $bind_conf .= "\t\tallow-transfer { $zoneallowtransfer; };\n"; + $bind_conf .= "\t\tnotify no;\n"; + break; + case 'forward': + $bind_conf .= "\t\tforward only;\n"; + $bind_conf .= "\t\tforwarders { $zoneforwarders; };\n"; + break; + case 'redirect': + $bind_conf .= "\t\t# While using redirect zones,NXDOMAIN Redirection will not override DNSSEC\n"; + $bind_conf .= "\t\t# If the client has requested DNSSEC records (DO=1) and the NXDOMAIN response is signed then no substitution will occur\n"; + $bind_conf .= "\t\t# https://kb.isc.org/article/AA-00376/192/BIND-9.9-redirect-zones-for-NXDOMAIN-redirection.html\n"; + break; + default: + $bind_conf .= "\t\tallow-update { $zoneallowupdate; };\n"; + $bind_conf .= "\t\tallow-query { $zoneallowquery; };\n"; + $bind_conf .= "\t\tallow-transfer { $zoneallowtransfer; };\n"; + if ($zone['dnssec'] == "on") { + //https://kb.isc.org/article/AA-00626/ + $bind_conf .= "\n\t\t# look for dnssec keys here:\n"; + $bind_conf .= "\t\tkey-directory \"/etc/namedb/keys\";\n\n"; + $bind_conf .= "\t\t# publish and activate dnssec keys:\n"; + $bind_conf .= "\t\tauto-dnssec maintain;\n\n"; + $bind_conf .= "\t\t# use inline signing:\n"; + $bind_conf .= "\t\tinline-signing yes;\n\n"; + } + break; + } + + // Add custom zone statements + if ($zonecustom != '') { + $bind_conf .= "\t\t$zonecustom\n"; + } + + $bind_conf .= "\t};\n\n"; + + // Create zone config DB file + switch ($zonetype) { + case 'master': + case 'redirect': + // check/update slave dir permission + chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype", "bind"); + chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview", "bind"); + $zonetll = ($zone['tll'] ? $zone['tll'] : "43200"); + $zonemail = ($zone['mail'] ? $zone['mail'] : "zonemaster.{$zonename}"); + $zonemail = preg_replace("/@/", ".", $zonemail); $zoneserial = $zone['serial']; - $zonerefresh = ($zone['refresh']?$zone['refresh']:"3600"); - $zoneretry = ($zone['retry']?$zone['retry']:"600"); - $zoneexpire = ($zone['expire']?$zone['expire']:"86400"); - $zoneminimum = ($zone['minimum']?$zone['minimum']:"3600"); + $zonerefresh = ($zone['refresh'] ? $zone['refresh'] : "3600"); + $zoneretry = ($zone['retry'] ? $zone['retry'] : "600"); + $zoneexpire = ($zone['expire'] ? $zone['expire'] : "86400"); + $zoneminimum = ($zone['minimum'] ? $zone['minimum'] : "3600"); $zonenameserver = $zone['nameserver']; $zoneipns = $zone['ipns']; $zonereverso = $zone['reverso']; - if($zone['allowupdate'] == '') + if ($zone['allowupdate'] == '') { $zoneallowupdate = "none"; - else - $zoneallowupdate = str_replace(',','; ',$zone['allowupdate']); - if($zone['allowquery'] == '') + } else { + $zoneallowupdate = str_replace(',', '; ', $zone['allowupdate']); + } + if ($zone['allowquery'] == '') { $zoneallowquery = "none"; - else - $zoneallowquery = str_replace(',','; ',$zone['allowquery']); - if($zone['allowtransfer'] == '') + } else { + $zoneallowquery = str_replace(',', '; ', $zone['allowquery']); + } + if ($zone['allowtransfer'] == '') { $zoneallowtransfer = "none"; - else - $zoneallowtransfer = str_replace(',','; ',$zone['allowtransfer']); + } else { + $zoneallowtransfer = str_replace(',', '; ', $zone['allowtransfer']); + } + $zone_conf = "\$TTL {$zonetll}\n;\n"; - if($zonereverso == "on") + if ($zonereverso == "on") { $zone_conf .= "\$ORIGIN {$zonename}.in-addr.arpa.\n\n"; - else + } else { $zone_conf .= "\$ORIGIN {$zonename}.\n\n"; + } $zone_conf .= ";\tDatabase file {$zonename}.DB for {$zonename} zone.\n"; $zone_conf .= ";\tDo not edit this file!!!\n"; $zone_conf .= ";\tZone version {$zoneserial}\n;\n"; - if($zonereverso == "on" || $zonetype =="redirect") + if ($zonereverso == "on" || $zonetype == "redirect") { $zone_conf .= "@\t IN SOA $zonenameserver. \t $zonemail. (\n"; - else + } else { $zone_conf .= "$zonename.\t IN SOA $zonenameserver. \t $zonemail. (\n"; + } $zone_conf .= "\t\t$zoneserial ; serial\n"; $zone_conf .= "\t\t$zonerefresh ; refresh\n"; @@ -427,30 +474,31 @@ EOD; $zone_conf .= "\t\t$zoneminimum ; default_ttl\n\t\t)\n\n"; $zone_conf .= ";\n; Zone Records\n;\n"; - if($zonereverso == "on") + if ($zonereverso == "on") { $zone_conf .= "\t IN NS \t$zonenameserver.\n"; - else{ + } else { $zone_conf .= "@ \t IN NS \t$zonenameserver.\n"; - if ($zoneipns !="") + if ($zoneipns != "") { $zone_conf .= "@ \t IN A \t$zoneipns\n"; + } } - for ($y=0; $y<sizeof($zone['row']); $y++) - { - $hostname = (preg_match("/(MX|NS)/",$zone['row'][$y]['hosttype'])?"@":$zone['row'][$y]['hostname']); + for ($y = 0; $y < sizeof($zone['row']); $y++) { + $hostname = (preg_match("/(MX|NS)/", $zone['row'][$y]['hosttype']) ? "@" : $zone['row'][$y]['hostname']); $hosttype = $zone['row'][$y]['hosttype']; $hostdst = $zone['row'][$y]['hostdst']; - if (preg_match("/[a-zA-Z]/",$hostdst) && !preg_match("/(TXT|SPF|AAAA)/",$hosttype)) + if (preg_match("/[a-zA-Z]/", $hostdst) && !preg_match("/(TXT|SPF|AAAA)/", $hosttype)) { $hostdst .= "."; + } $hostvalue = $zone['row'][$y]['hostvalue']; - + $zone_conf .= "$hostname \t IN $hosttype $hostvalue \t$hostdst\n"; } - # Register DHCP static mappings - if (($zone[regdhcpstatic] == 'on') && is_array($config['dhcpd'])) { - $zoneparts = array_reverse(explode('.',$zonename)); + // Register DHCP static mappings + if (($zone['regdhcpstatic'] == 'on') && is_array($config['dhcpd'])) { + $zoneparts = array_reverse(explode('.', $zonename)); foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) { - if (!isset($dhcpifconf['enable']) || !is_array($dhcpifconf['staticmap'])) { + if (!isset($dhcpifconf['enable']) || !is_array($dhcpifconf['staticmap'])) { continue; } foreach ($dhcpifconf['staticmap'] as $host) { @@ -463,20 +511,20 @@ EOD; } else { continue; } - if (!is_hostname($host['hostname']) || !is_ipaddr($host['ipaddr'])) { + if (!is_hostname($host['hostname']) || !is_ipaddr($host['ipaddr'])) { continue; } if ($zonereverso == "on") { - $parts = explode('.',$host['ipaddr']); - $intersect = array_intersect_assoc($parts,$zoneparts); + $parts = explode('.', $host['ipaddr']); + $intersect = array_intersect_assoc($parts, $zoneparts); if (count($zoneparts) == count($intersect)) { - $diff = array_diff_assoc($parts,$zoneparts); - $shortaddr = implode('.',array_reverse($diff)); + $diff = array_diff_assoc($parts, $zoneparts); + $shortaddr = implode('.', array_reverse($diff)); $zone_conf .= "{$shortaddr}\tIN PTR\t{$host['hostname']}.{$domain}.\n"; } } else { - $parts = array_reverse(explode('.',$domain)); - $diff = array_diff_assoc($parts,$zoneparts); + $parts = array_reverse(explode('.', $domain)); + $diff = array_diff_assoc($parts, $zoneparts); if (count($diff) == 0) { $zone_conf .= "{$host['hostname']}\tIN A\t{$host['ipaddr']}\n"; } @@ -485,173 +533,184 @@ EOD; } } - if ($zone['customzonerecords']!=""){ + // Add custom zone records + if ($zone['customzonerecords'] != "") { $zone_conf .= "\n\n;\n;custom zone records\n;\n".base64_decode($zone['customzonerecords'])."\n"; } + + // Save zone configuration DB file file_put_contents(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB", $zone_conf); - $config["installedpackages"]["bindzone"]["config"][$x][resultconfig]=base64_encode($zone_conf); + + $config['installedpackages']['bindzone']['config'][$x]['resultconfig'] = base64_encode($zone_conf); $write_config++; //check dnssec keys creation for master zones - if($zone['dnssec']=="on"){ - $zone_found=0; - foreach (glob(CHROOT_LOCALBASE."/etc/namedb/keys/*{$zonename}*key",GLOB_NOSORT) as $filename){ + if ($zone['dnssec'] == "on") { + $zone_found = 0; + foreach (glob(CHROOT_LOCALBASE."/etc/namedb/keys/*{$zonename}*key", GLOB_NOSORT) as $filename) { $zone_found++; - } - if ($zone_found==0){ - $key_restored=0; - if(is_array($config['installedpackages']['dnsseckeys']) && is_array($config['installedpackages']['dnsseckeys']['config'])){ - foreach ($config['installedpackages']['dnsseckeys']['config']as $filer) - if (preg_match ("/K$zonename\.+/",$filer['fullfile'])){ - file_put_contents($filer['fullfile'],base64_decode($filer['filedata']),LOCK_EX); - chmod($filer['fullfile'],0700); - chown($filer['fullfile'],"bind"); + } + if ($zone_found == 0) { + $key_restored = 0; + if (is_array($config['installedpackages']['dnsseckeys']) && is_array($config['installedpackages']['dnsseckeys']['config'])) { + foreach ($config['installedpackages']['dnsseckeys']['config'] as $filer) { + if (preg_match("/K$zonename\.+/", $filer['fullfile'])) { + file_put_contents($filer['fullfile'], base64_decode($filer['filedata']), LOCK_EX); + chmod($filer['fullfile'], 0700); + chown($filer['fullfile'], "bind"); $key_restored++; - } } - if ($key_restored > 0){ + } + } + if ($key_restored > 0) { log_error("[bind] {$key_restored} DNSSEC keys restored from XML backup for {$zonename} zone."); + } + $dnssec_bin = "/usr/local/sbin/dnssec-keygen"; + if (file_exists($dnssec_bin) && $key_restored == 0) { + exec("{$dnssec_bin} -K ".CHROOT_LOCALBASE."/etc/namedb/keys {$zonename}", $kout); + exec("{$dnssec_bin} -K ".CHROOT_LOCALBASE."/etc/namedb/keys -fk {$zonename}", $kout); + foreach ($kout as $filename) { + chown(CHROOT_LOCALBASE."/etc/namedb/keys/{$filename}.key", "bind"); + chown(CHROOT_LOCALBASE."/etc/namedb/keys/{$filename}.private", "bind"); } - $dnssec_bin="/usr/local/sbin/dnssec-keygen"; - if (file_exists($dnssec_bin) && $key_restored==0){ - exec("{$dnssec_bin} -K ".CHROOT_LOCALBASE."/etc/namedb/keys {$zonename}",$kout); - exec("{$dnssec_bin} -K ".CHROOT_LOCALBASE."/etc/namedb/keys -fk {$zonename}",$kout); - foreach($kout as $filename){ - chown(CHROOT_LOCALBASE."/etc/namedb/keys/{$filename}.key","bind"); - chown(CHROOT_LOCALBASE."/etc/namedb/keys/{$filename}.private","bind"); - } log_error("[bind] DNSSEC keys for {$zonename} created."); - } - } - //get ds keys - $dsfromkey="/usr/local/sbin/dnssec-dsfromkey"; - foreach (glob(CHROOT_LOCALBASE."/etc/namedb/keys/*{$zonename}*key",GLOB_NOSORT) as $filename) { - $zone_key=file_get_contents($filename); - if (preg_match("/IN DNSKEY 257 /",$zone_key) && file_exists($dsfromkey)){ - exec("$dsfromkey $filename",$dsset); - $config["installedpackages"]["bindzone"]["config"][$x]['dsset']=base64_encode(array_pop($dsset)."\n".array_pop($dsset)); - $write_config++; - } } - //save dnssec keys to xml - - if($zone['backupkeys']=="on"){ - $dnssec_keys=0; - foreach (glob(CHROOT_LOCALBASE."/etc/namedb/keys/*{$zonename}*",GLOB_NOSORT) as $filename){ - $file_found=0; - if(is_array($config['installedpackages']['dnsseckeys']) && is_array($config['installedpackages']['dnsseckeys']['config'])){ - foreach ($config['installedpackages']['dnsseckeys']['config']as $filer){ - if ($filer['fullfile']==$filename) + } + // get ds keys + $dsfromkey = "/usr/local/sbin/dnssec-dsfromkey"; + foreach (glob(CHROOT_LOCALBASE."/etc/namedb/keys/*{$zonename}*key", GLOB_NOSORT) as $filename) { + $zone_key = file_get_contents($filename); + if (preg_match("/IN DNSKEY 257 /", $zone_key) && file_exists($dsfromkey)) { + exec("$dsfromkey $filename", $dsset); + $config['installedpackages']['bindzone']['config'][$x]['dsset'] = base64_encode(array_pop($dsset)."\n".array_pop($dsset)); + $write_config++; + } + } + + // save dnssec keys to xml + if ($zone['backupkeys'] == "on") { + $dnssec_keys = 0; + foreach (glob(CHROOT_LOCALBASE."/etc/namedb/keys/*{$zonename}*", GLOB_NOSORT) as $filename) { + $file_found = 0; + if (is_array($config['installedpackages']['dnsseckeys']) && is_array($config['installedpackages']['dnsseckeys']['config'])) { + foreach ($config['installedpackages']['dnsseckeys']['config'] as $filer) { + if ($filer['fullfile'] == $filename) { $file_found++; } } - if ($file_found==0){ - $config['installedpackages']['dnsseckeys']['config'][]=array('fullfile'=> $filename, - 'description'=> "bind {$zonename} DNSSEC backup file", - 'filedata'=> base64_encode(file_get_contents($filename))); + } + if ($file_found == 0) { + $config['installedpackages']['dnsseckeys']['config'][] = array('fullfile' => $filename, + 'description' => "bind {$zonename} DNSSEC backup file", + 'filedata' => base64_encode(file_get_contents($filename))); $write_config++; $dnssec_keys++; - } - } - if($dnssec_keys>0){ - log_error("[bind] {$dnssec_keys} DNSSEC keys for {$zonename} zone saved on XML config."); } } - } - break; - case "slave": - //check/update slave dir permission - chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype","bind"); - chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview","bind"); - //check if exists slave zone file - $rsconfig=""; - if ($zone['dnssec']=="on"){ - if (file_exists(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB.signed")) - exec("/usr/local/sbin/named-checkzone -D -f raw -o - {$zonename} ".CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB.signed",$slave_file); + if ($dnssec_keys > 0) { + log_error("[bind] {$dnssec_keys} DNSSEC keys for {$zonename} zone saved on XML config."); + } + } } - else{ - if (file_exists(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB")) - $slave_file=file(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB"); + break; + case 'slave': + // check/update slave dir permission + chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype", "bind"); + chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview", "bind"); + // check if exists slave zone file + $rsconfig = ""; + if ($zone['dnssec'] == "on") { + if (file_exists(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB.signed")) { + exec("/usr/local/sbin/named-checkzone -D -f raw -o - {$zonename} ".CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB.signed", $slave_file); + } + } else { + if (file_exists(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB")) { + $slave_file = file(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB"); + } } - if (is_array($slave_file)){ - foreach ($slave_file as $zfile) - $rsconfig.= $zfile; - $config["installedpackages"]["bindzone"]["config"][$x][resultconfig]=base64_encode($rsconfig); - $write_config++; - } - break; - } + // TODO is is_array() the best test to use? is it only checking for existence? + if (is_array($slave_file)) { + foreach ($slave_file as $zfile) { + $rsconfig .= $zfile; + } + } + $config['installedpackages']['bindzone']['config'][$x]['resultconfig'] = base64_encode($rsconfig); + $write_config++; + break; } + } } - if (!$custom_root_zone[$i]){ - $bind_conf .="\tzone \".\" {\n"; - $bind_conf .="\t\ttype hint;\n"; - $bind_conf .="\t\tfile \"/etc/namedb/named.root\";\n"; + if (!$custom_root_zone[$i]) { + $bind_conf .= "\tzone \".\" {\n"; + $bind_conf .= "\t\ttype hint;\n"; + $bind_conf .= "\t\tfile \"/etc/namedb/named.root\";\n"; $bind_conf .= "\t};\n\n"; - } - if($write_config > 0){ + } + if ($write_config > 0) { write_config("save result config file for zone on xml"); } $bind_conf .= "};\n"; } - $dirs=array("/etc/namedb/keys","/var/run/named","/var/dump","/var/log","/var/stats","/dev"); - foreach ($dirs as $dir){ - if (!is_dir(CHROOT_LOCALBASE .$dir)) - mkdir(CHROOT_LOCALBASE .$dir,0755,true); + $dirs = array("/etc/namedb/keys", "/var/run/named", "/var/dump", "/var/log", "/var/stats", "/dev"); + foreach ($dirs as $dir) { + if (!is_dir(CHROOT_LOCALBASE.$dir)) { + mkdir(CHROOT_LOCALBASE.$dir, 0755, true); } - //dev dirs for chroot - $bind_dev_dir=CHROOT_LOCALBASE."/dev"; - if (!file_exists("$bind_dev_dir/random")){ - $dev_dirs=array("null","zero","random","urandom"); - exec("/sbin/mount -t devfs devfs {$bind_dev_dir}",$dout); - exec("/sbin/devfs -m {$bind_dev_dir} ruleset 1",$dout); - exec("/sbin/devfs -m {$bind_dev_dir} rule add hide",$dout); - foreach ($dev_dirs as $dev_dir) - exec("/sbin/devfs -m {$bind_dev_dir} rule add path $dev_dir unhide",$dout); - exec("/sbin/devfs -m {$bind_dev_dir} rule applyset",$dout); - } - //http://www.unixwiz.net/techtips/bind9-chroot.html - file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/named.conf', $bind_conf); - file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/rndc.conf', $rndc_file); - - if (!file_exists(CHROOT_LOCALBASE."/etc/namedb/named.root")){ - //dig +tcp @a.root-servers.net > CHROOT_LOCALBASE."/etc/namedb/named.root" - $named_root=file_get_contents("http://www.internic.net/domain/named.root"); - file_put_contents(CHROOT_LOCALBASE."/etc/namedb/named.root",$named_root,LOCK_EX); - } - if (!file_exists(CHROOT_LOCALBASE."/etc/localtime")){ + } + // dev dirs for chroot + $bind_dev_dir = CHROOT_LOCALBASE."/dev"; + if (!file_exists("$bind_dev_dir/random")) { + $dev_dirs = array("null", "zero", "random", "urandom"); + exec("/sbin/mount -t devfs devfs {$bind_dev_dir}", $dout); + exec("/sbin/devfs -m {$bind_dev_dir} ruleset 1", $dout); + exec("/sbin/devfs -m {$bind_dev_dir} rule add hide", $dout); + foreach ($dev_dirs as $dev_dir) { + exec("/sbin/devfs -m {$bind_dev_dir} rule add path $dev_dir unhide", $dout); + } + exec("/sbin/devfs -m {$bind_dev_dir} rule applyset", $dout); + } + // http://www.unixwiz.net/techtips/bind9-chroot.html + file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/named.conf', $bind_conf); + file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/rndc.conf', $rndc_file); + + if (!file_exists(CHROOT_LOCALBASE."/etc/namedb/named.root")) { + // dig +tcp @a.root-servers.net > CHROOT_LOCALBASE."/etc/namedb/named.root" + $named_root = file_get_contents("http://www.internic.net/domain/named.root"); + file_put_contents(CHROOT_LOCALBASE."/etc/namedb/named.root", $named_root, LOCK_EX); + } + if (!file_exists(CHROOT_LOCALBASE."/etc/localtime")) { copy("/etc/localtime", CHROOT_LOCALBASE."/etc/localtime"); } - + bind_write_rcfile(); - chown(CHROOT_LOCALBASE."/etc/namedb/keys","bind"); - chown(CHROOT_LOCALBASE."/etc/namedb","bind"); - chown(CHROOT_LOCALBASE."/var/log","bind"); - chown(CHROOT_LOCALBASE."/var/run/named","bind"); - chgrp(CHROOT_LOCALBASE."/var/log","bind"); - $bind_sh="/usr/local/etc/rc.d/named.sh"; - if($bind_enable == "on"){ - chmod ($bind_sh,0755); - mwexec("{$bind_sh} restart"); - } - elseif (is_service_running('named')){ - mwexec("{$bind_sh} stop"); - chmod ($bind_sh,0644); - } - //sync to backup servers - bind_sync_on_changes(); - conf_mount_ro(); + chown(CHROOT_LOCALBASE."/etc/namedb/keys", "bind"); + chown(CHROOT_LOCALBASE."/etc/namedb", "bind"); + chown(CHROOT_LOCALBASE."/var/log", "bind"); + chown(CHROOT_LOCALBASE."/var/run/named", "bind"); + chgrp(CHROOT_LOCALBASE."/var/log", "bind"); + $bind_sh = "/usr/local/etc/rc.d/named.sh"; + if ($bind_enable == "on") { + chmod($bind_sh, 0755); + mwexec("{$bind_sh} restart"); + } elseif (is_service_running('named')) { + mwexec("{$bind_sh} stop"); + chmod($bind_sh, 0644); + } + // sync to backup servers + bind_sync_on_changes(); + conf_mount_ro(); } -function bind_print_javascript_type_zone(){ -?> - <script language="JavaScript"> - <!-- - function on_type_zone_changed() { - - var field = document.iform.type; - var tipo = field.options[field.selectedIndex].value; - switch (tipo){ - case 'master': +function bind_print_javascript_type_zone() +{ + ?> + <script language="JavaScript"> + <!-- + function on_type_zone_changed() { + + var field = document.iform.type; + var tipo = field.options[field.selectedIndex].value; + switch (tipo) { + case 'master': document.iform.slaveip.disabled = 1; document.iform.tll.disabled = 0; document.iform.nameserver.disabled = 0; @@ -667,8 +726,8 @@ function bind_print_javascript_type_zone(){ document.iform.retry.disabled = 0; document.iform.expire.disabled = 0; document.iform.minimum.disabled = 0; - break; - case 'slave': + break; + case 'slave': document.iform.slaveip.disabled = 0; document.iform.tll.disabled = 1; document.iform.nameserver.disabled = 1; @@ -685,7 +744,7 @@ function bind_print_javascript_type_zone(){ document.iform.expire.disabled = 1; document.iform.minimum.disabled = 1; break; - case 'forward': + case 'forward': document.iform.slaveip.disabled = 1; document.iform.tll.disabled = 1; document.iform.nameserver.disabled = 1; @@ -701,8 +760,8 @@ function bind_print_javascript_type_zone(){ document.iform.retry.disabled = 1; document.iform.expire.disabled = 1; document.iform.minimum.disabled = 1; - break; - case 'redirect': + break; + case 'redirect': document.iform.slaveip.disabled = 1; document.iform.tll.disabled = 1; document.iform.nameserver.disabled = 0; @@ -718,127 +777,137 @@ function bind_print_javascript_type_zone(){ document.iform.retry.disabled = 0; document.iform.expire.disabled = 0; document.iform.minimum.disabled = 0; - break; - } - } - --> - </script> -<?php + break; + default: + break; + } + } + --> + </script> + <?php } -function bind_print_javascript_type_zone2(){ - print("<script language=\"JavaScript\">on_type_zone_changed();document.iform.resultconfig.disabled = 1;document.iform.dsset.disabled = 1;</script>\n"); +function bind_print_javascript_type_zone2() +{ + print("<script language=\"JavaScript\">on_type_zone_changed();document.iform.resultconfig.disabled = 1;document.iform.dsset.disabled = 1;</script>\n"); } -function bind_write_rcfile() { - $rc = array(); - $BIND_LOCALBASE = "/usr/local"; - $rc['file'] = 'named.sh'; - $rc['start'] = <<<EOD -if [ -z "`ps auxw | grep "[n]amed -c /etc/namedb/named.conf"|awk '{print $2}'`" ];then - {$BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind -t /cf/named/ -fi - -EOD; - $rc['stop'] = <<<EOD -killall -9 named 2>/dev/null -sleep 2 +function bind_write_rcfile() +{ + $rc = array(); + $BIND_LOCALBASE = "/usr/local"; + $rc['file'] = 'named.sh'; + $rc['start'] = <<<EOD + if [ -z "`ps auxw | grep "[n]amed -c /etc/namedb/named.conf"|awk '{print $2}'`" ];then + {$BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind -t /cf/named/ + fi EOD; - $rc['restart'] = <<<EOD -if [ -z "`ps auxw | grep "[n]amed -c /etc/namedb/named.conf"|awk '{print $2}'`" ];then - {$BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind -t /cf/named/ - else + $rc['stop'] = <<<EOD killall -9 named 2>/dev/null - sleep 3 - {$BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind -t /cf/named/ - fi - + sleep 2 +EOD; + $rc['restart'] = <<<EOD + if [ -z "`ps auxw | grep "[n]amed -c /etc/namedb/named.conf"|awk '{print $2}'`" ];then + {$BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind -t /cf/named/ + else + killall -9 named 2>/dev/null + sleep 3 + {$BIND_LOCALBASE}/sbin/named -c /etc/namedb/named.conf -u bind -t /cf/named/ + fi EOD; - conf_mount_rw(); - write_rcfile($rc); - conf_mount_ro(); + conf_mount_rw(); + write_rcfile($rc); + conf_mount_ro(); } /* Uses XMLRPC to synchronize the changes to a remote node */ -function bind_sync_on_changes() { +function bind_sync_on_changes() +{ global $config, $g; - if (is_array($config['installedpackages']['bindsync']['config'])){ - $bind_sync=$config['installedpackages']['bindsync']['config'][0]; + if (is_array($config['installedpackages']['bindsync']['config'])) { + $bind_sync = $config['installedpackages']['bindsync']['config'][0]; $synconchanges = $bind_sync['synconchanges']; $synctimeout = $bind_sync['synctimeout']; - $master_zone_ip=$bind_sync['masterip']; - switch ($synconchanges){ - case "manual": - if (is_array($bind_sync[row])){ - $rs=$bind_sync[row]; - } - else{ + $master_zone_ip = $bind_sync['masterip']; + switch ($synconchanges) { + case 'manual': + if (is_array($bind_sync['row'])) { + $rs = $bind_sync['row']; + } else { log_error("[bind] xmlrpc sync is enabled but there is no hosts to push on bind config."); return; - } + } + break; + case 'auto': + if (is_array($config['hasync'])) { + $hasync = $config['hasync'][0]; + $rs[0]['ipaddress'] = $hasync['synchronizetoip']; + $rs[0]['username'] = $hasync['username']; + $rs[0]['password'] = $hasync['password']; + } else { + log_error("[bind] xmlrpc sync is enabled but there is no system backup hosts to push bind config."); + return; + } break; - case "auto": - if (is_array($config['hasync'])){ - $hasync=$config['hasync'][0]; - $rs[0]['ipaddress']=$hasync['synchronizetoip']; - $rs[0]['username']=$hasync['username']; - $rs[0]['password']=$hasync['password']; - } - else{ - log_error("[bind] xmlrpc sync is enabled but there is no system backup hosts to push bind config."); - return; - } - break; default: return; - break; + break; } - if (is_array($rs)){ + if (is_array($rs)) { log_error("[bind] xmlrpc sync is starting."); - foreach($rs as $sh){ + foreach ($rs as $sh) { $sync_to_ip = $sh['ipaddress']; $password = $sh['password']; - if($sh['username']) + if ($sh['username']) { $username = $sh['username']; - else + } else { $username = 'admin'; - if($password && $sync_to_ip) - bind_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout,$master_zone_ip); } - log_error("[bind] xmlrpc sync is ending."); + if ($password && $sync_to_ip) { + bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout, $master_zone_ip); + } } - } + log_error("[bind] xmlrpc sync is ending."); + } + } } + /* Do the actual XMLRPC sync */ -function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout,$master_zone_ip) { +function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout, $master_zone_ip) +{ global $config, $g; - if(!$username) + if (!$username) { return; - - if(!$password) + } + + if (!$password) { return; + } - if(!$sync_to_ip) + if (!$sync_to_ip) { return; + } + + if (!$synctimeout) { + $synctimeout = 25; + } + - if(!$synctimeout) - $synctimeout=25; - - $xmlrpc_sync_neighbor = $sync_to_ip; - if($config['system']['webgui']['protocol'] != "") { + if ($config['system']['webgui']['protocol'] != "") { $synchronizetoip = $config['system']['webgui']['protocol']; $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") + } + $port = $config['system']['webgui']['port']; + /* if port is empty lets rely on the protocol selection */ + if ($port == "") { + if ($config['system']['webgui']['protocol'] == "http") { $port = "80"; - else + } else { $port = "443"; - } + } + } $synchronizetoip .= $sync_to_ip; /* xml will hold the sections to sync */ @@ -847,17 +916,19 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout,$ma $xml['bindacls'] = $config['installedpackages']['bindacls']; $xml['bindviews'] = $config['installedpackages']['bindviews']; $xml['bindzone'] = $config['installedpackages']['bindzone']; - if (is_array($config['installedpackages']['dnsseckeys'])) - $xml['dnsseckeys']=$config['installedpackages']['dnsseckeys']; + if (is_array($config['installedpackages']['dnsseckeys'])) { + $xml['dnsseckeys'] = $config['installedpackages']['dnsseckeys']; + } //change master zone to slave on backup servers - if(is_array($xml['bindzone']["config"])) - for ($x=0; $x<sizeof($xml['bindzone']["config"]); $x++){ - if ($xml['bindzone']["config"][$x]['type']=="master"){ - $xml['bindzone']["config"][$x]['type']="slave"; - $xml['bindzone']["config"][$x]['slaveip']=$master_zone_ip; + if (is_array($xml['bindzone']["config"])) { + for ($x = 0; $x < sizeof($xml['bindzone']["config"]); $x++) { + if ($xml['bindzone']["config"][$x]['type'] == "master") { + $xml['bindzone']["config"][$x]['type'] = "slave"; + $xml['bindzone']["config"][$x]['slaveip'] = $master_zone_ip; } - + } + } /* assemble xmlrpc payload */ $params = array( XML_RPC_encode($password), @@ -871,52 +942,53 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout,$ma $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); - if($g['debug']) + if ($g['debug']) { $cli->setDebug(1); + } /* send our XMLRPC message and timeout after defined sync timeout value*/ $resp = $cli->send($msg, $synctimeout); - if(!$resp) { + if (!$resp) { $error = "A communications error occurred while attempting BIND XMLRPC sync with {$url}:{$port}."; log_error($error); file_notice("sync_settings", $error, "bind Settings Sync", ""); - } elseif($resp->faultCode()) { + } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); - $error = "An error code was received while attempting BIND XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + $error = "An error code was received while attempting BIND XMLRPC sync with {$url}:{$port} - Code ".$resp->faultCode().": ".$resp->faultString(); log_error($error); file_notice("sync_settings", $error, "bind Settings Sync", ""); } else { log_error("[bind] XMLRPC sync successfully completed with {$url}:{$port}."); } - + /* tell bind to reload our settings on the destination sync host. */ $method = 'pfsense.exec_php'; - $execcmd = "require_once('/usr/local/pkg/bind.inc');\n"; + $execcmd = "require_once('/usr/local/pkg/bind.inc');\n"; $execcmd .= "bind_sync('yes');"; /* assemble xmlrpc payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($execcmd) ); - + log_error("[bind] XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); $resp = $cli->send($msg, $synctimeout); - if(!$resp) { + if (!$resp) { $error = "A communications error occurred while attempting BIND XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("sync_settings", $error, "Bind Settings Sync", ""); - } elseif($resp->faultCode()) { + } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); - $error = "[Bind] An error code was received while attempting BIND XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + $error = "[Bind] An error code was received while attempting BIND XMLRPC sync with {$url}:{$port} - Code ".$resp->faultCode().": ".$resp->faultString(); log_error($error); file_notice("sync_settings", $error, "bind Settings Sync", ""); } else { log_error("BIND XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } - } + ?> |