aboutsummaryrefslogtreecommitdiffstats
path: root/config/bind/bind.inc
diff options
context:
space:
mode:
Diffstat (limited to 'config/bind/bind.inc')
-rw-r--r--config/bind/bind.inc227
1 files changed, 152 insertions, 75 deletions
diff --git a/config/bind/bind.inc b/config/bind/bind.inc
index 1bcefa16..6e04e649 100644
--- a/config/bind/bind.inc
+++ b/config/bind/bind.inc
@@ -51,40 +51,72 @@ function bind_zone_validate($post, $input_errors){
if (key_exists("mail",$_POST))
$_POST['mail']=preg_replace("/@/",".",$post['mail']);
- if ($_POST['type']=='slave'){
- if( $_POST['slaveip'] == "")
- $input_errors[] = 'The field \'Master Zone IP\' is required for slave zones.';
- }
- else{
- if($_POST['nameserver']=='')
- $input_errors[] = 'The field \'Name server\' is required for master zones.';
- for ($i=0;$i < count($_POST);$i++){
- if (key_exists("hostname$i",$_POST)){
- if ($_POST['reverso']=="on"){
- $_POST["hostvalue$i"]="";
- if (!preg_match("/(PTR|NS)/",$_POST["hosttype$i"]))
- $input_errors[] = 'On reverse zones, valid record types are NS or PTR';
- }
- if (preg_match("/(MX|NS)/",$_POST["hosttype$i"]))
- $_POST["hostname$i"]="";
- if (!preg_match("/(MX|NS)/",$_POST["hosttype$i"]) && $_POST["hostname$i"]=="")
- $input_errors[] = 'Record cannot be empty for '.$_POST["hosttype$i"].' type ';
- if ($_POST["hosttype$i"]=="MX" && $_POST["hostvalue$i"]=="")
- $_POST["hostvalue$i"]="10";
- if ($_POST["hosttype$i"]!="MX" && $_POST["hostvalue$i"]!="")
- $_POST["hostvalue$i"]="";
- if ($_POST["hostdst$i"]=="")
- $input_errors[] = 'Alias or IP address cannot be empty.';
+ switch ($_POST['type']){
+ case 'slave':
+ if( $_POST['slaveip'] == "")
+ $input_errors[] = 'The field \'Master Zone IP\' is required for slave zones.';
+ break;
+ case 'forward':
+ if( $_POST['forwarders'] == "")
+ $input_errors[] = 'The field \'Forwarders\' is required for forward zones.';
+ break;
+ default:
+ if($_POST['nameserver']=='')
+ $input_errors[] = 'The field \'Name server\' is required for master zones.';
+ for ($i=0;$i < count($_POST);$i++){
+ if (key_exists("hostname$i",$_POST)){
+ if ($_POST['reverso']=="on"){
+ $_POST["hostvalue$i"]="";
+ if (!preg_match("/(PTR|NS)/",$_POST["hosttype$i"]))
+ $input_errors[] = 'On reverse zones, valid record types are NS or PTR';
+ }
+ if (preg_match("/(MX|NS)/",$_POST["hosttype$i"]))
+ $_POST["hostname$i"]="";
+ if (!preg_match("/(MX|NS)/",$_POST["hosttype$i"]) && $_POST["hostname$i"]=="")
+ $input_errors[] = 'Record cannot be empty for '.$_POST["hosttype$i"].' type ';
+ if ($_POST["hosttype$i"]=="MX" && $_POST["hostvalue$i"]=="")
+ $_POST["hostvalue$i"]="10";
+ if ($_POST["hosttype$i"]!="MX" && $_POST["hostvalue$i"]!="")
+ $_POST["hostvalue$i"]="";
+ if ($_POST["hostdst$i"]=="")
+ $input_errors[] = 'Alias or IP address cannot be empty.';
}
}
- }
+ }
}
function bind_sync(){
global $config;
conf_mount_rw();
-
+ //create rndc
+ $rndc_confgen="/usr/local/sbin/rndc-confgen";
+ if (!file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsense") && file_exists($rndc_confgen)){
+ exec("$rndc_confgen ",$rndc_conf);
+ foreach($rndc_conf as $line)
+ $confgen_file.="$line\n";
+ file_put_contents(BIND_LOCALBASE."/etc/rndc-confgen.pfsese",$confgen_file);
+ }
+ if (file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsese")){
+ $rndc_conf=file(BIND_LOCALBASE."/etc/rndc-confgen.pfsese");
+ $confgen="rndc.conf";
+ $rndc_bindconf="";
+ foreach ($rndc_conf as $line){
+ if ($confgen =="rndc.conf"){
+ if (!preg_match ("/^#/",$line))
+ $rndc_file.=$line;
+ }
+ else{
+ if (!preg_match ("/named.conf/",$line))
+ $rndc_bindconf.=preg_replace('/#/',"",$line);
+ }
+ if (preg_match("/named.conf/",$line)){
+ $confgen="named.conf";
+ file_put_contents(BIND_LOCALBASE."/etc/rndc.conf",$rndc_file);
+ }
+ }
+ }
+
$bind = $config["installedpackages"]["bind"]["config"][0];
$bind_enable = $bind['enable_bind'];
$bind_forwarder = $bind['bind_forwarder'];
@@ -95,16 +127,17 @@ function bind_zone_validate($post, $input_errors){
$custom_options = base64_decode($bind['bind_custom_options']);
$bind_logging = $bind['bind_logging'];
$bind_conf ="#Bind pfsense configuration\n";
- $bind_conf .="#Do not edit this file!!!\n";
-$bind_conf .= <<<EOD
-
- options {
- directory "/etc/namedb";
- pid-file "/var/run/named/pid";
- statistics-file "/var/log/named.stats";
- max-cache-size {$ram_limit};
- query-source address * port 53;
-
+ $bind_conf .="#Do not edit this file!!!\n\n";
+ $bind_conf .= "$rndc_bindconf\n";
+ $bind_conf .= <<<EOD
+
+options {
+ directory "/etc/namedb";
+ pid-file "/var/run/named/pid";
+ statistics-file "/var/log/named.stats";
+ max-cache-size {$ram_limit};
+ query-source address * port 53;
+
EOD;
// check response rate limit option
//https://kb.isc.org/article/AA-01000/0/A-Quick-Introduction-to-Response-Rate-Limiting.html
@@ -250,6 +283,7 @@ EOD;
$zoneview = $zone['view'];
$zonecustom = $zone['custom'];
$zoneipslave = $zone['slaveip'];
+ $zoneforwarders=$zone['forwarders'];
$zonereverso = $zone['reverso'];
if (!(is_dir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview")))
@@ -275,22 +309,29 @@ EOD;
$bind_conf .= "\tzone \"$zonename\" {\n";
$bind_conf .= "\t\ttype $zonetype;\n";
- $bind_conf .= "\t\tfile \"/etc/namedb/$zonetype/$zoneview/$zonename.DB\";\n";
- if ($zonetype == "slave")
+ if ($zonetype != "forward")
+ $bind_conf .= "\t\tfile \"/etc/namedb/$zonetype/$zoneview/$zonename.DB\";\n";
+ switch ($zonetype){
+ case "slave":
$bind_conf .= "\t\tmasters { $zoneipslave; };\n";
- if ($zonetype != "slave")
+ break;
+ case "forward":
+ $bind_conf .= "\t\tforward only;\n";
+ $bind_conf .= "\t\tforwarders { $zoneforwarders; };\n";
+ break;
+ default:
$bind_conf .= "\t\tallow-update { $zoneallowupdate;};\n";
- if ($zonetype != "slave")
$bind_conf .= "\t\tallow-query { $zoneallowquery;};\n";
- if ($zonetype != "slave")
- $bind_conf .= "\t\tallow-transfer { $zoneallowtransfer;};\n";
+ $bind_conf .= "\t\tallow-transfer { $zoneallowtransfer;};\n";
+ }
if ($zonecustom != '')
$bind_conf .= "\t\t$zonecustom\n";
$bind_conf .= "\t};\n\n";
- if ($zonetype == "master"){
- $zonetll = $zone['tll'];
+ switch($zonetype){
+ case "master":
+ $zonetll = ($zone['tll']?$zone['tll']:"43200");
$zonemail = ($zone['mail']?$zone['mail']:"zonemaster.{$zonename}");
$zonemail = preg_replace("/@/",".",$zonemail);
$zoneserial = $zone['serial'];
@@ -350,14 +391,18 @@ EOD;
file_put_contents(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB", $zone_conf);
$config["installedpackages"]["bindzone"]["config"][$x][resultconfig]=base64_encode($zone_conf);
$write_config++;
- }
- else{
+ break;
+ case "slave":
+ //check/update slave dir permission
+ chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype","bind");
+ chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview","bind");
//check if exists slave zone file
if (file_exists(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB")){
$slave_file=file_get_contents(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB");
$config["installedpackages"]["bindzone"]["config"][$x][resultconfig]=base64_encode($slave_file);
$write_config++;
}
+ break;
}
}
}
@@ -366,17 +411,34 @@ EOD;
}
$bind_conf .= "};\n";
}
- $dirs=array("/etc/namedb","/var/run/named","/var/dump","/var/log","/var/stats");
+ $dirs=array("/etc/namedb","/var/run/named","/var/dump","/var/log","/var/stats","/dev");
foreach ($dirs as $dir){
if (!is_dir(CHROOT_LOCALBASE .$dir))
mkdir(CHROOT_LOCALBASE .$dir,0755,true);
}
- file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/named.conf', $bind_conf);
+ //http://www.unixwiz.net/techtips/bind9-chroot.html
+ //create devices on chroot
+ exec('ls -lL /dev/zero /dev/null /dev/random',$devs);
+ foreach ($devs as $cdev){
+ $dev=explode(" ",preg_replace("/,/","",$cdev));
+ if (preg_match("/\w+/",$dev[15]) && !file_exists(CHROOT_LOCALBASE.$dev[15])){
+ if (preg_match("/\d+/",$dev[9]) && preg_match("/\d+/",$dev[11]))
+ exec("/sbin/mknod ".CHROOT_LOCALBASE."{$dev[15]} c {$dev[9]} {$dev[11]}");
+ }
+ }
+
+ file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/named.conf', $bind_conf);
+ file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/rndc.conf', $rndc_file);
+
if (!file_exists(CHROOT_LOCALBASE."/etc/namedb/named.root")){
+ //dig +tcp @a.root-servers.net > CHROOT_LOCALBASE."/etc/namedb/named.root"
$named_root=file_get_contents("http://www.internic.net/domain/named.root");
file_put_contents(CHROOT_LOCALBASE."/etc/namedb/named.root",$named_root,LOCK_EX);
}
-
+ if (!file_exists(CHROOT_LOCALBASE."/etc/localtime")){
+ copy("/etc/localtime", CHROOT_LOCALBASE."/etc/localtime");
+ }
+
bind_write_rcfile();
chown(CHROOT_LOCALBASE."/var/log","bind");
chgrp(CHROOT_LOCALBASE."/var/log","bind");
@@ -395,32 +457,47 @@ function bind_print_javascript_type_zone(){
var field = document.iform.type;
var tipo = field.options[field.selectedIndex].value;
- if (tipo == 'master') {
-
- document.iform.slaveip.disabled = 1;
- document.iform.tll.disabled = 0;
- document.iform.nameserver.disabled = 0;
- document.iform.ipns.disabled = 0;
- document.iform.mail.disabled = 0;
- document.iform.serial.disabled = 0;
- document.iform.refresh.disabled = 0;
- document.iform.retry.disabled = 0;
- document.iform.expire.disabled = 0;
- document.iform.minimum.disabled = 0;
-
- }
- else {
- document.iform.slaveip.disabled = 0;
- document.iform.tll.disabled = 1;
- document.iform.nameserver.disabled = 1;
- document.iform.ipns.disabled = 1;
- document.iform.mail.disabled = 1;
- document.iform.serial.disabled = 1;
- document.iform.refresh.disabled = 1;
- document.iform.retry.disabled = 1;
- document.iform.expire.disabled = 1;
- document.iform.minimum.disabled = 1;
- }
+ switch (tipo){
+ case 'master':
+ document.iform.slaveip.disabled = 1;
+ document.iform.tll.disabled = 0;
+ document.iform.nameserver.disabled = 0;
+ document.iform.forwarders.disabled = 1;
+ document.iform.ipns.disabled = 0;
+ document.iform.mail.disabled = 0;
+ document.iform.serial.disabled = 0;
+ document.iform.refresh.disabled = 0;
+ document.iform.retry.disabled = 0;
+ document.iform.expire.disabled = 0;
+ document.iform.minimum.disabled = 0;
+ break;
+ case 'slave':
+ document.iform.slaveip.disabled = 0;
+ document.iform.tll.disabled = 1;
+ document.iform.nameserver.disabled = 1;
+ document.iform.forwarders.disabled = 1;
+ document.iform.ipns.disabled = 1;
+ document.iform.mail.disabled = 1;
+ document.iform.serial.disabled = 1;
+ document.iform.refresh.disabled = 1;
+ document.iform.retry.disabled = 1;
+ document.iform.expire.disabled = 1;
+ document.iform.minimum.disabled = 1;
+ break;
+ case 'forward':
+ document.iform.slaveip.disabled = 1;
+ document.iform.tll.disabled = 1;
+ document.iform.nameserver.disabled = 1;
+ document.iform.forwarders.disabled = 0;
+ document.iform.ipns.disabled = 1;
+ document.iform.mail.disabled = 1;
+ document.iform.serial.disabled = 1;
+ document.iform.refresh.disabled = 1;
+ document.iform.retry.disabled = 1;
+ document.iform.expire.disabled = 1;
+ document.iform.minimum.disabled = 1;
+ break;
+ }
}
-->
</script>
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-15 16:06:05 +0000