From 146956ced860734364f56b412d32dd2ad58dab3e Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Thu, 24 Oct 2013 19:25:05 -0200 Subject: bind - include dnssec backup to xml option, include a lot of logging options and forward it to resolver systemlog tab via syslog. add more info on sync tab --- config/bind/bind.inc | 114 ++++++++++++++++++++++++++++++++++++--------- config/bind/bind.xml | 64 ++++++++++++++++++++++--- config/bind/bind_zones.xml | 7 +++ config/bind/pkg_bind.inc | 2 +- 4 files changed, 157 insertions(+), 30 deletions(-) (limited to 'config/bind') diff --git a/config/bind/bind.inc b/config/bind/bind.inc index 60fa23d5..66ed6301 100644 --- a/config/bind/bind.inc +++ b/config/bind/bind.inc @@ -204,26 +204,40 @@ EOD; $bind_conf .= "\t};\n\n"; if ($bind_logging == on){ -$bind_conf .= << 0){ + system("/usr/bin/killall -HUP syslogd"); + } + $log_categories=explode(",",$bind['log_options']); + $log_severity=($bind['log_severity']?$bind['log_severity']:'default'); + if (sizeof($log_categories) > 0 && $log_categories[0]!=""){ + $bind_conf .= << 0){ + log_error("[bind] {$key_restored} DNSSEC keys restored from XML backup for {$zonename} zone."); + } $dnssec_bin="/usr/local/sbin/dnssec-keygen"; - if (file_exists($dnssec_bin)){ + if (file_exists($dnssec_bin) && $key_restored==0){ exec("{$dnssec_bin} -K ".CHROOT_LOCALBASE."/etc/namedb/keys {$zonename}",$kout); exec("{$dnssec_bin} -K ".CHROOT_LOCALBASE."/etc/namedb/keys -fk {$zonename}",$kout); foreach($kout as $filename){ chown(CHROOT_LOCALBASE."/etc/namedb/keys/{$filename}.key","bind"); chown(CHROOT_LOCALBASE."/etc/namedb/keys/{$filename}.private","bind"); } + log_error("[bind] DNSSEC keys for {$zonename} created."); } } //get ds keys @@ -447,6 +475,30 @@ EOD; $write_config++; } } + //save dnssec keys to xml + + if($zone['backupkeys']=="on"){ + $dnssec_keys=0; + foreach (glob(CHROOT_LOCALBASE."/etc/namedb/keys/*{$zonename}*",GLOB_NOSORT) as $filename){ + $file_found=0; + if(is_array($config['installedpackages']['dnsseckeys']) && is_array($config['installedpackages']['dnsseckeys']['config'])){ + foreach ($config['installedpackages']['dnsseckeys']['config']as $filer){ + if ($filer['fullfile']==$filename) + $file_found++; + } + } + if ($file_found==0){ + $config['installedpackages']['dnsseckeys']['config'][]=array('fullfile'=> $filename, + 'description'=> "bind {$zonename} DNSSEC backup file", + 'filedata'=> base64_encode(file_get_contents($filename))); + $write_config++; + $dnssec_keys++; + } + } + if($dnssec_keys>0){ + log_error("[bind] {$dnssec_keys} DNSSEC keys for {$zonename} zone saved on XML config."); + } + } } break; case "slave": @@ -454,11 +506,21 @@ EOD; chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype","bind"); chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview","bind"); //check if exists slave zone file - if (file_exists(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB")){ - $slave_file=file_get_contents(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB"); - $config["installedpackages"]["bindzone"]["config"][$x][resultconfig]=base64_encode($slave_file); - $write_config++; + $rsconfig=""; + if ($zone['dnssec']=="on"){ + if (file_exists(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB.signed")) + exec("/usr/local/sbin/named-checkzone -D -f raw -o - {$zonename} ".CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB.signed",$slave_file); + } + else{ + if (file_exists(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB")) + $slave_file=file(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB"); } + if (is_array($slave_file)){ + foreach ($slave_file as $zfile) + $rsconfig.= $zfile; + $config["installedpackages"]["bindzone"]["config"][$x][resultconfig]=base64_encode($rsconfig); + $write_config++; + } break; } } @@ -534,6 +596,7 @@ function bind_print_javascript_type_zone(){ document.iform.reverso.disabled = 0; document.iform.forwarders.disabled = 1; document.iform.dnssec.disabled = 0; + document.iform.backupkeys.disabled = 0; document.iform.ipns.disabled = 0; document.iform.mail.disabled = 0; document.iform.serial.disabled = 0; @@ -549,6 +612,7 @@ function bind_print_javascript_type_zone(){ document.iform.reverso.disabled = 0; document.iform.forwarders.disabled = 1; document.iform.dnssec.disabled = 0; + document.iform.backupkeys.disabled = 0; document.iform.ipns.disabled = 1; document.iform.mail.disabled = 1; document.iform.serial.disabled = 1; @@ -564,6 +628,7 @@ function bind_print_javascript_type_zone(){ document.iform.reverso.disabled = 1; document.iform.forwarders.disabled = 0; document.iform.dnssec.disabled = 1; + document.iform.backupkeys.disabled = 1; document.iform.ipns.disabled = 1; document.iform.mail.disabled = 1; document.iform.serial.disabled = 1; @@ -579,6 +644,7 @@ function bind_print_javascript_type_zone(){ document.iform.reverso.disabled = 1; document.iform.forwarders.disabled = 1; document.iform.dnssec.disabled = 1; + document.iform.backupkeys.disabled = 1; document.iform.ipns.disabled = 1; document.iform.mail.disabled = 0; document.iform.serial.disabled = 0; @@ -728,6 +794,8 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout,$ma $xml['bindacls'] = $config['installedpackages']['bindacls']; $xml['bindviews'] = $config['installedpackages']['bindviews']; $xml['bindzone'] = $config['installedpackages']['bindzone']; + if (is_array($config['installedpackages']['dnsseckeys'])) + $xml['dnsseckeys']=$config['installedpackages']['dnsseckeys']; //change master zone to slave on backup servers if(is_array($xml['bindzone']["config"])) for ($x=0; $x - - Enable logging - bind_logging - Enable Bind logs, /var/log/named.log - checkbox - Enable Notify bind_notify @@ -177,6 +171,64 @@ 10 256M + + listtopic + Logging options + temp01 + + + Enable logging + bind_logging + system logs -> resolver menu.]]> + checkbox + + + Loggin serverity + log_severity + + use CTRL+click to select/unselect.
+ The value 'dynamic' means assume the global level defined by either the command line parameter -d or by running rndc trace.]]>
+ select + + + + + + + + + + + +
+ + Loggin options + log_options + + use CTRL+click to select/unselect.]]> + select + + + + + + + + + + + + + + + + + + + + + 18 + listtopic Response Rate Limit diff --git a/config/bind/bind_zones.xml b/config/bind/bind_zones.xml index db68d26c..d3adf630 100644 --- a/config/bind/bind_zones.xml +++ b/config/bind/bind_zones.xml @@ -183,9 +183,16 @@ Inline Signing dnssec + backupkeys Enable inline DNSSEC Signing afor this zones.]]> checkbox + + backup keys + backupkeys + + checkbox + DS set dsset diff --git a/config/bind/pkg_bind.inc b/config/bind/pkg_bind.inc index 23daed8e..3ed3351d 100644 --- a/config/bind/pkg_bind.inc +++ b/config/bind/pkg_bind.inc @@ -4,7 +4,7 @@ global $shortcuts; $shortcuts['bind'] = array(); $shortcuts['bind']['main'] = "pkg_edit.php?xml=bind.xml"; -$shortcuts['bind']['log'] = "diag_logs.php"; +$shortcuts['bind']['log'] = "diag_logs_resolver.php"; $shortcuts['bind']['status'] = "status_services.php"; $shortcuts['bind']['service'] = "named"; -- cgit v1.2.3