From 029a810a52873332daa6f6fbb3a96310978e849d Mon Sep 17 00:00:00 2001 From: Stuart Wyatt Date: Thu, 9 Apr 2015 10:31:00 -0700 Subject: BIND - add support for zone update-policy statement on master zones The update-policy statement allows the zone to specify, among other things, a key to be used for authorization of master zone updates Add a checkbox and text field to add an update-policy statement to the zone configuration. When the update-policy statement is used, it replaces the allow-update statement. --- config/bind/bind.inc | 18 +++++++++++++++++- config/bind/bind_zones.xml | 16 ++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/bind/bind.inc b/config/bind/bind.inc index 743e02d6..4d579689 100644 --- a/config/bind/bind.inc +++ b/config/bind/bind.inc @@ -368,6 +368,10 @@ EOD; } else { $zoneallowupdate = str_replace(',', '; ', $zone['allowupdate']); } + $zoneupdatepolicy = $zone['updatepolicy']; + if (!empty($zoneupdatepolicy)) { + $zoneupdatepolicy = rtrim($zoneupdatepolicy, ';'); + } if (empty($zone['allowquery'])) { $zoneallowquery = "none"; } else { @@ -416,9 +420,13 @@ EOD; $bind_conf .= "\t\tallow-query { $zoneallowquery; };\n"; break; default: - $bind_conf .= "\t\tallow-update { $zoneallowupdate; };\n"; $bind_conf .= "\t\tallow-query { $zoneallowquery; };\n"; $bind_conf .= "\t\tallow-transfer { $zoneallowtransfer; };\n"; + if ($zone['enable_updatepolicy'] == "on") { + $bind_conf .= "\t\tupdate-policy { $zoneupdatepolicy; };\n"; + } else { + $bind_conf .= "\t\tallow-update { $zoneallowupdate; };\n"; + } if ($zone['dnssec'] == "on") { //https://kb.isc.org/article/AA-00626/ $bind_conf .= "\n\t\t# look for dnssec keys here:\n"; @@ -739,6 +747,8 @@ function bind_print_javascript_type_zone() document.iform.minimum.disabled = 0; document.iform.allowquery.disabled = 0; document.iform.allowupdate.disabled = 0; + document.iform.enable_updatepolicy.disabled = 0; + document.iform.updatepolicy.disabled = 1; break; case 'slave': document.iform.slaveip.disabled = 0; @@ -759,6 +769,8 @@ function bind_print_javascript_type_zone() document.iform.minimum.disabled = 1; document.iform.allowquery.disabled = 0; document.iform.allowupdate.disabled = 1; + document.iform.enable_updatepolicy.disabled = 1; + document.iform.updatepolicy.disabled = 1; break; case 'forward': document.iform.slaveip.disabled = 1; @@ -779,6 +791,8 @@ function bind_print_javascript_type_zone() document.iform.minimum.disabled = 1; document.iform.allowquery.disabled = 1; document.iform.allowupdate.disabled = 1; + document.iform.enable_updatepolicy.disabled = 1; + document.iform.updatepolicy.disabled = 1; break; case 'redirect': document.iform.slaveip.disabled = 1; @@ -799,6 +813,8 @@ function bind_print_javascript_type_zone() document.iform.minimum.disabled = 0; document.iform.allowquery.disabled = 0; document.iform.allowupdate.disabled = 1; + document.iform.enable_updatepolicy.disabled = 1; + document.iform.updatepolicy.disabled = 1; break; default: break; diff --git a/config/bind/bind_zones.xml b/config/bind/bind_zones.xml index a227aabd..667fd608 100644 --- a/config/bind/bind_zones.xml +++ b/config/bind/bind_zones.xml @@ -311,6 +311,22 @@ 03 + + Enable Update-policy + enable_updatepolicy + + The update-policy statment replaces the allow-update statement.]]> + checkbox + updatepolicy + + + Update-policy + updatepolicy + + Do not include the surrounding { } when using multiple statements]]> + input + 75 + Allow-query allowquery -- cgit v1.2.3