Skip to content

Commit 19522cd

Browse files
helmohelmo
committed
Add bind_keyfiles_dir config option
1 parent 810ed16 commit 19522cd

File tree

4 files changed

+35
-17
lines changed

4 files changed

+35
-17
lines changed

install/tpl/server.ini.master

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -127,6 +127,7 @@ php_fpm_default_chroot=n
127127
bind_user=root
128128
bind_group=bind
129129
bind_zonefiles_dir=/etc/bind
130+
bind_keyfiles_dir=/etc/bind
130131
named_conf_path=/etc/bind/named.conf
131132
named_conf_local_path=/etc/bind/named.conf.local
132133
disable_bind_log=n

interface/web/admin/form/server_config.tform.php

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1525,6 +1525,20 @@
15251525
'width' => '40',
15261526
'maxlength' => '255'
15271527
),
1528+
'bind_keyfiles_dir' => array(
1529+
'datatype' => 'VARCHAR',
1530+
'formtype' => 'TEXT',
1531+
'default' => '',
1532+
'validators' => array( 0 => array('type' => 'NOTEMPTY',
1533+
'errmsg' => 'bind_keyfiles_dir_error_empty'),
1534+
1 => array ( 'type' => 'REGEX',
1535+
'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{1,128}$/',
1536+
'errmsg'=> 'bind_keyfiles_dir_error_regex'),
1537+
),
1538+
'value' => '',
1539+
'width' => '40',
1540+
'maxlength' => '255'
1541+
),
15281542
'named_conf_path' => array(
15291543
'datatype' => 'VARCHAR',
15301544
'formtype' => 'TEXT',

interface/web/admin/templates/server_config_dns_edit.htm

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,9 @@
1111
<div class="form-group">
1212
<label for="bind_zonefiles_dir" class="col-sm-3 control-label">{tmpl_var name='bind_zonefiles_dir_txt'}</label>
1313
<div class="col-sm-9"><input type="text" name="bind_zonefiles_dir" id="bind_zonefiles_dir" value="{tmpl_var name='bind_zonefiles_dir'}" class="form-control" /></div></div>
14+
<div class="form-group">
15+
<label for="bind_keyfiles_dir" class="col-sm-3 control-label">{tmpl_var name='bind_keyfiles_dir_txt'}</label>
16+
<div class="col-sm-9"><input type="text" name="bind_keyfiles_dir" id="bind_keyfiles_dir" value="{tmpl_var name='bind_keyfiles_dir'}" class="form-control" /></div></div>
1417
<div class="form-group">
1518
<label for="named_conf_path" class="col-sm-3 control-label">{tmpl_var name='named_conf_path_txt'}</label>
1619
<div class="col-sm-9"><input type="text" name="named_conf_path" id="named_conf_path" value="{tmpl_var name='named_conf_path'}" class="form-control" /></div></div>

server/plugins-available/bind_plugin.inc.php

Lines changed: 17 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -98,11 +98,11 @@ function soa_dnssec_create(&$data) {
9898

9999
//* Verify that we do not already have keys (overwriting-protection)
100100
if($data['old']['dnssec_algo'] == $data['new']['dnssec_algo']) {
101-
if (file_exists($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.')) {
101+
if (file_exists($dns_config['bind_keyfiles_dir'].'/dsset-'.$domain.'.')) {
102102
return $this->soa_dnssec_update($data);
103103
} else if ($data['new']['dnssec_initialized'] == 'Y') { //In case that we generated keys but the dsset-file was not generated
104104
$keycount=0;
105-
foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) {
105+
foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'*.key') as $keyfile) {
106106
$keycount++;
107107
}
108108
if ($keycount > 0) {
@@ -116,11 +116,11 @@ function soa_dnssec_create(&$data) {
116116
$dnssec_algo = explode(',',$data['new']['dnssec_algo']);
117117

118118
//* Create the Zone Signing and Key Signing Keys
119-
if(in_array('ECDSAP256SHA256',$dnssec_algo) && count(glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+013*.key')) == 0) {
120-
$app->system->exec_safe('cd ?; dnssec-keygen -3 -a ECDSAP256SHA256 -n ZONE ?; dnssec-keygen -f KSK -3 -a ECDSAP256SHA256 -n ZONE ?', $dns_config['bind_zonefiles_dir'], $domain, $domain);
119+
if(in_array('ECDSAP256SHA256',$dnssec_algo) && count(glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+013*.key')) == 0) {
120+
$app->system->exec_safe('cd ?; dnssec-keygen -3 -a ECDSAP256SHA256 -n ZONE ?; dnssec-keygen -f KSK -3 -a ECDSAP256SHA256 -n ZONE ?', $dns_config['bind_keyfiles_dir'], $domain, $domain);
121121
}
122-
if(in_array('NSEC3RSASHA1',$dnssec_algo) && count(glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+007*.key')) == 0) {
123-
$app->system->exec_safe('cd ?; dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE ?; dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE ?', $dns_config['bind_zonefiles_dir'], $domain, $domain);
122+
if(in_array('NSEC3RSASHA1',$dnssec_algo) && count(glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+007*.key')) == 0) {
123+
$app->system->exec_safe('cd ?; dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE ?; dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE ?', $dns_config['bind_keyfiles_dir'], $domain, $domain);
124124
}
125125

126126
$this->soa_dnssec_sign($data); //Now sign the zone for the first time
@@ -149,17 +149,17 @@ function soa_dnssec_sign(&$data) {
149149

150150
//* Include ECDSAP256SHA256 keys in zone
151151
if(in_array('ECDSAP256SHA256',$dnssec_algo)) {
152-
foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+013*.key') as $keyfile) {
153-
$includeline = '$INCLUDE '.basename($keyfile);
152+
foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+013*.key') as $keyfile) {
153+
$includeline = '$INCLUDE ' . $keyfile;
154154
if (!preg_match('@'.preg_quote($includeline).'@', $zonefile)) $zonefile .= "\n".$includeline."\n";
155155
$keycount++;
156156
}
157157
}
158158

159159
//* Include NSEC3RSASHA1 keys in zone
160160
if(in_array('NSEC3RSASHA1',$dnssec_algo)) {
161-
foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+007*.key') as $keyfile) {
162-
$includeline = '$INCLUDE '.basename($keyfile);
161+
foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+007*.key') as $keyfile) {
162+
$includeline = '$INCLUDE ' . $keyfile;
163163
if (!preg_match('@'.preg_quote($includeline).'@', $zonefile)) $zonefile .= "\n".$includeline."\n";
164164
$keycount++;
165165
}
@@ -171,20 +171,20 @@ function soa_dnssec_sign(&$data) {
171171
file_put_contents($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain, $zonefile);
172172

173173
//* Sign the zone and set it valid for max. 16 days
174-
$app->system->exec_safe('cd ?; dnssec-signzone -A -e +1382400 -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o ? -t ?', $dns_config['bind_zonefiles_dir'], $domain, $filespre.$domain);
174+
$app->system->exec_safe('cd ?; dnssec-signzone -A -e +1382400 -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o ? -K ? -t ?', $dns_config['bind_zonefiles_dir'], $domain, $dns_config['bind_keyfiles_dir'], $dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain);
175175

176176
//* Write Data back ino DB
177-
$dnssecdata = "DS-Records:\n".file_get_contents($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.');
177+
$dnssecdata = "DS-Records:\n".file_get_contents($dns_config['bind_keyfiles_dir'].'/dsset-'.$domain.'.');
178178
$dnssecdata .= "\n------------------------------------\n\nDNSKEY-Records:\n";
179179

180180
if(in_array('ECDSAP256SHA256',$dnssec_algo)) {
181-
foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+013*.key') as $keyfile) {
181+
foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+013*.key') as $keyfile) {
182182
$dnssecdata .= file_get_contents($keyfile)."\n\n";
183183
}
184184
}
185185

186186
if(in_array('NSEC3RSASHA1',$dnssec_algo)) {
187-
foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+007*.key') as $keyfile) {
187+
foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+007*.key') as $keyfile) {
188188
$dnssecdata .= file_get_contents($keyfile)."\n\n";
189189
}
190190
}
@@ -213,7 +213,7 @@ function soa_dnssec_update(&$data, $new=false) {
213213
return false;
214214
}
215215

216-
if (!$new && !file_exists($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.')) $this->soa_dnssec_create($data);
216+
if (!$new && !file_exists($dns_config['bind_keyfiles_dir'].'/dsset-'.$domain.'.')) $this->soa_dnssec_create($data);
217217

218218
$dbdata = $app->db->queryOneRecord('SELECT id,serial FROM dns_soa WHERE id=?', intval($data['new']['id']));
219219
$app->system->exec_safe('cd ?; named-checkzone ? ? | egrep -ho \'[0-9]{10}\'', $dns_config['bind_zonefiles_dir'], $domain, $dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain);
@@ -237,12 +237,12 @@ function soa_dnssec_delete(&$data) {
237237

238238
$domain = substr($data['new']['origin'], 0, strlen($data['new']['origin'])-1);
239239

240-
$key_files = glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+*');
240+
$key_files = glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+*');
241241
foreach($key_files as $file) {
242242
unlink($file);
243243
}
244244
unlink($dns_config['bind_zonefiles_dir'].'/'.$this->zone_file_prefix().$domain.'.signed');
245-
unlink($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.');
245+
unlink($dns_config['bind_keyfiles_dir'].'/dsset-'.$domain.'.');
246246

247247
if ($app->dbmaster !== $app->db) $app->dbmaster->query('UPDATE dns_soa SET dnssec_info=\'\', dnssec_initialized=\'N\' WHERE id=?', intval($data['new']['id']));
248248
$app->db->query('UPDATE dns_soa SET dnssec_info=\'\', dnssec_initialized=\'N\' WHERE id=?', intval($data['new']['id']));

0 commit comments

Comments
 (0)