Merge branch '4561-add-algorithm-selection-for-dnssec' into 'stable-3.1'

Implements #4561: SHA256 (ECDSAP256SHA256) Algorithm for DNNSEC and Algorithm...

Closes #4561

See merge request ispconfig/ispconfig3!1089

Author: Till Brehm

install/sql/incremental/upd_dev_collection.sql

@@ -65,3 +65,8 @@ ALTER TABLE `client` CHANGE `id_rsa` `id_rsa` TEXT CHARACTER SET utf8 COLLATE ut
 
 ALTER TABLE `directive_snippets` ADD `update_sites` ENUM('y','n') NOT NULL DEFAULT 'n' ;
 
+-- Add DNSSEC Algorithm setting
+ALTER TABLE `dns_soa` ADD `dnssec_algo` SET('NSEC3RSASHA1','ECDSAP256SHA256') NULL DEFAULT NULL AFTER `dnssec_wanted`;
+UPDATE `dns_soa` SET `dnssec_algo` = 'NSEC3RSASHA1' WHERE `dnssec_algo` IS NULL AND dnssec_initialized = 'Y';
+UPDATE `dns_soa` SET `dnssec_algo` = 'ECDSAP256SHA256' WHERE `dnssec_algo` IS NULL AND dnssec_initialized = 'N';
+ALTER TABLE `dns_soa` CHANGE `dnssec_algo` `dnssec_algo` SET('NSEC3RSASHA1','ECDSAP256SHA256') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'ECDSAP256SHA256';

install/sql/ispconfig3.sql

@@ -626,6 +626,7 @@ CREATE TABLE `dns_soa` (
   `update_acl` varchar(255) default NULL,
   `dnssec_initialized` ENUM('Y','N') NOT NULL DEFAULT 'N',
   `dnssec_wanted` ENUM('Y','N') NOT NULL DEFAULT 'N',
+  `dnssec_algo` SET('NSEC3RSASHA1','ECDSAP256SHA256') NOT NULL DEFAULT 'ECDSAP256SHA256',
   `dnssec_last_signed` BIGINT NOT NULL DEFAULT '0',
   `dnssec_info` TEXT NULL,
   PRIMARY KEY  (`id`),
@@ -2501,7 +2502,7 @@ INSERT INTO `country` (`iso`, `name`, `printable_name`, `iso3`, `numcode`, `eu`)
 -- Dumping data for table `dns_template`
 --
 
-INSERT INTO `dns_template` (`template_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `name`, `fields`, `template`, `visible`) VALUES (1, 1, 1, 'riud', 'riud', '', 'Default', 'DOMAIN,IP,NS1,NS2,EMAIL,DKIM,DNSSEC', '[ZONE]\norigin={DOMAIN}.\nns={NS1}.\nmbox={EMAIL}.\nrefresh=7200\nretry=540\nexpire=604800\nminimum=3600\nttl=3600\n\n[DNS_RECORDS]\nA|{DOMAIN}.|{IP}|0|3600\nA|www|{IP}|0|3600\nA|mail|{IP}|0|3600\nNS|{DOMAIN}.|{NS1}.|0|3600\nNS|{DOMAIN}.|{NS2}.|0|3600\nMX|{DOMAIN}.|mail.{DOMAIN}.|10|3600\nTXT|{DOMAIN}.|v=spf1 mx a ~all|0|3600', 'y');
+INSERT INTO `dns_template` (`template_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `name`, `fields`, `template`, `visible`) VALUES (1, 1, 1, 'riud', 'riud', '', 'Default', 'DOMAIN,IP,NS1,NS2,EMAIL,DKIM,DNSSEC', '[ZONE]\norigin={DOMAIN}.\nns={NS1}.\nmbox={EMAIL}.\nrefresh=7200\nretry=540\nexpire=604800\nminimum=3600\nttl=3600\ndnssec_algo=ECDSAP256SHA256\n\n[DNS_RECORDS]\nA|{DOMAIN}.|{IP}|0|3600\nA|www|{IP}|0|3600\nA|mail|{IP}|0|3600\nNS|{DOMAIN}.|{NS1}.|0|3600\nNS|{DOMAIN}.|{NS2}.|0|3600\nMX|{DOMAIN}.|mail.{DOMAIN}.|10|3600\nTXT|{DOMAIN}.|v=spf1 mx a ~all|0|3600', 'y');
 
 
 -- --------------------------------------------------------

interface/web/dns/dns_soa_edit.php

@@ -296,6 +296,8 @@ function onSubmit() {
 
 		$this->dataRecord["xfer"] = preg_replace('/\s+/', '', $this->dataRecord["xfer"]);
 		$this->dataRecord["also_notify"] = preg_replace('/\s+/', '', $this->dataRecord["also_notify"]);
+		
+		if(isset($this->dataRecord['dnssec_wanted']) && $this->dataRecord['dnssec_wanted'] == 'Y' && $this->dataRecord['dnssec_algo'] == '') $this->dataRecord['dnssec_algo'] = 'ECDSAP256SHA256';
 
 		//* Check if a secondary zone with the same name already exists
 		$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_slave WHERE origin = ? AND server_id = ?", $this->dataRecord["origin"], $this->dataRecord["server_id"]);

interface/web/dns/dns_wizard.php

@@ -339,6 +339,7 @@
 	$section = '';
 	$vars = array();
 	$vars['xfer']='';
+	$vars['dnssec_algo']='ECDSAP256SHA256';
 	$dns_rr = array();
 	foreach($tpl_rows as $row) {
 		$row = trim($row);
@@ -398,6 +399,7 @@
 		$xfer = $vars['xfer'];
 		$also_notify = $vars['also_notify'];
 		$update_acl = $vars['update_acl'];
+		$dnssec_algo = $vars['dnssec_algo'];
 		$serial = $app->validate_dns->increase_serial(0);
 
 		$insert_data = array(
@@ -420,7 +422,8 @@
 			"xfer" => $xfer,
 			"also_notify" => $also_notify,
 			"update_acl" => $update_acl,
-			"dnssec_wanted" => $enable_dnssec
+			"dnssec_wanted" => $enable_dnssec,
+			"dnssec_algo" => $dnssec_algo
 		);
 		$dns_soa_id = $app->db->datalogInsert('dns_soa', $insert_data, 'id');
 		if($dns_soa_id > 0) $app->plugin->raiseEvent('dns:wizard:on_after_insert', $dns_soa_id);

interface/web/dns/form/dns_soa.tform.php

@@ -276,6 +276,15 @@
 			'default' => 'Y',
 			'value'  => array(0 => 'N', 1 => 'Y')
 		),
+		'dnssec_algo' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'CHECKBOXARRAY',
+			'separator' => ',',
+			'default' => 'ECDSAP256SHA256',
+			'value'  => array('NSEC3RSASHA1' => '7 (NSEC3RSASHA1)','ECDSAP256SHA256' => '13 (ECDSAP256SHA256)'),
+			'width'  => '30',
+			'maxlength' => '255'
+		),
  		'dnssec_info' => array (
  			'datatype' => 'TEXT',
  			'formtype' => 'TEXTAREA',

interface/web/dns/lib/lang/ar_dns_soa.lng

@@ -41,4 +41,5 @@ $wb['dnssec_wanted_info'] = 'When disabling DNSSEC keys are not going to be dele
 $wb['error_not_allowed_server_id'] = 'The selected server is not allowed for this account.';
 $wb['soa_cannot_be_changed_txt'] = 'Die Zone (SOA) kann nicht verändert werden. Bitte kontaktieren Sie ihren Administrator, um die Zone zu ändern.';
 $wb['configuration_error_txt'] = 'CONFIGURATION ERROR';
+$wb['dnssec_algo_txt'] = 'DNSSEC Algorithm';
 ?>

interface/web/dns/lib/lang/bg_dns_soa.lng

@@ -41,4 +41,5 @@ $wb['dnssec_wanted_info'] = 'When disabling DNSSEC keys are not going to be dele
 $wb['error_not_allowed_server_id'] = 'The selected server is not allowed for this account.';
 $wb['soa_cannot_be_changed_txt'] = 'Die Zone (SOA) kann nicht verändert werden. Bitte kontaktieren Sie ihren Administrator, um die Zone zu ändern.';
 $wb['configuration_error_txt'] = 'CONFIGURATION ERROR';
+$wb['dnssec_algo_txt'] = 'DNSSEC Algorithm';
 ?>

interface/web/dns/lib/lang/br_dns_soa.lng

@@ -41,4 +41,5 @@ $wb['ttl_range_error'] = 'Intervalo mínimo do TTL são 60 segundos.';
 $wb['error_not_allowed_server_id'] = 'O servidor selecionado não é permitido para esta conta.';
 $wb['soa_cannot_be_changed_txt'] = 'A zona (SOA) não pode ser alterada. Por favor, contate o administrador se deseja alterar esta zona.';
 $wb['configuration_error_txt'] = 'ERRO DE CONFIGURAÇÃO';
+$wb['dnssec_algo_txt'] = 'DNSSEC Algorithm';
 ?>

interface/web/dns/lib/lang/ca_dns_soa.lng

@@ -41,4 +41,5 @@ $wb['dnssec_wanted_info'] = 'When disabling DNSSEC keys are not going to be dele
 $wb['error_not_allowed_server_id'] = 'The selected server is not allowed for this account.';
 $wb['soa_cannot_be_changed_txt'] = 'Die Zone (SOA) kann nicht verändert werden. Bitte kontaktieren Sie ihren Administrator, um die Zone zu ändern.';
 $wb['configuration_error_txt'] = 'CONFIGURATION ERROR';
+$wb['dnssec_algo_txt'] = 'DNSSEC Algorithm';
 ?>

interface/web/dns/lib/lang/cz_dns_soa.lng

@@ -41,4 +41,5 @@ $wb['dnssec_wanted_info'] = 'Když deaktivujete DNSSEC klíče nebudou odstraně
 $wb['error_not_allowed_server_id'] = 'Vybraný server není pro tento účet povolen.';
 $wb['soa_cannot_be_changed_txt'] = 'Die Zone (SOA) kann nicht verändert werden. Bitte kontaktieren Sie ihren Administrator, um die Zone zu ändern.';
 $wb['configuration_error_txt'] = 'CONFIGURATION ERROR';
+$wb['dnssec_algo_txt'] = 'DNSSEC Algorithm';
 ?>