DNSSEC-Switch: Server modifications

Author: A. Täffner

server/plugins-available/bind_plugin.inc.php

@@ -145,7 +145,15 @@ function soa_update($event_name, $data) {
 			unset($records_out);
 			unset($zone);
 		}
-
+		
+		//* DNSSEC-Implementation
+		if($data['old']['origin'] != $data['new']['origin']) {			
+			if (@$data['old']['dnssec_initialized'] == 'Y' && strlen(@$data['old']['origin']) > 3) exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.escapeshellcmd($data['old']['origin'])); //delete old keys
+			if ($data['new']['dnssec_wanted'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-create.sh '.escapeshellcmd($data['new']['origin'])); //Create new keys for new origin
+		}
+		if ($data['new']['dnssec_wanted'] == 'Y' AND $data['new']['dnssec_initialized'] == 'N') if ($data['new']['dnssec_wanted'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-create.sh '.escapeshellcmd($data['new']['origin'])); //Create new keys for new origin
+		else if ($data['old']['dnssec_wanted'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-update.sh '.escapeshellcmd($data['new']['origin']));
+		
 		//* rebuild the named.conf file if the origin has changed or when the origin is inserted.
 		//if($this->action == 'insert' || $data['old']['origin'] != $data['new']['origin']) {
 		$this->write_named_conf($data, $dns_config);
@@ -163,15 +171,9 @@ function soa_update($event_name, $data) {
 
 			if(is_file($filename)) unlink($filename);
 			if(is_file($filename.'.err')) unlink($filename.'.err');
- 			
- 			//* DNSSEC-Implementation
- 			if (strlen($data['old']['origin']) > 3) exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete old keys
- 			exec('/usr/local/ispconfig/server/scripts/dnssec-create.sh '.$data['new']['origin']); //Create new keys for new origin
+			if(is_file($filename.'.signed')) unlink($filename.'.signed');
  		}
 
- 		//* DNSSEC-Implementation
- 		exec('/usr/local/ispconfig/server/scripts/dnssec-update.sh '.$data['new']['origin']);
-
 		//* Restart bind nameserver if update_acl is not empty, otherwise reload it
 		if($data['new']['update_acl'] != '') {
 			$app->services->restartServiceDelayed('bind', 'restart');
@@ -205,7 +207,7 @@ function soa_delete($event_name, $data) {
 		$app->log("Deleting BIND domain file: ".$zone_file_name, LOGLEVEL_DEBUG);
 
  		//* DNSSEC-Implementation
- 		exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete keys
+ 		if ($data['old']['dnssec_initialized'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete keys
 
 		//* Reload bind nameserver
 		$app->services->restartServiceDelayed('bind', 'reload');
@@ -333,7 +335,7 @@ function write_named_conf($data, $dns_config) {
 		global $app, $conf;
 
 		//* Only write the master file for the current server
-		$tmps = $app->db->queryAllRecords("SELECT origin, xfer, also_notify, update_acl FROM dns_soa WHERE active = 'Y' AND server_id=?", $conf["server_id"]);
+		$tmps = $app->db->queryAllRecords("SELECT origin, xfer, also_notify, update_acl, dnssec_initialized FROM dns_soa WHERE active = 'Y' AND server_id=?", $conf["server_id"]);
 		$zones = array();
 
 		//* Check if the current zone that triggered this function has at least one NS record
@@ -352,7 +354,8 @@ function write_named_conf($data, $dns_config) {
 		//* Loop trough zones
 		foreach($tmps as $tmp) {
 
-			$zone_file = $pri_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1)).'.signed'; //.signed is for DNSSEC-Implementation
+			$zone_file = $pri_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1));
+			if ($tmp['dnssec_initialized'] == 'Y') $zone_file .= '.signed' //.signed is for DNSSEC-Implementation
 
 			$options = '';
 			if(trim($tmp['xfer']) != '') {