import previous work (not working completely yet)

A. Täffner · A. Täffner · commit 6a25accffe0c · 2016-01-22T19:11:31.000+01:00
diff --git a/TODO.txt b/TODO.txt
@@ -13,6 +13,10 @@ Installer
 --------------------------------------
 
 - Add a function to let a server join a existing installation.
+Change named.options.conf and add follwoing lines into options-brackets for DNSSEC-Implementation:
+		dnssec-enable yes;
+		dnssec-validation yes;
+		dnssec-lookaside auto;
 
 Uninstaller
 --------------------------------------
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
@@ -1469,6 +1469,27 @@ public function configure_powerdns() {
 
 
 	}
+	
+	//** writes bind configuration files
+	public function process_bind_file($configfile, $target='/', $absolute=false) {
+		global $conf;
+
+		if ($absolute) $full_file_name = $target.$configfile;
+		else $full_file_name = $conf['ispconfig_install_dir'].$target.$configfile;
+		
+		//* Backup exiting file
+		if(is_file($full_file_name)) {
+			copy($full_file_name, $config_dir.$configfile.'~');
+		}
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
+		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
+		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
+		$content = str_replace('{mysql_server_ispconfig_database}', $conf['mysql']['database'], $content);
+		$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
+		$content = str_replace('{ispconfig_install_dir}', $conf['ispconfig_install_dir'], $content);
+		$content = str_replace('{dnssec_conffile}', $conf['ispconfig_install_dir'].'/server/scripts/dnssec-config.sh', $content);
+		wf($full_file_name, $content);
+	}
 
 	public function configure_bind() {
 		global $conf;
@@ -1487,6 +1508,15 @@ public function configure_bind() {
 		chown($content, $conf['bind']['bind_user']);
 		chgrp($content, $conf['bind']['bind_group']);
 		chmod($content, 2770);
+		
+		//* Install scripts for dnssec implementation
+		$this->process_bind_file('dnssec-update.sh', '/server/scripts/');
+		$this->process_bind_file('dnssec-create.sh', '/server/scripts/');
+		$this->process_bind_file('dnssec-delete.sh', '/server/scripts/');
+		$this->process_bind_file('dnssec-autoupdate.sh', '/server/scripts/');
+		$this->process_bind_file('dnssec-autopickup.sh', '/server/scripts/');
+		$this->process_bind_file('dnssec-autocreate.sh', '/server/scripts/');
+		$this->process_bind_file('dnssec-config.sh', '/server/scripts/');
 
 	}
 
diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql
@@ -203,3 +203,11 @@ CREATE TABLE `ftp_traffic` (
 
 ALTER TABLE `mail_forwarding` ADD COLUMN `allow_send_as` ENUM('n','y') NOT NULL DEFAULT 'n' AFTER `active`;
 UPDATE `mail_forwarding` SET `allow_send_as` = 'y' WHERE `type` = 'alias';
+
+--- DNSSEC-Implementation by dark alex
+--- TODO: Review and resolve conflicts if more has been done in that column
+ALTER TABLE `dns_rr` CHANGE COLUMN `type` `type` ENUM('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') NULL DEFAULT NULL AFTER `name`;
+
+ALTER TABLE `dns_soa`
+	ADD COLUMN `dnssec_initialized` ENUM('Y','N') NOT NULL DEFAULT 'N',
+	ADD COLUMN `dnssec_info` TEXT NULL;
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
@@ -478,7 +478,7 @@ CREATE TABLE `dns_rr` (
   `server_id` int(11) NOT NULL default '1',
   `zone` int(11) unsigned NOT NULL DEFAULT '0',
   `name` varchar(255) NOT NULL DEFAULT '',
-  `type` enum('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT') default NULL,
+  `type` enum('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') default NULL,
   `data` TEXT NOT NULL DEFAULT '',
   `aux` int(11) unsigned NOT NULL default '0',
   `ttl` int(11) unsigned NOT NULL default '3600',
@@ -539,6 +539,8 @@ CREATE TABLE `dns_soa` (
   `xfer` varchar(255) NOT NULL DEFAULT '',
   `also_notify` varchar(255) default NULL,
   `update_acl` varchar(255) default NULL,
+  `dnssec_initialized` ENUM('Y','N') NOT NULL DEFAULT 'N',
+  `dnssec_info` TEXT NULL,
   PRIMARY KEY  (`id`),
   UNIQUE KEY `origin` (`origin`),
   KEY `active` (`active`)
diff --git a/interface/web/dns/form/dns_soa.tform.php b/interface/web/dns/form/dns_soa.tform.php
@@ -264,6 +264,14 @@
 			'default' => 'Y',
 			'value'  => array(0 => 'N', 1 => 'Y')
 		),
+ 		'dnssec_info' => array (
+ 			'datatype' => 'TEXT',
+ 			'formtype' => 'TEXTAREA',
+ 			'default' => '',
+ 			'value'  => '',
+ 			'width'  => '30',
+ 			'maxlength' => '10000'
+ 		),
 		//#################################
 		// ENDE Datatable fields
 		//#################################
diff --git a/interface/web/dns/lib/lang/de_dns_soa.lng b/interface/web/dns/lib/lang/de_dns_soa.lng
@@ -11,6 +11,7 @@ $wb['minimum_txt'] = 'Minimum';
 $wb['ttl_txt'] = 'TTL';
 $wb['xfer_txt'] = 'Zonentransfer zu diesen IP Adressen erlauben (mit Komma getrennte Liste)';
 $wb['active_txt'] = 'Aktiv';
+$wb['dnssec_info_txt'] = 'DNSSEC DS-Daten für Registry';
 $wb['limit_dns_zone_txt'] = 'Die maximale Anzahl an DNS Einträgen für Ihr Konto wurde erreicht.';
 $wb['client_txt'] = 'Kunde';
 $wb['no_zone_perm'] = 'Sie haben nicht die Berechtigung, einen Eintrag zu dieser DNS Zone hinzuzufügen.';
diff --git a/interface/web/dns/lib/lang/en_dns_soa.lng b/interface/web/dns/lib/lang/en_dns_soa.lng
@@ -11,6 +11,7 @@ $wb["minimum_txt"] = 'Minimum';
 $wb["ttl_txt"] = 'TTL';
 $wb["xfer_txt"] = 'Allow zone transfers to <br />these IPs (comma separated list)';
 $wb["active_txt"] = 'Active';
+$wb['dnssec_info_txt'] = 'DNSSEC DS-Data for registry';
 $wb["limit_dns_zone_txt"] = 'The max. number of DNS zones for your account is reached.';
 $wb["client_txt"] = 'Client';
 $wb["no_zone_perm"] = 'You do not have the permission to add a record to this DNS zone.';
diff --git a/interface/web/dns/lib/remote.conf.php b/interface/web/dns/lib/remote.conf.php
@@ -7,6 +7,7 @@
 $function_list['dns_cname_get,dns_cname_add,dns_cname_update,dns_cname_delete'] = 'DNS cname functions';
 $function_list['dns_hinfo_get,dns_hinfo_add,dns_hinfo_update,dns_hinfo_delete'] = 'DNS hinfo functions';
 $function_list['dns_mx_get,dns_mx_add,dns_mx_update,dns_mx_delete'] = 'DNS mx functions';
+$function_list['dns_tlsa_get,dns_tlsa_add,dns_tlsa_update,dns_tlsa_delete'] = 'DNS tlsa functions';
 $function_list['dns_ns_get,dns_ns_add,dns_ns_update,dns_ns_delete'] = 'DNS ns functions';
 $function_list['dns_ptr_get,dns_ptr_add,dns_ptr_update,dns_ptr_delete'] = 'DNS ptr functions';
 $function_list['dns_rp_get,dns_rp_add,dns_rp_update,dns_rp_delete'] = 'DNS rp functions';
diff --git a/interface/web/dns/list/dns_a.list.php b/interface/web/dns/list/dns_a.list.php
@@ -132,7 +132,7 @@
 	'prefix' => "",
 	'suffix' => "",
 	'width'  => "",
-	'value'  => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CNAME'=>'CNAME', 'HINFO'=>'HINFO', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SPF'=>'SPF', 'SRV'=>'SRV', 'TXT'=>'TXT'));
+	'value'  => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CNAME'=>'CNAME', 'HINFO'=>'HINFO', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SPF'=>'SPF', 'SRV'=>'SRV', 'TLSA'=>'TLSA', 'TXT'=>'TXT'));
 
 
 ?>
diff --git a/interface/web/dns/templates/dns_a_list.htm b/interface/web/dns/templates/dns_a_list.htm
@@ -30,6 +30,7 @@
             <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_rp_edit.php?zone={tmpl_var name='parent_id'}">RP</button>
             <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_spf_edit.php?zone={tmpl_var name='parent_id'}">SPF</button>
             <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_srv_edit.php?zone={tmpl_var name='parent_id'}">SRV</button>
+			<button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_tlsa_edit.php?zone={tmpl_var name='parent_id'}">TLSA</button>
             <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_txt_edit.php?zone={tmpl_var name='parent_id'}">TXT</button>
         </div>
     
diff --git a/server/conf/bind_pri.domain.master b/server/conf/bind_pri.domain.master
@@ -41,6 +41,9 @@ $TTL        {tmpl_var name='ttl'}
 <tmpl_if name="type" op='==' value='SRV'>
 {tmpl_var name='name'} {tmpl_var name='ttl'}      SRV        {tmpl_var name='aux'} {tmpl_var name='data'}
 </tmpl_if>
+<tmpl_if name="type" op='==' value='TLSA'>
+{tmpl_var name='name'} {tmpl_var name='ttl'}      TLSA       {tmpl_var name='data'}
+</tmpl_if>
 <tmpl_if name="type" op='==' value='TXT'>
 {tmpl_var name='name'} {tmpl_var name='ttl'}      TXT        "{tmpl_var name='data'}"
 </tmpl_if>
diff --git a/server/plugins-available/bind_plugin.inc.php b/server/plugins-available/bind_plugin.inc.php
@@ -163,7 +163,14 @@ function soa_update($event_name, $data) {
 
 			if(is_file($filename)) unlink($filename);
 			if(is_file($filename.'.err')) unlink($filename.'.err');
-		}
+ 			
+ 			//* DNSSEC-Implementation
+ 			if (strlen($data['old']['origin']) > 3) exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete old keys
+ 			exec('/usr/local/ispconfig/server/scripts/dnssec-create.sh '.$data['new']['origin']); //Create new keys for new origin
+ 		}
+ 		
+ 		//* DNSSEC-Implementation
+ 		exec('/usr/local/ispconfig/server/scripts/dnssec-update.sh '.$data['new']['origin']);
 
 		//* Restart bind nameserver if update_acl is not empty, otherwise reload it
 		if($data['new']['update_acl'] != '') {
@@ -197,6 +204,9 @@ function soa_delete($event_name, $data) {
 		if(is_file($zone_file_name.'.err')) unlink($zone_file_name.'.err');
 		$app->log("Deleting BIND domain file: ".$zone_file_name, LOGLEVEL_DEBUG);
 
+ 		//* DNSSEC-Implementation
+ 		exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete keys
+ 		
 		//* Reload bind nameserver
 		$app->services->restartServiceDelayed('bind', 'reload');
 
@@ -342,7 +352,7 @@ function write_named_conf($data, $dns_config) {
 		//* Loop trough zones
 		foreach($tmps as $tmp) {
 
-			$zone_file = $pri_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1));
+			$zone_file = $pri_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1)).'.signed'; //.signed is for DNSSEC-Implementation
 
 			$options = '';
 			if(trim($tmp['xfer']) != '') {
