Missing files

Author: A. Täffner

install/tpl/config.sh.master

@@ -0,0 +1,19 @@
+#!/bin/bash
+#mysql
+dbase={mysql_server_database}
+dbhost={mysql_server_ip}
+dbuser={mysql_server_ispconfig_user}
+dbpass={mysql_server_ispconfig_password}
+
+bindpath=/etc/bind
+backuppath=$bindpath/backup
+curpath=`pwd`
+if [ -f /etc/gentoo-release ] ; then
+filespre="pri/"
+else
+filespre="pri."
+fi
+timenow=`/bin/date +"%Y%m%d-%H%M%S"`
+
+namedconf="$bindpath/named.conf.local"
+md5namedconf="$bindpath/named.conf.local.md5"

install/tpl/dnssec-autocreate.sh.master

@@ -0,0 +1,15 @@
+#!/bin/bash
+source {dnssec_conffile}
+
+mysqlcheck=`mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; show tables;" | wc -c`
+if [ "$mysqlcheck" = 0 ];then
+ echo "could not connect to database"
+ exit 0
+fi
+
+mysqlcheck=`mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; select origin from dns_soa where active='Y' and dnssec_initialized='N';" | awk {' print $1 '}`
+for ACTIVE in $mysqlcheck; do
+	/usr/local/ispconfig/server/scripts/dnssec/dnssec-create.sh ${ACTIVE::-1}
+done
+
+cd $curpath

install/tpl/dnssec-autopickup.sh.master

@@ -0,0 +1,49 @@
+#!/bin/bash
+source {dnssec_conffile}
+
+mysqlcheck=`mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; show tables;" | wc -c`
+if [ "$mysqlcheck" = 0 ];then
+ echo "could not connect to database"
+ exit 0
+fi
+
+mysqlcheck=`mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; select origin from dns_soa where active='Y' and dnssec_initialized='Y';"`
+for origindomain in $mysqlcheck; do
+	domain=${origindomain::-1}
+	dnssechelp=`head -1 $bindpath/dsset-$domain.`
+	dnssecid=`echo $dnssechelp | awk {' print $4 '}`
+	dnssecalg=`echo $dnssechelp | awk {' print $5 '}`
+	dnssecdt=`echo $dnssechelp | awk {' print $6 '}`
+	dnssecd=`echo $dnssechelp | awk {' print $7 '}`
+	echo "DS Record 1:">/tmp/.dnssec-autopick
+	echo "Key Tag/ID: $dnssecid">>/tmp/.dnssec-autopick
+	echo "Algorithm: $dnssecalg">>/tmp/.dnssec-autopick
+	echo "Digest/HASH Type: $dnssecdt">>/tmp/.dnssec-autopick
+	echo "Digest/HASH: $dnssecd">>/tmp/.dnssec-autopick
+
+	dns2sechelp=`tail -n 1 $bindpath/dsset-$domain.`
+	dns2secid=`echo $dns2sechelp | awk {' print $4 '}`
+	dns2secalg=`echo $dns2sechelp | awk {' print $5 '}`
+	dns2secdt=`echo $dns2sechelp | awk {' print $6 '}`
+	dns2secd=`echo $dns2sechelp | awk {' print $7""$8 '}`
+	echo "">>/tmp/.dnssec-autopick
+	echo "DS Record 2:">>/tmp/.dnssec-autopick
+	echo "Key Tag/ID: $dns2secid">>/tmp/.dnssec-autopick
+	echo "Algorithm: $dns2secalg">>/tmp/.dnssec-autopick
+	echo "Digest/HASH Type: $dns2secdt">>/tmp/.dnssec-autopick
+	echo "Digest/HASH: $dns2secd">>/tmp/.dnssec-autopick
+	
+	echo "">>/tmp/.dnssec-autopick
+	echo "In DS-Record format:">>/tmp/.dnssec-autopick
+	cat $bindpath/dsset-$domain.>>/tmp/.dnssec-autopick
+	
+	echo "">>/tmp/.dnssec-autopick
+	echo "DNSKEY-Records:">>/tmp/.dnssec-autopick
+	cat $bindpath/K$domain.+*.key>>/tmp/.dnssec-autopick
+
+	mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; UPDATE dns_soa SET dnssec_info='`cat /tmp/.dnssec-autopick`', dnssec_initialized='Y' WHERE origin='$domain.'"
+	rm /tmp/.dnssec-autopick
+done
+
+echo "I'm done!"
+exit 0

install/tpl/dnssec-autoupdate.sh.master

@@ -0,0 +1,22 @@
+#!/bin/bash
+source {dnssec_conffile}
+
+if [ ! -d $backuppath ]; then mkdir -p $backuppath; fi
+#connect to database
+mysqlcheck=`mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; show tables;" | wc -c`
+if [ "$mysqlcheck" = 0 ];then
+ echo "could not connect to database"
+ exit 0
+fi
+
+
+mysqlcheck=`mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; select origin from dns_soa where active='Y' and dnssec_initialized='Y';" | awk {' print $1 '}`
+for ACTIVE in $mysqlcheck; do
+	/usr/local/ispconfig/server/scripts/dnssec/dnssec-update.sh ${ACTIVE::-1}
+done
+  
+done
+
+echo "I'm done - You might want to reload bind now"
+
+exit

install/tpl/dnssec-config.sh.master

@@ -0,0 +1,19 @@
+#!/bin/bash
+#mysql
+dbase={mysql_server_ispconfig_database}
+dbhost={mysql_server_ip}
+dbuser={mysql_server_ispconfig_user}
+dbpass={mysql_server_ispconfig_password}
+
+bindpath=/etc/bind
+backuppath=$bindpath/backup
+curpath=`pwd`
+if [ -f /etc/gentoo-release ] ; then
+filespre="pri/"
+else
+filespre="pri."
+fi
+timenow=`/bin/date +"%Y%m%d-%H%M%S"`
+
+namedconf="$bindpath/named.conf.local"
+md5namedconf="$bindpath/named.conf.local.md5"

install/tpl/dnssec-create.sh.master

@@ -0,0 +1,74 @@
+#!/bin/bash
+source {dnssec_conffile}
+domain="${1::-1}"
+
+mysqlcheck=`mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; show tables;" | wc -c`
+if [ "$mysqlcheck" = 0 ];then
+ echo "$0 could not connect to database"
+ exit 0
+fi
+mysqlcheck=`mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; select * from dns_soa where dnssec_initialized='Y' and origin='$domain.';" | wc -c`
+if [ "$mysqlcheck" -gt 1 ];then
+ echo "$domain seems to be initialized. If that is wrong correct dnssec_initialized in dns_soa table"
+fi
+cd $bindpath
+
+if [ ! $domain = "" ];then
+ if [ ! -f $filespre$domain ]; then
+  echo "$domain zone file ($filespre$domain) does not exist"
+  exit 0
+ else
+ if [ -f dsset-$domain. ];then
+  echo "dnssec keys for $domain already exists!"
+  exit 0
+ else
+  echo "Creating keys for $domain"
+  dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE $domain
+  dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE $domain
+  for key in `ls K$domain*.key`; do
+   echo "\$INCLUDE $bindpath/$key">> $filespre$domain
+  done
+  dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o $domain -t $filespre$domain
+ fi
+fi
+serial=`cat $bindpath/$filespre$domain |grep "serial," |awk {' print $domain '}`
+echo ""
+dnssechelp=`head -1 $bindpath/dsset-$domain.`
+dnssecid=`echo $dnssechelp | awk {' print $4 '}`
+dnssecalg=`echo $dnssechelp | awk {' print $5 '}`
+dnssecdt=`echo $dnssechelp | awk {' print $6 '}`
+dnssecd=`echo $dnssechelp | awk {' print $7 '}`
+echo "DS Record 1:">/tmp/.dnssec-$domain
+echo "Key Tag/ID: $dnssecid">>/tmp/.dnssec-$domain
+echo "Algorithm: $dnssecalg">>/tmp/.dnssec-$domain
+echo "Digest/HASH Type: $dnssecdt">>/tmp/.dnssec-$domain
+echo "Digest/HASH: $dnssecd">>/tmp/.dnssec-$domain
+
+dns2sechelp=`tail -n 1 $bindpath/dsset-$domain.`
+dns2secid=`echo $dns2sechelp | awk {' print $4 '}`
+dns2secalg=`echo $dns2sechelp | awk {' print $5 '}`
+dns2secdt=`echo $dns2sechelp | awk {' print $6 '}`
+dns2secd=`echo $dns2sechelp | awk {' print $7""$8 '}`
+echo "">>/tmp/.dnssec-$domain
+echo "DS Record 2:">>/tmp/.dnssec-$domain
+echo "Key Tag/ID: $dns2secid">>/tmp/.dnssec-$domain
+echo "Algorithm: $dns2secalg">>/tmp/.dnssec-$domain
+echo "Digest/HASH Type: $dns2secdt">>/tmp/.dnssec-$domain
+echo "Digest/HASH: $dns2secd">>/tmp/.dnssec-$domain
+	
+echo "">>/tmp/.dnssec-$domain
+echo "In DS-Record format:">>/tmp/.dnssec-$domain
+cat $bindpath/dsset-$domain.>>/tmp/.dnssec-$domain
+
+echo "">>/tmp/.dnssec-$domain
+echo "DNSKEY-Records:">>/tmp/.dnssec-$domain
+cat $bindpath/K$domain.+*.key>>/tmp/.dnssec-$domain
+
+#mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; insert into dnssec_domains set domain='$domain', active='1', serial='$serial', ds1id='$dnssecid', ds1alg='$dnssecalg', ds1htype='$dnssecdt', ds1hash='$dnssecd', ds2id='$dns2secid', ds2alg='$dns2secalg', ds2htype='$dns2secdt', ds2hash='$dns2secd', created=now() ; UPDATE dns_soa SET dnssec_initialized='Y' WHERE origin='$domain.'"
+mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; UPDATE dns_soa SET dnssec_info='`cat /tmp/.dnssec-$domain`', dnssec_initialized='Y' WHERE origin='$domain.'"
+rm /tmp/.dnssec-$domain
+
+else
+ echo "usage: dnssec-create.sh <domain.tld>"
+fi
+cd $curpath

install/tpl/dnssec-delete.sh.master

@@ -0,0 +1,25 @@
+#!/bin/bash
+source {dnssec_conffile}
+pardomain="${1::-1}"
+
+echo "$1 $2 $3 $4 domain: $domain" > /tmp/.last-call-to-dnssec-update
+
+if [ -z "$1" ];then
+	echo "No domain given"
+	exit 1
+fi
+
+#connect to database
+mysqlcheck=`mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; show tables;" | wc -c`
+if [ "$mysqlcheck" = 0 ];then
+ echo "could not connect to database"
+ exit 0
+fi
+
+rm $bindpath/K$pardomain.+*.key
+rm "$bindpath/$filespre$pardomain.signed"
+rm "$bindpath/dsset-$pardomain."
+
+echo "DNSSEC Keys and zonefile for $pardomain deleted"
+
+exit 0

install/tpl/dnssec-update.sh.master

@@ -0,0 +1,40 @@
+#!/bin/bash
+source {dnssec_conffile}
+pardomain="${1::-1}"
+
+echo "$0 $1 $2 $3 $4 results in domain: $pardomain" > /tmp/.last-call-to-dnssec-update
+
+
+
+if [ ! -d $backuppath ]; then mkdir -p $backuppath; fi
+#connect to database for testing
+mysqlcheck=`mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; show tables;" | wc -c`
+if [ "$mysqlcheck" = 0 ];then
+ echo "$0 could not connect to database"
+ cd $curdir
+ exit 0
+fi
+
+mysqlcheck=`mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; select id,serial from dns_soa where active='Y' and origin='$pardomain.';" | awk {' print $1":"$2 '}`
+  echo $mysqlcheck
+  zoneid=`echo $mysqlcheck | sed 's/:/ /g' | awk {' print $1 '}`
+  domain=$pardomain
+  serial=`echo $mysqlcheck | sed 's/:/ /g' | awk {' print $2 '}`
+  fserial=`/usr/sbin/named-checkzone $domain $bindpath/$filespre$domain | egrep -ho '[0-9]{10}'`
+     includecheck=`cat $bindpath/$filespre$domain |grep "INCLUDE" |wc -l`
+      if [ ! $includecheck = 2 ] ;then
+	   echo "">> $bindpath/pri.$domain
+       for key in `ls $bindpath/K$pardomain.+*.key`; do
+		echo "Including $key..."
+       echo "\$INCLUDE $key">> $bindpath/pri.$domain
+       done
+	  else
+		echo "Includes are there. Why ever..."
+      fi
+
+    /usr/sbin/dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o $domain -t $filespre$domain
+    mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; update dns_soa set serial='$fserial' where origin='$domain.'; update dns_rr set serial='$fserial' WHERE zone=$zoneid"
+
+echo "DNSSEC for $pardomain has been configured"
+cd $curdir
+exit 0