Fixed cron to update serial and not sign directly. This now issues a job for the cron server which will then generate the zone and sign it.

A. Täffner · A. Täffner · commit ad1eea8a1a1c · 2016-04-07T10:14:47.000+02:00
cleaner solution AND fixes a possible replication (zone-transfer) issue.
diff --git a/server/lib/classes/cron.d/550-bind_dnssec.inc.php b/server/lib/classes/cron.d/550-bind_dnssec.inc.php
@@ -34,7 +34,29 @@
 class cronjob_bind_dnssec extends cronjob {
 
 	// job schedule
-	protected $_schedule = '30 3 * * *'; //daily at 3:30 a.m.
+	//protected $_schedule = '30 3 * * *'; //daily at 3:30 a.m.
+	protected $_schedule = '* * * * *'; //temp 4 test
+	
+	private function increase_serial($serial){
+		global $app, $conf;
+
+		// increase serial
+		$serial_date = $app->functions->intval(substr($serial, 0, 8));
+		$count = $app->functions->intval(substr($serial, 8, 2));
+		$current_date = date("Ymd");
+		if($serial_date >= $current_date){
+			$count += 1;
+			if ($count > 99) {
+				$serial_date += 1;
+				$count = 0;
+			}
+			$count = str_pad($count, 2, "0", STR_PAD_LEFT);
+			$new_serial = $serial_date.$count;
+		} else {
+			$new_serial = $current_date.'01';
+		}
+		return $new_serial;
+	}
 
 	public function onRunJob() {
 		global $app, $conf;
@@ -54,36 +76,13 @@ public function onRunJob() {
 			$domain = substr($data['origin'], 0, strlen($data['origin'])-1);
 			if (!file_exists($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain)) return false;
 			
-			$app->log('DNSSEC Auto-Resign: Resigning zone '.$domain, LOGLEVEL_INFO);
-			
-			$zonefile = file_get_contents($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain);
-			$keycount=0;
-			foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) {
-				$includeline = '$INCLUDE '.basename($keyfile);
-				if (!preg_match('@'.preg_quote($includeline).'@', $zonefile)) $zonefile .= "\n".$includeline."\n";
-				$keycount++;
-			}
-			if ($keycount != 2) $app->log('DNSSEC Warning: There are more or less than 2 keyfiles for zone '.$domain, LOGLEVEL_WARN);
-			file_put_contents($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain, $zonefile);
-			
-			//Sign the zone and set it valid for max. 16 days
-			exec('cd '.escapeshellcmd($dns_config['bind_zonefiles_dir']).';'.
-				 '/usr/sbin/dnssec-signzone -A -e +1382400 -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o '.escapeshellcmd($domain).' -t '.$filespre.escapeshellcmd($domain));
-				 
-			//Write Data back into DB
-			$dnssecdata = "DS-Records:\n".file_get_contents($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.');
-			$dnssecdata .= "\n------------------------------------\n\nDNSKEY-Records:\n";
-			foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) {
-				$dnssecdata .= file_get_contents($keyfile)."\n\n";
-			}
-			
-			$app->db->query('UPDATE dns_soa SET dnssec_info=\''.$dnssecdata.'\', dnssec_initialized=\'Y\', dnssec_last_signed=\''.time().'\' WHERE id='.$data['id']);
-			$data = next($soas);
+			$app->log('DNSSEC Auto-Resign: Touching zone '.$domain, LOGLEVEL_INFO);
+			$app->db->datalogUpdate('dns_soa', array("serial" => $this->increase_serial($data['serial'])), 'id', $data['id']);
 		}
 		
 		parent::onRunJob();
 	}
 
 }
 
-?>
+?>
