|
@@ -27,11 +27,14 @@
|
|
|
#
|
|
|
######################################################
|
|
|
|
|
|
+SELF="$(basename ${0})"
|
|
|
+
|
|
|
######################################################
|
|
|
# START OF CONFIG #
|
|
|
######################################################
|
|
|
# SET YOU SYSTEM SPECIFIC DATA (which systemctl e.g) #
|
|
|
|
|
|
+NAMEDZONES="/etc/bind/named.conf.local"
|
|
|
ZONESDIR="/etc/bind/zones"
|
|
|
CHECKZONE=/usr/sbin/named-checkzone
|
|
|
CHECKCONF=/usr/sbin/named-checkconf
|
|
@@ -39,31 +42,47 @@ KEYGEN=/usr/sbin/dnssec-keygen
|
|
|
SIGNZONE=/usr/sbin/dnssec-signzone
|
|
|
SYSCTL=/bin/systemctl
|
|
|
DNSSERVICE="bind9.service"
|
|
|
+LOGGER=/usr/bin/logger
|
|
|
+LOGGERFLAGN="-t $(whoami) -p daemon.info"
|
|
|
+LOGGERFLAGE="-t $(whoami) -p daemon.err"
|
|
|
|
|
|
######################################################
|
|
|
# END OF CONFIG #
|
|
|
######################################################
|
|
|
|
|
|
-# Collect arguments
|
|
|
-ZONES="${*}"
|
|
|
-IFS=' ', read -r -a ZONES <<< "${ZONES}"
|
|
|
+function error_msg {
|
|
|
+ FOR=${1}
|
|
|
+ ERRMSG="${2}"
|
|
|
+ echo -e "\e[31m[${SELF}:\e[1m${FOR}\e[21m]:\e[0m ${ERRMSG}"
|
|
|
+ ${LOGGER} ${LOGGERFLAGE} "[${SELF}:${FOR}]: ${ERRMSG}"
|
|
|
+}
|
|
|
+
|
|
|
+function note_msg {
|
|
|
+ FOR=${1}
|
|
|
+ NOTEMSG="${2}"
|
|
|
+ echo -e "\e[32m[${SELF}:\e[1m${FOR}\e[21m]:\e[0m ${NOTEMSG}"
|
|
|
+ ${LOGGER} ${LOGGERFLAGN} "[${SELF}:${FOR}]: ${NOTEMSG}"
|
|
|
+}
|
|
|
|
|
|
# Generating keys for zone
|
|
|
# Note, this doesnt check if they exists!
|
|
|
function genkeys {
|
|
|
ZONE=${1}
|
|
|
- echo "* Generating missing keys for ZONE ${ZONE}"
|
|
|
+ note_msg "${ZONE}" "Generating missing ZSK and KSK"
|
|
|
|
|
|
${KEYGEN} -a NSEC3RSASHA1 -b 2048 -n ZONE "${ZONE}"
|
|
|
if [ $? -ne 0 ]; then
|
|
|
+ error_msg "${ZONE}" "Failed to generate Zone Signing Key (ZSK)"
|
|
|
return 1
|
|
|
fi
|
|
|
|
|
|
${KEYGEN} -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE "${ZONE}"
|
|
|
if [ $? -ne 0 ]; then
|
|
|
+ error_msg "${ZONE}" "Failed to generate Key Signing Key (KSK)"
|
|
|
return 1
|
|
|
fi
|
|
|
-
|
|
|
+
|
|
|
+ note_msg "${ZONE}" "ZSK and KSK generated"
|
|
|
return 0
|
|
|
}
|
|
|
|
|
@@ -71,10 +90,10 @@ function genkeys {
|
|
|
# The actual signing process.
|
|
|
function sign {
|
|
|
ZONE="${1}"
|
|
|
- echo " * Signing ZONE ${ZONE}"
|
|
|
+ note_msg "${ZONE}" "Signing ZONE"
|
|
|
|
|
|
if ! [ -d "${2}" ]; then
|
|
|
- echo "! Error, path ${2} doesnt exist, abort."
|
|
|
+ error_msg "${ZONE}" "Path ${2} doesnt exist"
|
|
|
return 1
|
|
|
fi
|
|
|
|
|
@@ -84,7 +103,7 @@ function sign {
|
|
|
F="db"
|
|
|
|
|
|
if ! [ -w "${F}" ]; then
|
|
|
- echo "! Missing $(pwd)/${F}, abort."
|
|
|
+ error_msg "${ZONE}" "Missing $(pwd)/${F}"
|
|
|
return 1
|
|
|
fi
|
|
|
|
|
@@ -106,7 +125,6 @@ function sign {
|
|
|
|
|
|
genkeys "${ZONE}"
|
|
|
if [ $? -ne 0 ]; then
|
|
|
- echo "! Error generating keys, abort."
|
|
|
return 1
|
|
|
fi
|
|
|
|
|
@@ -123,16 +141,17 @@ function sign {
|
|
|
${SIGNZONE} -A -3 "${SALT}" -N increment -f "${ZONEF}" -o "${ZONE}" -t "${ZONEINCF}"
|
|
|
|
|
|
if [ $? -ne 0 ]; then
|
|
|
- echo "! Error signing zone ${ZONE}, abort."
|
|
|
+ error_msg "${ZONE}" "Error signing zone"
|
|
|
return 2
|
|
|
fi
|
|
|
|
|
|
- echo "* Checking configuration: "
|
|
|
+ note_msg "${ZONE}" "Checking zone-file"
|
|
|
${CHECKZONE} "${ZONE}" "${ZONEF}"
|
|
|
if [ $? -ne 0 ]; then
|
|
|
- echo "! Error in configuration for ${ZONE} => ${SONEF}."
|
|
|
+ error_msg "${ZONE}" "Error zone-file'${SONEF}'"
|
|
|
return 2
|
|
|
fi
|
|
|
+ note_msg "${ZONE}" "Signing successul!"
|
|
|
return 0
|
|
|
}
|
|
|
|
|
@@ -148,23 +167,51 @@ function signzone {
|
|
|
return ${RET}
|
|
|
}
|
|
|
|
|
|
-ERR=0
|
|
|
-for ZONE in "${ZONES[@]}"; do
|
|
|
- signzone "${ZONE}"
|
|
|
- if [ $? -eq 2 ]; then
|
|
|
- # To prevent restarting dns if failure
|
|
|
- ERR=1
|
|
|
- fi
|
|
|
-done;
|
|
|
|
|
|
-if [ ${ERR} -eq 0 ]; then
|
|
|
- ${CHECKCONF}
|
|
|
- if [ $? -ne 0 ]; then
|
|
|
- echo "! Error in configruation, not reloading Bind"
|
|
|
+if [[ ${EUID} -ne 0 ]]; then
|
|
|
+ error_msg "${USER}" "Must execute file as root."
|
|
|
+ exit 1
|
|
|
+fi
|
|
|
+
|
|
|
+# Collect arguments (zones)
|
|
|
+ZONES="${*}"
|
|
|
+IFS=' ', read -r -a ZONES <<< "${ZONES}"
|
|
|
+
|
|
|
+if [ ${#ZONES[@]} -ne 0 ]; then
|
|
|
+ ERR=0
|
|
|
+ for ZONE in "${ZONES[@]}"; do
|
|
|
+ signzone "${ZONE}"
|
|
|
+ if [ $? -eq 2 ]; then
|
|
|
+ # To prevent restarting dns if failure
|
|
|
+ ERR=1
|
|
|
+ fi
|
|
|
+ done;
|
|
|
+
|
|
|
+ if [ ${ERR} -eq 0 ]; then
|
|
|
+ ${CHECKCONF}
|
|
|
+ if [ $? -ne 0 ]; then
|
|
|
+ error_msg "${CHECKCONF}" "Error in configruation, not reloading"
|
|
|
+ else
|
|
|
+ note_msg "${SYSCTL}" "Restarting ${DNSSERVICE}"
|
|
|
+ ${SYSCTL} restart "${DNSSERVICE}"
|
|
|
+ fi
|
|
|
else
|
|
|
- echo "* Restarting ${DNSSERVICE}"
|
|
|
- ${SYSCTL} restart "${DNSSERVICE}"
|
|
|
+ error_msg "${DNSSERVICE}" "Errors in configuration(s) for zone(s), not restarting."
|
|
|
fi
|
|
|
else
|
|
|
- echo "Errors in some configurations, not restarting bind."
|
|
|
+ note_msg "${ZONESDIR}" "Finding zones to sign corresponding to ${NAMEDZONES}"
|
|
|
+ CWD=$(pwd)
|
|
|
+ cd "${ZONESDIR}"
|
|
|
+ NAMED=$(cat $NAMEDZONES)
|
|
|
+ for ZONE in $(ls -d */); do
|
|
|
+ ACTIVE=$(cat $NAMEDZONES | grep "\"$(basename ${ZONE})\"" | tr -d '[:space:]')
|
|
|
+ if [[ "${ACTIVE}" == zone* ]]; then
|
|
|
+ ZONES[${#ZONES[@]}]=$(basename ${ZONE})
|
|
|
+ fi
|
|
|
+ done
|
|
|
+ cd ${CWD}
|
|
|
+ note_msg "" "Found ${#ZONES[@]} zone(s) active"
|
|
|
+ if [ "${#ZONES[@]}" -ne 0 ]; then
|
|
|
+ ${SELF} "${ZONES[@]}"
|
|
|
+ fi
|
|
|
fi
|