--- a/update-zone Thu Dec 02 16:46:17 2010 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,298 +0,0 @@
-#! /usr/bin/perl
-# (c) 1998 Heiko Schlittermann <heiko@datom.de>
-#
-# … work in progress do integrate dnssec (branch suess)
-#
-# Update the serial numbers in zone files
-# The serial number needs to match a specified pattern (see
-# the line marked w/ PATTERN.
-#
-# ToDo:
-# . test against an md5 sum, not just the date of the stamp file
-# . FIXME: handle `/' in file names (currently only working in
-# the current directory)
-# . optionally reload the named
-
-use strict;
-use warnings;
-
-use File::Basename;
-use File::Copy;
-use FindBin;
-
-my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
-my @dnssec_killkeys
- = ( "$FindBin::Bin/dnssec-killkey", "/usr/bin/dnstools/dnssec-killkey" );
-my $dnssec_killkey;
-my @dnssec_creatkeys
- = ( "$FindBin::Bin/dnssec-creatkey", "/usr/bin/dnstools/dnssec-creatkey" );
-my $dnssec_creatkey;
-my @dnssec_signs
- = ( "$FindBin::Bin/dnssec-sign", "/usr/bin/dnstools/dnssec-sign" );
-my %config;
-my $dnssec_sign;
-my @change_names = ();
-
-foreach ( grep {-f} @configs ) {
- open( CONFIG, $_ ) or die "Can't open $_: $!\n";
-}
-
-unless ( seek( CONFIG, 0, 0 ) ) {
- die "Can't open config (searched: @configs)\n";
-}
-foreach ( grep {-f} @dnssec_killkeys ) {
- if ( -x $_ ) {
- $dnssec_killkey = $_;
- }
- else {
- die "Can't run $_\n";
- }
-}
-foreach ( grep {-f} @dnssec_creatkeys ) {
- if ( -x $_ ) {
- $dnssec_creatkey = $_;
- }
- else {
- die "Can't run $_\n";
- }
-}
-foreach ( grep {-f} @dnssec_signs ) {
- if ( -x $_ ) {
- $dnssec_sign = $_;
- }
- else {
- die "Can't run $_\n";
- }
-}
-
-while (<CONFIG>) {
- chomp;
- s/#.*//;
- s/\t//g;
- s/\s//g;
- next unless length;
- my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 );
- $config{$cname} = $ccont;
-}
-close(CONFIG);
-
-my $bind_dir = $config{bind_dir};
-my $conf_dir = $config{zone_conf_dir};
-my $master_dir = $config{master_dir};
-
-my $ME = basename $0;
-my @tmpfiles;
-my $verbose = 0;
-my $opt_yes = 0;
-my @Zones;
-my $file;
-
-
-sub cleanup() { unlink @tmpfiles; }
-END { cleanup(); }
-
-for (@ARGV) {
- if ( $_ eq "-y" ) {
- $opt_yes = 1;
- shift @ARGV;
- }
-}
-
-@Zones = @ARGV ? @ARGV : glob("$master_dir/*");
-
-MAIN: {
- my $changed = 0;
- my ( $dd, $mm, $yy ) = ( localtime() )[ 3 .. 5 ];
- my $date;
- $mm++;
-
- # prueft jede domain, die ein verzeichnis in $master_dir hat, ob sie
- # dnssec nutzt.
- # passt die eintraege in $config_file falls noetig an.
- while (<$master_dir/*>) {
- s#($master_dir/)(.*)#$2#;
- my $zone = $_;
-
- my $zone_file = "$master_dir/$zone/$zone";
- my $conf_file = "$conf_dir/$zone";
- my @c_content;
-
- unless ( -f "$conf_file" ) {
- die "$conf_file: $! \n";
- }
-
- if ( -e "$master_dir/$zone/.keycounter" ) {
-
- open( FILE, "<$conf_file" ) or die "$conf_file: $!\n";
- @c_content = <FILE>;
- close(FILE);
-
- for (@c_content) {
- if (m{(.*)($zone_file)(";)}) {
- print "$2 ==> $2.signed\n";
- $_ = "$1$2.signed$3\n";
- }
- }
-
- open( FILE, ">$conf_file" ) or die "$conf_file: $!\n";
- print FILE @c_content;
- close(FILE);
-
- }
- else {
-
- open( FILE, "<$conf_file" ) or die "$conf_file: $!\n";
- @c_content = <FILE>;
- close(FILE);
-
- for (@c_content) {
- if (m{(.*)($zone_file)\.signed(.*)}) {
- print "$2.signed ==> $2\n";
- $_ = "$1$2$3\n";
- }
- }
-
- open( FILE, ">$conf_file" ) or die "$conf_file: $!\n";
- print FILE @c_content;
- close(FILE);
- }
- }
-
- # erzeugt eine named.conf-datei aus den entsprechenden vorlagen.
- print "** creat named.conf.zones **\n";
- open( TO, ">$bind_dir/named.conf.zones" )
- or die "$bind_dir/named.conf.zones: $!\n";
- while (<$conf_dir/*>) {
- open( FROM, "$_" ) or die "$_: $! \n";
- print TO <FROM>;
- close(FROM);
- }
- close(TO);
-
- # aufruf von dnssec-killkey
- print "** execute dnssec-killkey for keyrollover **\n";
- system "$dnssec_killkey";
- die "$dnssec_killkey not found ($!)" if $? == -1;
- exit 1 if $?;
-
- # aufruf von dnssec-creatkey
- print "** execute dnssec-creatkey for keyrollover **\n";
- system "$dnssec_creatkey";
- die "$dnssec_creatkey not found ($!)" if $? == -1;
- exit 1 if $?;
-
- # aufruf von dnssec-sign
- print "** execute dnssec-sign for sign-update **\n";
- system "$dnssec_sign";
- die "$dnssec_sign not found ($!)" if $? == -1;
- exit 1 if $?;
-
- # update-serial
- print "** update serial **\n";
- foreach ( $dd, $mm ) { s/^\d$/0$&/; }
- $yy += 1900;
- $date = "$yy$mm$dd";
-
- while ( my $file = shift @Zones ) {
-
- my $file_basename = basename($file);
-
- $file =~ s#($master_dir)(/.*)#$1$2$2#;
- local ( *I, *O );
- my $done = 0;
-
- my $new = "$file.$$.tmp";
- my $bak = "$file.bak";
- my $stamp = $master_dir . "/.stamp/" . basename($file);
-
- $file =~ /(\.bak|~)$/ and next;
- $file !~ /\./ and next;
-
- $verbose && print "$file:";
-
- if ( -f $stamp && ( ( stat($stamp) )[9] >= ( stat($file) )[9] ) ) {
- $verbose && print " fresh, skipping.\n";
- next;
- }
-
- $done = 0;
- push @tmpfiles, $new;
- open( *I, "<$file" ) or die("Can't open < $file: $!\n");
- open( *O, ">$new" ) or die("Can't open > $new: $!\n");
-
- while (<I>) {
- /^\s+((\d+)(\d{2}))\s*;\s*serial/i and do { # PATTERN
- my ( $sdate, $scount, $serial ) = ( $2, $3, $1 );
- $done = 1;
- print " [$file] serial $sdate$scount";
-
- if ( $date eq $sdate ) { $scount++; }
- else { $sdate = $date; $scount = "00"; }
-
- print " bumping to $sdate$scount";
- s/$serial/$sdate$scount/;
-
- };
- print O;
- }
-
- close(O);
- close(I);
-
- if ($done) {
-
- open( I, "<$new" ) or die("Can't open <$new: $!\n");
- open( O, ">$file" ) or die("Can't open >$file: $!\n");
- while (<I>) { print O or die("Can't write to $file: $!\n"); }
- close(I) or die("Can't close $new: $!\n");
- close(O) or die("Can't close $file: $!\n");
-
- unlink $new;
-
- open( O, ">$stamp" ) or die("Can't open >$stamp: $!\n");
- close(O);
- $changed++;
-
- push @change_names, $file_basename;
-
- }
- else {
- print " $file: no serial number found: no zone file?";
- }
- print "\n";
- }
-
- my $pidfile;
-
- unless ($changed == 0) {
- print "Changed $changed files.\n";
- }
-
- foreach (
- qw(/var/run/bind/run/named.pid /var/run/named.pid /etc/named.pid))
- {
- -f $_ and $pidfile = $_ and last;
- }
-
- # dnssec-sign aufruf fuer geanderten domains
- print "** execute dnssec-sign **\n";
- system "$dnssec_sign @change_names";
- die "$dnssec_sign not found ($!)" if $? == -1;
- exit 1 if $?;
-
- if ($pidfile) {
- if ($opt_yes) {
- $_ = "y";
- print "** Nameserver will be reloaded\n";
- }
- else { print "** Reload now? [Y/n]: "; $_ = <STDIN>; }
- /^y|^$/i and system "rndc reload";
- }
- else {
- print
- "** No PID of a running named found. Please reload manually.\n";
-
- }
-
-}
-