define-configuration-space dynamic ZONECFG {
prefix "ddns-"
define-simple key "ddns"
+ define-simple auto-dnssec off
define-list types {A TXT PTR}
define policy {body} {
"-S" \
"-K%h/key" \
"-d%h/ds" \
- "-s-3600" "-e+176400" \
+ "-s-3600" "-e+176400" "-i90000" \
"-N%q" \
"-o%z" \
"-f%o" \
"%f"]
- define-simple auto-dnssec off
define-list reload-command [list "$BINDPROGS/rndc" "reload" "%z" "IN" "%v"]
define-list autosign-command [list "$BINDPROGS/rndc" "sign" "%z" "IN" "%v"]
define-list checkzone-command \
}
define primary {map} {
+ ## There's a grim hack here: a primary-address entry may have the form
+ ## REAL!FAKE. If the REAL address is not a local address then this
+ ## is used as the master address; otherwise the FAKE address is used.
+ ## This is useful for inter-view updates of dynamic zones on the same
+ ## host. I suggest abusing 127.0.0.0/8 addresses for this kind of
+ ## chicanery.
if {[llength $map] % 2} {
error "master map must have an even number of items"
}
if {[info exists zone(mapped-view)]} {
foreach {outview hosts} $zone(master-map) {
if {[string match $outview $zone(mapped-view)]} {
- set zone(masters) $hosts
+ set masters {}
set zone(config-type) slave
foreach host $hosts {
- if {[local-address-p $host]} {
+ set bang [string first "!" $host]
+ if {$bang >= 0} {
+ set after [string range $host [expr {$bang + 1}] end]
+ if {$bang} {
+ set before [string range $host 0 [expr {$bang - 1}]]
+ } else {
+ set before $after
+ }
+ if {[local-address-p $before]} {
+ set host $after
+ } else {
+ set host $before
+ }
+ } elseif {[local-address-p $host]} {
set zone(config-type) master
}
+ lappend masters $host
}
+ set zone(masters) $masters
break
}
}
array set zone $info
set outfile "$zone(server-file-name).new"
- if {![run "zone `$zone(name)' in view `$zone(mapped-view)'" \
+ if {![run "sign zone `$zone(name)' in view `$zone(mapped-view)'" \
$zone(signzone-command) \
"%h" $zone(home-dir) \
"%m" $zone(static-dir) \
puts $chan "\ttype master;"
puts $chan "\tfile \"$zone(server-file-name)\";"
switch -exact -- $zone(type) {
- dynamic { write-ddns-update-policy "\t" $chan $config }
+ dynamic {
+ write-ddns-update-policy "\t" $chan $config
+ if {![string equal $zone(ddns-auto-dnssec) off]} {
+ puts $chan "\tauto-dnssec $zone(ddns-auto-dnssec);"
+ }
+ }
}
}
slave {
foreach host $zone(masters) { lappend masters [host-addr $host] }
puts $chan "\tmasters { [join $masters {; }]; };"
puts $chan "\tfile \"$zone(file-name)\";"
- if {![string equal $zone(auto-dnssec) off]} {
- puts $chan "\tauto-dnssec $zone(auto-dnssec);"
- }
switch -exact -- $zone(type) {
dynamic { puts $chan "\tallow-update-forwarding { any; };" }
}
defcmd install {user view name} {
help-text "Install a new zone file.
- The file is for the given zone NAME and \(user-side) VIEW. The file is
- provided by the named USER"
+The file is for the given zone NAME and \(user-side) VIEW. The file is
+provided by the named USER."
} {
global QUIS ZONECFG ZONES CONFFILE errorInfo errorCode
}
## If the zone wants signing, better to do that now.
- if {![sign-zone-file $matchinfo keep $tmp]} {
+ if {$zone(sign) && ![sign-zone-file $matchinfo keep $tmp]} {
eval $cleanup
exit 2
}
}
}
} elseif {[string equal $zone(type) dynamic] &&
- ![string equal $zone(auto-dnssec) off]} {
+ ![string equal $zone(ddns-auto-dnssec) off]} {
## Dynamic zone: get BIND to re-sign it.
if {
~mdw / zoneconf / blobdiff