X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/zoneconf/blobdiff_plain/a37c695a4798c2ec8e33bfb0706c6a65d2dd7e4f..7de7888a156f3558297545a97d8fe6c418230daf:/zoneconf.in

diff --git a/zoneconf.in b/zoneconf.in
old mode 100644
new mode 100755
index f0dcdef..edf1184
--- a/zoneconf.in
+++ b/zoneconf.in
@@ -970,6 +970,7 @@ define-configuration-space policy ZONECFG {
 define-configuration-space dynamic ZONECFG {
   prefix "ddns-"
   define-simple key "ddns"
+  define-simple auto-dnssec off
   define-list types {A TXT PTR}
 
   define policy {body} {
@@ -999,12 +1000,11 @@ define-configuration-space zone ZONECFG {
 	   "-S" \
 	   "-K%h/key" \
 	   "-d%h/ds" \
-	   "-s-3600" "-e+176400" \
+	   "-s-3600" "-e+176400" "-i90000" \
 	   "-N%q" \
 	   "-o%z" \
 	   "-f%o" \
 	   "%f"]
-  define-simple auto-dnssec off
   define-list reload-command [list "$BINDPROGS/rndc" "reload" "%z" "IN" "%v"]
   define-list autosign-command [list "$BINDPROGS/rndc" "sign" "%z" "IN" "%v"]
   define-list checkzone-command \
@@ -1022,6 +1022,12 @@ define-configuration-space zone ZONECFG {
   }
 
   define primary {map} {
+    ## There's a grim hack here: a primary-address entry may have the form
+    ## REAL!FAKE.  If the REAL address is not a local address then this
+    ## is used as the master address; otherwise the FAKE address is used.
+    ## This is useful for inter-view updates of dynamic zones on the same
+    ## host.  I suggest abusing 127.0.0.0/8 addresses for this kind of
+    ## chicanery.
     if {[llength $map] % 2} {
       error "master map must have an even number of items"
     }
@@ -1141,13 +1147,28 @@ proc compute-zone-properties {view config} {
   if {[info exists zone(mapped-view)]} {
     foreach {outview hosts} $zone(master-map) {
       if {[string match $outview $zone(mapped-view)]} {
-	set zone(masters) $hosts
+	set masters {}
 	set zone(config-type) slave
 	foreach host $hosts {
-	  if {[local-address-p $host]} {
+	  set bang [string first "!" $host]
+	  if {$bang >= 0} {
+	    set after [string range $host [expr {$bang + 1}] end]
+	    if {$bang} {
+	      set before [string range $host 0 [expr {$bang - 1}]]
+	    } else {
+	      set before $after
+	    }
+	    if {[local-address-p $before]} {
+	      set host $after
+	    } else {
+	      set host $before
+	    }
+	  } elseif {[local-address-p $host]} {
 	    set zone(config-type) master
 	  }
+	  lappend masters $host
 	}
+	set zone(masters) $masters
 	break
       }
     }
@@ -1223,7 +1244,7 @@ proc sign-zone-file {info soafmt infile} {
 
   array set zone $info
   set outfile "$zone(server-file-name).new"
-  if {![run "zone `$zone(name)' in view `$zone(mapped-view)'" \
+  if {![run "sign zone `$zone(name)' in view `$zone(mapped-view)'" \
 	    $zone(signzone-command) \
 	    "%h" $zone(home-dir) \
 	    "%m" $zone(static-dir) \
@@ -1260,7 +1281,12 @@ proc write-zone-stanza {view chan config} {
       puts $chan "\ttype master;"
       puts $chan "\tfile \"$zone(server-file-name)\";"
       switch -exact -- $zone(type) {
-	dynamic { write-ddns-update-policy "\t" $chan $config }
+	dynamic {
+	  write-ddns-update-policy "\t" $chan $config
+	  if {![string equal $zone(ddns-auto-dnssec) off]} {
+	    puts $chan "\tauto-dnssec $zone(ddns-auto-dnssec);"
+	  }
+	}
       }
     }
     slave {
@@ -1269,9 +1295,6 @@ proc write-zone-stanza {view chan config} {
       foreach host $zone(masters) { lappend masters [host-addr $host] }
       puts $chan "\tmasters { [join $masters {; }]; };"
       puts $chan "\tfile \"$zone(file-name)\";"
-      if {![string equal $zone(auto-dnssec) off]} {
-	puts $chan "\tauto-dnssec $zone(auto-dnssec);"
-      }
       switch -exact -- $zone(type) {
 	dynamic { puts $chan "\tallow-update-forwarding { any; };" }
       }
@@ -1349,8 +1372,8 @@ defcmd update {} {
 defcmd install {user view name} {
   help-text "Install a new zone file.
 
-	    The file is for the given zone NAME and \(user-side) VIEW.  The file is
-	    provided by the named USER"
+The file is for the given zone NAME and \(user-side) VIEW.  The file is
+provided by the named USER."
 } {
   global QUIS ZONECFG ZONES CONFFILE errorInfo errorCode
 
@@ -1424,7 +1447,7 @@ defcmd install {user view name} {
     }
 
     ## If the zone wants signing, better to do that now.
-    if {![sign-zone-file $matchinfo keep $tmp]} {
+    if {$zone(sign) && ![sign-zone-file $matchinfo keep $tmp]} {
       eval $cleanup
       exit 2
     }
@@ -1493,7 +1516,7 @@ defcmd sign {} {
 	  }
 	}
       } elseif {[string equal $zone(type) dynamic] &&
-		![string equal $zone(auto-dnssec) off]} {
+		![string equal $zone(ddns-auto-dnssec) off]} {
 	## Dynamic zone: get BIND to re-sign it.
 
 	if {![run "re-sign zone `$zone(name) in server view `$view'" \