zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-13 16:16:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

DNSSEC interface improvements

Browse source
This commit is contained in:
Pinga 2025-03-11 17:27:20 +02:00
parent 52a0503eed
commit 44e975bf6e
2 changed files with 109 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

59
cp/app/Controllers/SystemController.php
View file

@ -1012,44 +1012,49 @@ class SystemController extends Controller
$secureTld = $tld['secure']; $secureTld = $tld['secure'];
if ($secureTld === 1) { if ($secureTld === 1) {
// Remove the leading dot
$tld_extension_cleaned = ltrim($tld['tld'], '.'); $tld_extension_cleaned = ltrim($tld['tld'], '.');
$zone = escapeshellarg($tld_extension_cleaned);
$statusOutput = shell_exec("rndc dnssec -status $zone");
// Path to the JSON file if (!$statusOutput) {
$jsonFilePath = "/tmp/{$tld_extension_cleaned}.json"; $dnssecData = ['error' => "Unable to fetch DNSSEC status for $zone."];
} else {
// Extract all KSKs regardless of algorithm
preg_match_all('/key: (\d+) \((\w+)\), KSK/', $statusOutput, $matches, PREG_SET_ORDER);
// Initialize a variable to hold the data for Twig
$dnssecData = null;
if (file_exists($jsonFilePath) && is_readable($jsonFilePath)) {
// Read and decode the JSON file
$jsonContent = file_get_contents($jsonFilePath);
$data = json_decode($jsonContent, true);
if (json_last_error() === JSON_ERROR_NONE) {
// Ensure keys exist and process them
if (isset($data['keys']) && is_array($data['keys'])) {
$dnssecData = [ $dnssecData = [
'zoneName' => $data['zoneName'] ?? 'N/A', 'zoneName' => $tld['tld'],
'timestamp' => $data['timestamp'] ?? 'N/A', 'timestamp' => date('Y-m-d H:i:s'),
'keys' => [], 'keys' => [],
]; ];
foreach ($data['keys'] as $key) { foreach ($matches as $match) {
$keyId = $match[1];
$algorithm = $match[2];
// Determine if key is active or in rollover state
$keyStatus = strpos($statusOutput, "key: $keyId") !== false
? (strpos($statusOutput, "key signing: yes") !== false ? 'Active' : 'Pending Rollover')
: 'Unknown';
// Extract DS record for this key
$dsRecord = shell_exec("dnssec-dsfromkey -2 /var/lib/bind/K{$tld_extension_cleaned}.+008+{$keyId}.key");
$dsRecord = $dsRecord ? trim($dsRecord) : 'N/A';
// Append key details
$dnssecData['keys'][] = [ $dnssecData['keys'][] = [
'keyFile' => $key['keyFile'] ?? 'N/A', 'key_id' => $keyId,
'dsRecord' => $key['dsRecord'] ?? 'N/A', 'algorithm' => $algorithm,
'timestamp' => $key['timestamp'] ?? 'N/A', 'ds_record' => $dsRecord,
'status' => $keyStatus,
'timestamp' => date('Y-m-d H:i:s'),
]; ];
} }
} else {
$dnssecData = ['error' => "No keys found in JSON."]; // If no keys were found, set an error message
if (empty($dnssecData['keys'])) {
$dnssecData = ['error' => "No DNSSEC keys found for $zone."];
} }
} else {
$dnssecData = ['error' => "Failed to decode JSON: " . json_last_error_msg()];
}
} else {
$dnssecData = ['error' => "File {$jsonFilePath} not found or not readable."];
} }
} else { } else {
$dnssecData = ['error' => "DNSSEC is not enabled for this TLD."]; $dnssecData = ['error' => "DNSSEC is not enabled for this TLD."];

36
cp/resources/views/admin/system/manageTld.twig
View file

@ -93,26 +93,48 @@
</div> </div>
</div> </div>
{% if dnssecData is defined and dnssecData.keys is defined %} {% if dnssecData is defined and dnssecData.keys is defined and dnssecData.keys|length > 0 %}
<div class="card mb-3"> <div class="card mb-3">
<div class="card-header"> <div class="card-header">
<h5 class="card-title">{{ __('DNSSEC Details') }} <span class="card-subtitle">{{ __('Last Updated:') }} {{ dnssecData.timestamp }}</span></h5> <h5 class="card-title">{{ __('DNSSEC Details') }}
<span class="card-subtitle">{{ __('Last Updated:') }} {{ dnssecData.timestamp }}</span>
</h5>
</div> </div>
<div class="card-body"> <div class="card-body">
<div class="table-responsive"> <div class="table-responsive">
<table class="table table-vcenter card-table"> <table class="table table-vcenter card-table">
<thead> <thead>
<tr> <tr>
<th>{{ __('Key File') }}</th> <th>{{ __('Key ID') }}</th>
<th>{{ __('Algorithm') }}</th>
<th>{{ __('DS Record') }}</th> <th>{{ __('DS Record') }}</th>
<th>{{ __('Status') }}</th>
<th>{{ __('Timestamp') }}</th> <th>{{ __('Timestamp') }}</th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
{% for key in dnssecData.keys %} {% for key in dnssecData.keys %}
<tr> <tr>
<td>{{ key.keyFile }}</td> <td>{{ key.key_id }}</td>
<td><p class="user-select-all tracking-wide mb-0"><kbd>{{ key.dsRecord }}</kbd></p></td> <td>{{ key.algorithm }}</td>
<td>
{% if key.ds_record != 'N/A' %}
<p class="user-select-all tracking-wide mb-0">
<kbd>{{ key.ds_record }}</kbd>
</p>
{% else %}
<span class="text-muted">{{ __('Not Available') }}</span>
{% endif %}
</td>
<td>
{% if key.status == 'Active' %}
<span class="badge bg-success">{{ __('Active') }}</span>
{% elseif key.status == 'Pending Rollover' %}
<span class="badge bg-warning">{{ __('Pending Rollover') }}</span>
{% else %}
<span class="badge bg-secondary">{{ __('Unknown') }}</span>
{% endif %}
</td>
<td>{{ key.timestamp }}</td> <td>{{ key.timestamp }}</td>
</tr> </tr>
{% endfor %} {% endfor %}
@ -139,7 +161,9 @@
</div> </div>
<div class="card-body"> <div class="card-body">
<div class="alert alert-info" role="alert"> <div class="alert alert-info" role="alert">
<div><h4 class="alert-heading">{{ __('No DNSSEC data available.') }}</h4></div> <div>
<h4 class="alert-heading">{{ __('No DNSSEC data available.') }}</h4>
</div>
</div> </div>
</div> </div>
</div> </div>