zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-07-21 01:55:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

Documentation update, KnotDNS support more detailed

Browse source
This commit is contained in:
Pinga 2024-12-01 14:21:33 +02:00
parent 9a86d52c7c
commit dcca095662
4 changed files with 251 additions and 113 deletions
Download patch file Download diff file Expand all files Collapse all files

103
automation/dnssec-ds-rotator.php
View file

@ -6,14 +6,14 @@ $c = require_once 'config.php';
require_once 'helpers.php';
// Configuration
$keyDir = '/var/lib/bind'; // Directory containing key files
$keyDir = $c['dns_software'] === 'bind' ? '/var/lib/bind' : '/etc/knot/keys'; // Directory containing key files
$localPhpScript = '/path/to/local-registry-update.php'; // Local PHP script for DS record submission
$adminEmail = 'admin@example.com'; // Email to be included for IANA submission logs
$dnssecTool = '/usr/bin/dnssec-dsfromkey'; // Path to dnssec-dsfromkey
$dnssecTool = $c['dns_software'] === 'bind' ? '/usr/bin/dnssec-dsfromkey' : '/usr/bin/keymgr'; // Tool path
$logFilePath = '/var/log/namingo/dnssec-ds-rotator.log';
$log = setupLogger($logFilePath, 'DNSSEC_DS_Rotator');
$log->info("Starting DS record handling.");
$log->info("Starting DS record handling for " . strtoupper($c['dns_software']) . ".");
try {
// Connect to the database
@ -32,52 +32,71 @@ try {
// Process the zone name
$log->info("Processing zone: $zoneName");
// Locate all keys for the zone
$keyFiles = glob("$keyDir/K$zoneName.+*.key");
if (empty($keyFiles)) {
$log->error("No keys found for $zoneName in $keyDir.");
continue;
}
// Filter for KSKs (flag 257)
$kskFiles = [];
foreach ($keyFiles as $keyFile) {
$keyContent = file_get_contents($keyFile);
if (strpos($keyContent, '257') !== false) {
$kskFiles[] = $keyFile;
if ($c['dns_software'] === 'bind') {
// Locate all keys for the zone (BIND)
$keyFiles = glob("$keyDir/K$zoneName.+*.key");
if (empty($keyFiles)) {
$log->error("No keys found for $zoneName in $keyDir.");
continue;
}
}
if (empty($kskFiles)) {
$log->error("No KSKs found for $zoneName in $keyDir.");
continue;
}
// Filter for KSKs (flag 257)
$kskFiles = [];
foreach ($keyFiles as $keyFile) {
$keyContent = file_get_contents($keyFile);
if (strpos($keyContent, '257') !== false) {
$kskFiles[] = $keyFile;
}
}
// Process each KSK and generate DS records
$keys = [];
foreach ($kskFiles as $kskFile) {
exec("$dnssecTool -a SHA-256 $kskFile", $output, $returnCode);
if (empty($kskFiles)) {
$log->error("No KSKs found for $zoneName in $keyDir.");
continue;
}
// Process each KSK and generate DS records
$keys = [];
foreach ($kskFiles as $kskFile) {
exec("$dnssecTool -a SHA-256 $kskFile", $output, $returnCode);
if ($returnCode !== 0 || empty($output)) {
$log->error("Failed to generate DS record for $zoneName (key file: $kskFile).");
continue;
}
$dsRecord = implode("\n", $output);
$keyData = [
'keyFile' => $kskFile,
'dsRecord' => $dsRecord,
'timestamp' => date('Y-m-d H:i:s'),
];
$keys[] = $keyData;
$log->info("DS Record Generated for KSK file $kskFile: $dsRecord");
}
} elseif ($c['dns_software'] === 'knot') {
// **Knot DNS: Use keymgr to manage keys and DS records**
$keys = [];
exec("$dnssecTool ds $zoneName", $output, $returnCode);
if ($returnCode !== 0 || empty($output)) {
$log->error("Failed to generate DS record for $zoneName (key file: $kskFile).");
$log->error("Failed to generate DS record for $zoneName using Knot DNS.");
continue;
}
$dsRecord = implode("\n", $output);
$keyData = [
'keyFile' => $kskFile,
'dsRecord' => $dsRecord,
'timestamp' => date('Y-m-d H:i:s'),
];
$keys[] = $keyData;
$log->info("DS Record Generated for KSK file $kskFile: $dsRecord");
$log->info("DS Record Generated for zone $zoneName using Knot DNS: $dsRecord");
}
// Prepare data to save
$data = [
'zoneName' => $zoneName,
'timestamp' => date('Y-m-d H:i:s'), // Add a timestamp
'keys' => $keys, // Add all KSKs and their DS records
'timestamp' => date('Y-m-d H:i:s'),
'keys' => $keys,
];
// Save to /tmp as JSON
@ -89,7 +108,6 @@ try {
$levelCount = substr_count($zoneName, '.') + 1;
if ($levelCount === 1) {
// Case: TLD (e.g., .test)
$log->info("Logging DS record details for manual submission to IANA...");
$ianaDetails = [
'Zone' => $zoneName,
@ -97,35 +115,19 @@ try {
'Admin Contact' => $adminEmail,
];
$log->info(json_encode($ianaDetails, JSON_PRETTY_PRINT));
$log->info("Please submit the following DS record(s) to IANA via the RZM interface:");
foreach ($keys as $key) {
$log->info($key['dsRecord']);
}
} elseif ($levelCount >= 2) {
// Case: SLD or 3LD (e.g., test.ua)
$log->info("DS record for $zoneName should be submitted to the parent registry.");
$log->info("DS Record(s):");
foreach ($keys as $key) {
$log->info($key['dsRecord']);
}
// Uncomment this block to submit to parent using the local PHP script
/*
$log->info("Submitting DS record to parent zone using local PHP script...");
$response = shell_exec("php $localPhpScript $zoneName '" . json_encode($keys) . "'");
if (str_contains($response, 'success')) {
$log->info("DS record successfully submitted to parent zone for $zoneName.");
} else {
$log->error("Failed to submit DS record to parent zone for $zoneName.");
$log->error("Response from PHP script: $response");
continue;
}
*/
} else {
$log->error("Unsupported zone type for $zoneName.");
continue;
}
// Log successful handling of the zone
$log->info("DS record handling completed successfully for $zoneName.");
}
@ -136,7 +138,4 @@ try {
} catch (Exception $e) {
$log->error('An unexpected error occurred: ' . $e->getMessage());
exit(1);
} catch (Throwable $e) {
$log->error('An unexpected error occurred: ' . $e->getMessage());
exit(1);
}
}

2
automation/write-zone.php
View file

@ -151,7 +151,7 @@ Coroutine::create(function () use ($pool, $log, $c) {
} elseif ($c['dns_server'] == 'nsd') {
$basePath = '/etc/nsd';
} elseif ($c['dns_server'] == 'knot') {
$basePath = '/etc/knot';
$basePath = '/etc/knot/zones';
} else {
// Default path
$basePath = '/var/lib/bind';