From f06ab858f1faa68dbe5dd3e149cf108ae3910509 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Thu, 9 Jun 2022 16:16:04 +0200 Subject: Merging upstream version 20220609. Signed-off-by: Daniel Baumann --- CHANGELOG.txt | 8 +++ VERSION.txt | 2 +- dehydrated/bin/dehydrated-nsupdate | 35 ++++++++++- dehydrated/share/man/dehydrated-nsupdate.1.rst | 3 +- dnsdist/Makefile | 80 ++++++++++++++++++++++++++ dnsdist/bin/dnsdist-console | 60 +++++++++++++++++++ 6 files changed, 184 insertions(+), 4 deletions(-) create mode 100644 dnsdist/Makefile create mode 100755 dnsdist/bin/dnsdist-console diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 2f1a084..8289f87 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,11 @@ +2022-06-09 Daniel Baumann + + * Releasing version 20220609. + + [ Daniel Baumann ] + * Handling ipv4-only/ipv6-only nameservers on ipv4-only/ipv6-only systems. + * Adding dnsdist tools. + 2022-05-25 Daniel Baumann * Releasing version 20220525. diff --git a/VERSION.txt b/VERSION.txt index a0acbbd..2b282de 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -20220525 +20220609 diff --git a/dehydrated/bin/dehydrated-nsupdate b/dehydrated/bin/dehydrated-nsupdate index fa421ea..96c95eb 100755 --- a/dehydrated/bin/dehydrated-nsupdate +++ b/dehydrated/bin/dehydrated-nsupdate @@ -88,9 +88,9 @@ else TXT_RECORD="_acme-challenge.${DOMAIN}" fi -# find nameservers to update ZONE="${TXT_RECORD}" +# find all nameservers to update while true do NAMESERVERS="$(${DIG} +nocomments +noquestion NS "${ZONE}" 2>&1 | grep -v '^;' | awk '/NS/ { print $5 }')" @@ -104,12 +104,43 @@ do fi done +NAMESERVERS_IPV6="" +NAMESERVERS_IPV4="" + +for NAMESERVER in ${NAMESERVERS} +do + if [ -n "$(${DIG} +nocomments +noquestion +short AAAA ${NAMESERVER})" ] + then + NAMESERVERS_IPV6="${NAMESERVERS_IPV6} ${NAMESERVER}" + fi + + if [ -n "$(${DIG} +nocomments +noquestion +short A ${NAMESERVER})" ] + then + NAMESERVERS_IPV4="${NAMESERVERS_IPV4} ${NAMESERVER}" + fi +done + +# filter nameservers by available IP protocol +NAMESERVERS="" + +if hostname -I | grep -qs ':' +then + NAMESERVERS="${NAMESERVERS} ${NAMESERVERS_IPV6}" +fi + +if hostname -I | grep -qs '\.' +then + NAMESERVERS="${NAMESERVERS} ${NAMESERVERS_IPV4}" +fi + +NAMESERVERS="$(echo ${NAMESERVERS} | sed -e 's| |\n|g' | sort -u -V)" + +# update nameservers if [ -n "${TSIG_KEYFILE}" ] && [ -e "${TSIG_KEYFILE}" ] then NSUPDATE_OPTIONS="-k ${TSIG_KEYFILE}" fi -# update nameservers for NAMESERVER in ${NAMESERVERS} do echo -n " + sending '${HOOK_ACTION}' for ${TXT_RECORD} to ${NAMESERVER}..." diff --git a/dehydrated/share/man/dehydrated-nsupdate.1.rst b/dehydrated/share/man/dehydrated-nsupdate.1.rst index 058785f..db58d5c 100644 --- a/dehydrated/share/man/dehydrated-nsupdate.1.rst +++ b/dehydrated/share/man/dehydrated-nsupdate.1.rst @@ -54,7 +54,8 @@ Features | **automatic nameserver detection** | **dehydrated-nsupdate** automatically finds and updates all authoritative -| nameservers for a given record by looking up the records in the DNS by itself. +| nameservers for a given record by looking up the records in the DNS by itself, +| supporting IPv6-only, IPv4-only, and dual-stacked environments. | **proper CNAME support** | **dehydrated-nsupdate** follows CNAMEs delegating the TXT record creation to diff --git a/dnsdist/Makefile b/dnsdist/Makefile new file mode 100644 index 0000000..6b3744b --- /dev/null +++ b/dnsdist/Makefile @@ -0,0 +1,80 @@ +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2022 Daniel Baumann +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +SHELL := sh -e + +SCRIPTS = bin/* + +all: build + +test: + @echo -n "Checking for syntax errors with sh... " + @for SCRIPT in $(SCRIPTS); \ + do \ + sh -n $${SCRIPT}; \ + echo -n "."; \ + done + @echo " done." + + @echo -n "Checking for bashisms... " + @if [ -x /usr/bin/checkbashisms ]; \ + then \ + for SCRIPT in $(SCRIPTS); \ + do \ + checkbashisms -f -x $${SCRIPT}; \ + echo -n "."; \ + done; \ + else \ + echo "Note: devscripts not installed, skipping checkbashisms."; \ + fi + @echo " done." + + @echo -n "Checking with shellcheck... " + @if [ -x /usr/bin/shellcheck ]; \ + then \ + for SCRIPT in $(SCRIPTS); \ + do \ + shellcheck -e SC2039 $${SCRIPT}; \ + echo -n "."; \ + done; \ + else \ + echo "Note: shellcheck not installed, skipping shellcheck."; \ + fi + @echo " done." + +build: + +install: build + mkdir -p $(DESTDIR)/usr/bin + cp -r bin/* $(DESTDIR)/usr/bin + +uninstall: + for FILE in bin/*; \ + do \ + rm -f $(DESTDIR)/usr/bin/$$(basename $${FILE}); \ + done + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/bin || true + + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR) || true + +clean: + +distclean: + +reinstall: uninstall install diff --git a/dnsdist/bin/dnsdist-console b/dnsdist/bin/dnsdist-console new file mode 100755 index 0000000..8667533 --- /dev/null +++ b/dnsdist/bin/dnsdist-console @@ -0,0 +1,60 @@ +#!/bin/sh + +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2022 Daniel Baumann +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +set -e + +PROGRAM="$(basename ${0})" + +Usage () +{ + if [ -z "${OPTIONS}" ] + then + echo "'${PROGRAM}': incomplete or invalid configuration in /etc/default/dnsdist" >&2 + exit 1 + fi +} + +if [ ! -r /etc/dnsdist/dnsdist.conf ] +then + Usage +fi + +CONTROL_SOCKET="$(awk -F\' '/^controlSocket\(/ { print $2 }' /etc/dnsdist/dnsdist.conf)" +KEY="$(awk -F\' '/^setKey\(/ { print $2 }' /etc/dnsdist/dnsdist.conf)" + +OPTIONS="" + +if [ -n "${CONTROL_SOCKET}" ] +then + OPTIONS="${OPTIONS} -c ${CONTROL_SOCKET}" +fi + +if [ -n "${KEY}" ] +then + OPTIONS="${OPTIONS} -k ${KEY}" +fi + +if [ -z "${OPTIONS}" ] +then + Usage +fi + +dnsdist ${OPTIONS} -- cgit v1.2.3