added zone file

2014-10-12 13:52:26 +02:00 · 2014-10-12 13:52:26 +02:00 · f6a33783cf
parent 2d0ea3814f
commit f6a33783cf
3 changed files with 318 additions and 51 deletions
--- a/data/me.ffhb.zone
+++ b/data/me.ffhb.zone
@ -0,0 +1,77 @@
 $TTL 1D
@					IN	SOA	ns01 noc.bremen.freifunk.net. (
 				    2014092801	; Serial
 				    4H		; Refresh
 				    1H		; Retry
 				    2W		; Expire
 				    1D)		; Negative Cache TTL
 				NS	ns01
 				NS	ns02
 				NS	ns03
 				MX	50 mail
 ; pages.github.com
 				A	192.30.252.153
 				A	192.30.252.154
 ; network stuff
 gw01				A	185.55.119.1
 				AAAA	2a02:2919::1
 gw02				A	185.55.119.2
 				AAAA	2a02:2919::2
 noc01				A	185.55.119.18
 				AAAA	2a02:2919:fdda::18
 ns01				A	37.72.148.55
 				AAAA	2a02:2918:505:101::55
 ns02				A	37.72.148.163
 				AAAA	2a02:2918:506:101::163
 ns03				A	151.236.28.15
 				AAAA	2a00:1768:1003:151:236:28:15:1
 vpn01				A	185.55.119.34
 				AAAA	2a02:2919:fcca::2
 vpn02				A	134.102.22.130
 vpn				A	185.55.119.34
 				A	134.102.22.130
 				AAAA	2a02:2919:fcca::2
 ; mail
 mail				A	37.72.148.168
 				AAAA	2a02:2918:506:101::168
 ; websites
 www				CNAME	@
 downloads			A	37.72.148.168
 				AAAA	2a02:2918:506:101::168
 wiki				A	37.72.148.168
 				AAAA	2a02:2918:506:101::168
 ; mesh stuff
 nodes				NS	ns01
 nodes				NS	ns02
 nodes				NS	ns03
 node				A	10.196.0.127
 				AAAA	fd2f:5119:f2c::127
 mesh				A	10.196.0.1
 				AAAA	fd2f:5119:f2c::1
 jplitza				A	10.196.0.200
 				AAAA	2a02:2919:1001::c8
 wikipedia			CNAME	jplitza
 $ORIGIN services
 1.ntp				AAAA	fd2f:5119:f2c::1
 1.vpn				AAAA	fd2f:5119:f2c::1
 2.vpn				AAAA	fd2f:5119:f2c::2
 introducer.tahoe-lafs		A	10.196.0.2
 node				A	10.196.0.127
 				AAAA	fd2f:5119:f2c::127
 smokeping			AAAA	2a02:2919:1000:0:ba27:ebff:fe69:2879
--- a/update-dns-nodes.sh
+++ b/update-dns-nodes.sh
@ -0,0 +1,118 @@
 #! /usr/bin/env bash
 # 2014, Moritz Kaspar Rudert (mortzu) <mr@planetcyborg.de>.
 # All rights reserved.
 # Redistribution and use in source and binary forms, with or without modification, are
 # permitted provided that the following conditions are met:
 #
 # * Redistributions of source code must retain the above copyright notice, this list of
 #   conditions and the following disclaimer.
 #
 # * Redistributions in binary form must reproduce the above copyright notice, this list
 #   of conditions and the following disclaimer in the documentation and/or other materials
 #   provided with the distribution.
 #
 # * The names of its contributors may not be used to endorse or promote products derived
 #   from this software without specific prior written permission.
 #
 # * Feel free to send Club Mate to support the work.
 #
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS
 # OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
 # AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS
 # AND CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
 # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 # POSSIBILITY OF SUCH DAMAGE.
 # PID file
 RUN_FILE='/run/update-dns-nodes.run'
 # getting workingdir of scripts
 WORK_DIR="$(dirname $(readlink -nf $0))"
 # set safe path
 PATH="${WORK_DIR}:/sbin:/usr/sbin:/bin:/usr/bin"
 # alfred data file
 ALFRED_DATA_FILE='/var/cache/ffhb/alfred.json'
 # create alfred data directory
 mkdir -p "$(dirname $ALFRED_DATA_FILE)"
 # define variable to count loops
 declare -i NUM=0
 # tmp file
 TMP_FILE="$(mktemp)"
 # if creation of tmp file failed
 # exit
 if [ -z "$TMP_FILE" ]; then
  exit 1
 fi
 # names of zones
 ZONEFILE=/var/cache/bind/ffhb.nodes.zone
 RZONEFILE=/var/cache/bind/arpa.ip6.f.d.2.f.5.1.1.9.0.f.2.c.zone
 function on_exit() {
  # remove tmp files
  for FILE in "$TMP_FILE" "$RUN_FILE"; do
    if [ -n "$FILE" ]; then
      rm -f "$FILE"
    fi
  done
 }
 trap on_exit EXIT SIGTERM SIGINT
 # write run file
 if [ -f "$RUN_FILE" ]; then
  echo 'Script already running!' >&2
  exit 1
 else
  touch "$RUN_FILE"
 fi
 # loop until data received
 while true; do
  # increment counter
  NUM=$(($NUM+1))
  # get data from alfred
  # but limit the time
  timeout -s KILL 30s alfred-json -z -r 158 >"$TMP_FILE" 2>/dev/null
  # on success leave loop
  if [ $? -eq 0 ]; then
    break
  fi
  # if the 240th run has reached kill script
  if [ $NUM -gt 240 ]; then
    # exit with error code
    exit 1
  fi
  # sleep to be safe CPU load don't getting higher
  sleep 1
 done
 # generate forward zone
 if zonegen.py <"$TMP_FILE" >"${ZONEFILE}.new"; then
  mv "${ZONEFILE}.new" "${ZONEFILE}"
 fi
 # generate reverse zone
 if rzonegen.py 0.0.0.0.c.2.f.0.9.1.1.5.f.2.d.f.ip6.arpa <"$TMP_FILE" >"${RZONEFILE}.new"; then
  mv "${RZONEFILE}.new" "${RZONEFILE}"
 fi
 # reload nameserver
 rndc reload >/dev/null
 # copy alfred file
 cp "$TMP_FILE" "$ALFRED_DATA_FILE"
--- a/update-dns.sh
+++ b/update-dns.sh
@ -27,40 +27,33 @@
 # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 # POSSIBILITY OF SUCH DAMAGE.
 # TMP file
 TMP_CONFIG_FILE="$(mktemp)"
 # PID file
-RUN_FILE='/run/ffhb-update-dns.run'
+RUN_FILE='/run/update-dns.run'
 # destination zonefile directory
 DEST_DIR='/var/cache/bind'
 DEST_CONFIG_FILE="${DEST_DIR}/zones.conf"
 # getting workingdir of scripts
 WORK_DIR="$(dirname $(readlink -nf $0))"
 # set safe path
-PATH="${WORK_DIR}:/sbin:/usr/sbin:/bin:/usr/bin"
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
-# alfred data file
+# several sites to get IP address
-ALFRED_DATA_FILE='/var/cache/ffhb/alfred.json'
+GET_MY_IP=( "http://getip.planetcyb.org" "http://whatismyip.oceanus.ro" "http://www.whatismyip.us" "http://whatismyip.everdot.org" "http://www.whatismyip.ca" "http://whatismyip.com.au" "http://www.whatismyip.nl" "http://www.whatismyip.ro" "http://www.whatismyip.se" )
-# create alfred data directory
+EXTERNAL_IPV4_ADDR=''
-mkdir -p "$(dirname $ALFRED_DATA_FILE)"
+EXTERNAL_IPV6_ADDR="$(perl -MNetAddr::IP -MNet::Address::IP::Local -e "print NetAddr::IP->new6(Net::Address::IP::Local->public_ipv6)->short()" | tr '[A-Z]' '[a-z]')"
-
+EXTERNAL_IPV6_NETWORK="$(perl -MNetAddr::IP -e "print NetAddr::IP->new6('${EXTERNAL_IPV6_ADDR}/64')->network->short()" | tr '[A-Z]' '[a-z]' | sed -e 's/::$//g')"
 # define variable to count loops
 declare -i NUM=0
 # tmp file
 TMP_FILE="$(mktemp)"
 # if creation of tmp file failed
 # exit
 if [ -z "$TMP_FILE" ]; then
  exit 1
 fi
 # names of zones
 ZONEFILE=/var/cache/bind/ffhb.nodes.zone
 RZONEFILE=/var/cache/bind/arpa.ip6.f.d.2.f.5.1.1.9.0.f.2.c.zone
 function on_exit() {
  # remove tmp files
-  for FILE in "$TMP_FILE" "$RUN_FILE"; do
+  for FILE in "$RUN_FILE" "$TMP_CONFIG_FILE"; do
    if [ -n "$FILE" ]; then
      rm -f "$FILE"
    fi
@ -77,42 +70,121 @@ else
  touch "$RUN_FILE"
 fi
-# loop until data received
+# get IPv4 address
-while true; do
+for URL in "${GET_MY_IP[@]}"; do
-  # increment counter
+  EXTERNAL_IPV4_ADDR="$(curl -m4 -4 -s -- ${URL} | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | head -n1)"
  NUM=$(($NUM+1))
-  # get data from alfred
+  if [ -n "$EXTERNAL_IPV4_ADDR" ]; then
  # but limit the time
  timeout -s KILL 30s alfred-json -z -r 158 >"$TMP_FILE" 2>/dev/null
  # on success leave loop
  if [ $? -eq 0 ]; then
    break
  fi
  # if the 240th run has reached kill script
  if [ $NUM -gt 240 ]; then
    # exit with error code
    exit 1
  fi
  # sleep to be safe CPU load don't getting higher
  sleep 1
 done
-# generate forward zone
+# print error if determining of IP addresses failed
-if zonegen.py <"$TMP_FILE" >"${ZONEFILE}.new"; then
+if [ -z "$EXTERNAL_IPV4_ADDR" -o -z "$EXTERNAL_IPV6_ADDR" ]; then
-  mv "${ZONEFILE}.new" "${ZONEFILE}"
+  echo 'Determining of IP address failed!' >&2
  exit 1
 fi
-# generate reverse zone
+# refresh git repository
-if rzonegen.py 0.0.0.0.c.2.f.0.9.1.1.5.f.2.d.f.ip6.arpa <"$TMP_FILE" >"${RZONEFILE}.new"; then
+git --work-tree="${WORK_DIR}" --git-dir="${WORK_DIR}/.git" pull -q --rebase=false origin master
-  mv "${RZONEFILE}.new" "${RZONEFILE}"
+
 # loop over zones
 for FILE in ${WORK_DIR}/data/*; do
  # tmp file
  TMP_FILE="$(mktemp)"
  # reset some variables
  OLD_SERIAL=''
  NEW_SERIAL=''
  # construct realname
  REAL_NAME="$(basename $FILE)"
  # construct origin
  ORIGIN="$(basename "${FILE/.zone/}")"
  # build zone name from filename
  declare -a DOMAIN_PARTS
  IFS='.' read -a DOMAIN_PARTS <<< "$ORIGIN"
  DOMAIN=''
  for (( idx=${#DOMAIN_PARTS[@]}-1 ; idx>=0 ; idx-- )) ; do
    [ -n "$DOMAIN" ] && DOMAIN="$DOMAIN.${DOMAIN_PARTS[idx]}" || DOMAIN="${DOMAIN_PARTS[idx]}"
  done
  # replace the first dash with a slash
  # for RDNS zones smaller than /24
  if [ $(grep -o '-' <<<"$DOMAIN" | wc -l) -gt 1 ]; then
    DOMAIN="$(sed -e 's#-#/#' <<< $DOMAIN)"
  fi
  # write new config entry
  cat >> "$TMP_CONFIG_FILE" <<EOF
 zone "$DOMAIN" {
  type master;
  file "${DEST_DIR}/${REAL_NAME}";
  allow-query { any; };
  notify yes;
 };
 EOF
  # replace placeholder with real ip adresses
  sed -e "s/___EXTERNAL-IPV4-ADDR___/${EXTERNAL_IPV4_ADDR}/g" -e "s/___EXTERNAL-IPV6-ADDR___/${EXTERNAL_IPV6_ADDR}/g" -e "s/___EXTERNAL-IPV6-NETWORK___/${EXTERNAL_IPV6_NETWORK}/g" "$FILE" >"$TMP_FILE"
  # if zone already exists
  if [ -f "${DEST_DIR}/${REAL_NAME}" ]; then
    # save old serial number
    OLD_SERIAL="$(grep -Eho "20[0-1][0-9]{7}" "${DEST_DIR}/${REAL_NAME}")"
    # strip serial from old and new files
    # diff is easier without different serial numbers
    TMP_FILE_OLD="$(mktemp)"
    TMP_FILE_NEW="$(mktemp)"
    sed -e '/20[0-1][0-9]\{7\}/d' "${DEST_DIR}/${REAL_NAME}" >"$TMP_FILE_OLD"
    sed -e '/20[0-1][0-9]\{7\}/d' "$TMP_FILE" >"$TMP_FILE_NEW"
    # check if update is necessary
    if diff -q "$TMP_FILE_OLD" "$TMP_FILE_NEW" >/dev/null 2>&1; then
      # if zones are identically
      # remove tmp files
      for FILE in "$TMP_FILE" "$TMP_FILE_OLD" "$TMP_FILE_NEW"; do
        if [ -n "$FILE" ]; then
          rm -f "$FILE"
        fi
      done
      continue
    fi
  fi
  # check if zone is valid
  if ! named-checkzone "$DOMAIN" "$TMP_FILE" >/dev/null 2>&1; then
    echo "$FILE is not valid!" >&2
    for FILE in "$TMP_FILE" "$TMP_FILE_OLD" "$TMP_FILE_NEW"; do
      if [ -n "$FILE" ]; then
        rm -f "$FILE"
      fi
    done
    continue
  fi
  # update serial
  if [ -n "$OLD_SERIAL" ]; then
    NEW_SERIAL=$(($OLD_SERIAL + 1))
  else
    NEW_SERIAL=$(date +'%Y%m%d%H')
  fi
  sed -e 's/20[0-1][0-9]\{7\}/'${NEW_SERIAL}'/g' -i "$TMP_FILE"
  # move the file to real place
  mv "$TMP_FILE" "${DEST_DIR}/${REAL_NAME}"
  # fix permissions
  chmod 0644 "${DEST_DIR}/${REAL_NAME}"
 done
 if [ ! -f "$DEST_CONFIG_FILE" ] || ( [ -n "$(cat $TMP_CONFIG_FILE)" ] && ! diff -q "$TMP_CONFIG_FILE" "$DEST_CONFIG_FILE" >/dev/null 2>&1 ); then
  mv "$TMP_CONFIG_FILE" "$DEST_CONFIG_FILE"
  chmod 0644 "$DEST_CONFIG_FILE"
 fi
 # reload nameserver
 rndc reload >/dev/null
 # copy alfred file
 cp "$TMP_FILE" "$ALFRED_DATA_FILE"