From f78ce878b711ca010c407f6626a6085feb4b5ae7 Mon Sep 17 00:00:00 2001 From: Benjamin Graillot Date: Mon, 24 Dec 2018 10:47:30 +0100 Subject: [PATCH] Ajout du DNSSEC --- dnssec_generate.py | 32 ++++++++++++++++++++++++++++++++ main.py | 13 +++++++++++++ 2 files changed, 45 insertions(+) create mode 100755 dnssec_generate.py diff --git a/dnssec_generate.py b/dnssec_generate.py new file mode 100755 index 0000000..2bb064d --- /dev/null +++ b/dnssec_generate.py @@ -0,0 +1,32 @@ +#!/usr/bin/python3 + +import json +import os +import re +import subprocess + + +path = os.path.dirname(os.path.abspath(__file__)) +try: + with open(path + '/dnssec_domains.json') as dnssec_zones: + zones = json.load(dnssec_zones) +except: + zones = [] + +if __name__ == '__main__': + ds_records = {} + for zone in zones: + ds = subprocess.check_output(['drill', '-s', '@localhost', '-t', 'DNSKEY', zone]).decode('utf-8') + try: + m = re.search(r'id = (\d+) \(ksk\)', ds) + tag = m.group(1) + ds = ds.split('\n') + ds = ds[ds.index('; equivalent DS records for key ' + tag + ':')+2].split('\t') + except: + print('Unable to find ksk for', zone) + continue + ds[0] = ds[0][ds[0][2:].index(' ')+3:] + ds[-1:] = ds[-1].split(' ') + ds_records[zone] = {'subzone': ds[0], 'ttl': ds[1], 'id': ds[4], 'algo': ds[5], 'type': ds[6], 'fp': ds[7]} + with open('dnssec.json', 'w') as dnssec: + json.dump(ds_records, dnssec) diff --git a/main.py b/main.py index 82f25de..0cb2791 100755 --- a/main.py +++ b/main.py @@ -43,6 +43,7 @@ template_cname = "{hostname} IN CNAME {alias}." template_dname = "@ IN DNAME {zone}." template_ptr = "{target} IN PTR {hostname}." template_sshfp = "{hostname} SSHFP {algo} {type} {fp}" +template_ds = "{subzone} {ttl} IN DS {id} {algo} {type} {fp}" template_zone = ( "$TTL 2D\n" @@ -69,6 +70,8 @@ template_zone = ( "{cname_records}\n" "\n" "{dname_records}\n" + "\n" + "{ds_records}\n" ) template_reverse = ( @@ -220,6 +223,15 @@ def write_dns_file(zone): for x in zone['dname_records'] ) + if zone['name'][1:] == "crans.org": + with open(path + '/dnssec.json') as ds: + zones_ds = json.load(ds) + ds_records = "" + for zone in zones_ds: + ds_records += template_ds.format(**zones_ds[zone]) + "\n" + else: + ds_records = "\n" + zone_file_content = template_zone.format( soa=soa, originv4=originv4, @@ -233,6 +245,7 @@ def write_dns_file(zone): aaaa_records=aaaa_records, cname_records=cname_records, dname_records=dname_records, + ds_records=ds_records, ) filename = path+'/generated/dns.{zone}.zone'.format(zone=zone_name)