Ajout du DNSSEC
This commit is contained in:
Benjamin Graillot
parent
7281290057
commit
f78ce878b7
2 changed files with 45 additions and 0 deletions
32
dnssec_generate.py
Executable file
32
dnssec_generate.py
Executable file
|
|
@ -0,0 +1,32 @@
|
||||||
|
#!/usr/bin/python3
|
||||||
|
|
||||||
|
import json
|
||||||
|
import os
|
||||||
|
import re
|
||||||
|
import subprocess
|
||||||
|
|
||||||
|
|
||||||
|
path = os.path.dirname(os.path.abspath(__file__))
|
||||||
|
try:
|
||||||
|
with open(path + '/dnssec_domains.json') as dnssec_zones:
|
||||||
|
zones = json.load(dnssec_zones)
|
||||||
|
except:
|
||||||
|
zones = []
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
ds_records = {}
|
||||||
|
for zone in zones:
|
||||||
|
ds = subprocess.check_output(['drill', '-s', '@localhost', '-t', 'DNSKEY', zone]).decode('utf-8')
|
||||||
|
try:
|
||||||
|
m = re.search(r'id = (\d+) \(ksk\)', ds)
|
||||||
|
tag = m.group(1)
|
||||||
|
ds = ds.split('\n')
|
||||||
|
ds = ds[ds.index('; equivalent DS records for key ' + tag + ':')+2].split('\t')
|
||||||
|
except:
|
||||||
|
print('Unable to find ksk for', zone)
|
||||||
|
continue
|
||||||
|
ds[0] = ds[0][ds[0][2:].index(' ')+3:]
|
||||||
|
ds[-1:] = ds[-1].split(' ')
|
||||||
|
ds_records[zone] = {'subzone': ds[0], 'ttl': ds[1], 'id': ds[4], 'algo': ds[5], 'type': ds[6], 'fp': ds[7]}
|
||||||
|
with open('dnssec.json', 'w') as dnssec:
|
||||||
|
json.dump(ds_records, dnssec)
|
||||||
13
main.py
13
main.py
|
|
@ -43,6 +43,7 @@ template_cname = "{hostname} IN CNAME {alias}."
|
||||||
template_dname = "@ IN DNAME {zone}."
|
template_dname = "@ IN DNAME {zone}."
|
||||||
template_ptr = "{target} IN PTR {hostname}."
|
template_ptr = "{target} IN PTR {hostname}."
|
||||||
template_sshfp = "{hostname} SSHFP {algo} {type} {fp}"
|
template_sshfp = "{hostname} SSHFP {algo} {type} {fp}"
|
||||||
|
template_ds = "{subzone} {ttl} IN DS {id} {algo} {type} {fp}"
|
||||||
|
|
||||||
template_zone = (
|
template_zone = (
|
||||||
"$TTL 2D\n"
|
"$TTL 2D\n"
|
||||||
|
|
@ -69,6 +70,8 @@ template_zone = (
|
||||||
"{cname_records}\n"
|
"{cname_records}\n"
|
||||||
"\n"
|
"\n"
|
||||||
"{dname_records}\n"
|
"{dname_records}\n"
|
||||||
|
"\n"
|
||||||
|
"{ds_records}\n"
|
||||||
)
|
)
|
||||||
|
|
||||||
template_reverse = (
|
template_reverse = (
|
||||||
|
|
@ -220,6 +223,15 @@ def write_dns_file(zone):
|
||||||
for x in zone['dname_records']
|
for x in zone['dname_records']
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if zone['name'][1:] == "crans.org":
|
||||||
|
with open(path + '/dnssec.json') as ds:
|
||||||
|
zones_ds = json.load(ds)
|
||||||
|
ds_records = ""
|
||||||
|
for zone in zones_ds:
|
||||||
|
ds_records += template_ds.format(**zones_ds[zone]) + "\n"
|
||||||
|
else:
|
||||||
|
ds_records = "\n"
|
||||||
|
|
||||||
zone_file_content = template_zone.format(
|
zone_file_content = template_zone.format(
|
||||||
soa=soa,
|
soa=soa,
|
||||||
originv4=originv4,
|
originv4=originv4,
|
||||||
|
|
@ -233,6 +245,7 @@ def write_dns_file(zone):
|
||||||
aaaa_records=aaaa_records,
|
aaaa_records=aaaa_records,
|
||||||
cname_records=cname_records,
|
cname_records=cname_records,
|
||||||
dname_records=dname_records,
|
dname_records=dname_records,
|
||||||
|
ds_records=ds_records,
|
||||||
)
|
)
|
||||||
|
|
||||||
filename = path+'/generated/dns.{zone}.zone'.format(zone=zone_name)
|
filename = path+'/generated/dns.{zone}.zone'.format(zone=zone_name)
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue