nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-03-11 09:04:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

bind: Add enable DNSSEC

Browse Source
This commit is contained in:
mridulnagpal 2016-12-31 06:43:20 +05:30 committed by James Valleroy
parent 8c0d8e9db2
commit d986d58250
No known key found for this signature in database
GPG Key ID: 77C0C75E7B650808
4 changed files with 65 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
actions/bind
View File

@ -31,7 +31,8 @@ CONFIG_FILE = '/etc/bind/named.conf.options'
value1 = 'acl goodclients { \n localhost;\n};\n'
value2 = ' recursion yes;\n allow-query { goodclients; };\n\n'
value3 = ' // 8.8.8.8;\n // 8.8.4.4;\n'
value4 = ' //forward only;\n'
value4 = ' //forward first;\n'
value5 = ' //dnssec-enable yes;\n'
def parse_arguments():
"""Return parsed command line arguments as dictionary"""
@ -39,10 +40,10 @@ def parse_arguments():
subparsers = parser.add_subparsers(dest='subcommand', help='Sub command')
subparsers.add_parser('setup', help='Setup for BIND')
configure = subparsers.add_parser('configure', help='Configure Minetest')
configure = subparsers.add_parser('configure', help='Configure BIND')
configure.add_argument('--set-forwarding', choices=['true', 'false'],
help='Set forwarding true/false')
configure.add_argument('--dnssec', choices=['true', 'false'],
configure.add_argument('--enable-dnssec', choices=['true', 'false'],
help='Set DNSSEC true/false')
return parser.parse_args()
@ -58,11 +59,14 @@ def subcommand_setup(_):
contents.insert(4, value2)
contents.insert(15, value3)
contents.insert(18, value4)
contents.insert(20, value5)
f = open(CONFIG_FILE, "w")
contents = "".join(contents)
f.write(contents)
f.close()
set_forwarding(True)
enable_dnssec(True)
action_utils.service_restart('bind9')
def subcommand_configure(arguments):
@ -71,13 +75,16 @@ def subcommand_configure(arguments):
if arguments.set_forwarding:
set_forwarding(arguments.set_forwarding)
if arguments.enable_dnssec:
enable_dnssec(arguments.enable_dnssec)
action_utils.service_restart('bind9')
def set_forwarding(choice):
data = [line.strip() for line in open(CONFIG_FILE, 'r')]
flag = 0
if choice == "false":
flag = 0
data = [line.strip() for line in open(CONFIG_FILE, 'r')]
if 'forwarders {' in data and not '// forwarders {' in data:
f = open(CONFIG_FILE, 'w')
for line in data:
@ -87,14 +94,13 @@ def set_forwarding(choice):
line = ' // '+line
if 'forward only' in line:
flag = 0
f.write(line+'\n')
if "0.0.0.0" not in line:
f.write(line+'\n')
f.close()
else:
flag = 0
data = [line.strip() for line in open(CONFIG_FILE, 'r')]
if '// forwarders {' in data:
f = open(CONFIG_FILE, 'w')
for line in data:
@ -102,8 +108,30 @@ def set_forwarding(choice):
flag = 1
if flag == 1:
line = line[2:]
if 'forward only' in line:
if 'forward first' in line:
flag = 0
if "0.0.0.0" not in line:
f.write(line+'\n')
f.close()
def enable_dnssec(choice):
data = [line.strip() for line in open(CONFIG_FILE, 'r')]
if choice == "false":
if '//dnssec-enable yes;' not in data:
f = open(CONFIG_FILE, 'w')
for line in data:
if 'dnssec-enable yes;' in line:
line = '//' + line
f.write(line+'\n')
f.close()
else:
if '//dnssec-enable yes;' in data:
f = open(CONFIG_FILE, 'w')
for line in data:
if '//dnssec-enable yes;' in line:
line = line[2:]
f.write(line+'\n')
f.close()

20
plinth/modules/bind/__init__.py
View File

@ -66,7 +66,7 @@ def init():
if setup_helper.get_state() != 'needs-setup':
service = service_module.Service(
managed_services[0], title, ports=['bind-plinth'],
is_external=True,
is_external=False,
)
@ -82,7 +82,7 @@ def setup(helper, old_version=None):
global service
if service is None:
service = service_module.Service(
managed_services[0], title, ports=['bind-plinth'],
managed_services[0], title, ports=['dns'],
is_external=True,
enable=enable, disable=disable)
helper.call('post', service.notify_enabled, None, True)
@ -105,6 +105,8 @@ def diagnose():
results.append(action_utils.diagnose_port_listening(53, 'tcp6'))
results.append(action_utils.diagnose_port_listening(53, 'udp6'))
results.append(action_utils.diagnose_port_listening(53, 'tcp4'))
results.append(action_utils.diagnose_port_listening(53, 'udp4'))
return results
@ -118,9 +120,15 @@ def get_default():
"""Get initial value for forwarding"""
data = [line.strip() for line in open(CONFIG_FILE, 'r')]
if '// forwarders {' in data:
conf = {
'set_forwarding': False}
set_forwarding = False
else:
conf = {
'set_forwarding': True}
set_forwarding = True
if '//dnssec-enable yes;' in data:
enable_dnssec = False
else:
enable_dnssec = True
conf = {
'set_forwarding': set_forwarding,
'enable_dnssec': enable_dnssec
}
return conf

5
plinth/modules/bind/forms.py
View File

@ -31,3 +31,8 @@ class BindForm(ServiceForm):
label=_('Enable forwarding'),
required=False,
help_text=_('Enable forwarding on your BIND server'))
enable_dnssec = forms.BooleanField(
label=_('Enable DNSSEC'),
required=False,
help_text=_('Enable Domain Name System Security Extensions'))

9
plinth/modules/bind/views.py
View File

@ -57,4 +57,13 @@ class BindServiceView(ServiceView): # pylint: disable=too-many-ancestors
messages.success(self.request,
_('Set forwarding configuration updated'))
if old_config['enable_dnssec'] != data['enable_dnssec']:
value = 'true' if data['enable_dnssec'] else 'false'
actions.superuser_run(
'bind',
['configure', '--enable-dnssec', value])
messages.success(self.request,
_('Enable DNSSEC configuration updated'))
return super().form_valid(form)