diff --git a/actions/bind b/actions/bind index b56bb8f89..e40cfb5a6 100755 --- a/actions/bind +++ b/actions/bind @@ -31,7 +31,8 @@ CONFIG_FILE = '/etc/bind/named.conf.options' value1 = 'acl goodclients { \n localhost;\n};\n' value2 = ' recursion yes;\n allow-query { goodclients; };\n\n' value3 = ' // 8.8.8.8;\n // 8.8.4.4;\n' -value4 = ' //forward only;\n' +value4 = ' //forward first;\n' +value5 = ' //dnssec-enable yes;\n' def parse_arguments(): """Return parsed command line arguments as dictionary""" @@ -39,10 +40,10 @@ def parse_arguments(): subparsers = parser.add_subparsers(dest='subcommand', help='Sub command') subparsers.add_parser('setup', help='Setup for BIND') - configure = subparsers.add_parser('configure', help='Configure Minetest') + configure = subparsers.add_parser('configure', help='Configure BIND') configure.add_argument('--set-forwarding', choices=['true', 'false'], help='Set forwarding true/false') - configure.add_argument('--dnssec', choices=['true', 'false'], + configure.add_argument('--enable-dnssec', choices=['true', 'false'], help='Set DNSSEC true/false') return parser.parse_args() @@ -58,11 +59,14 @@ def subcommand_setup(_): contents.insert(4, value2) contents.insert(15, value3) contents.insert(18, value4) + contents.insert(20, value5) f = open(CONFIG_FILE, "w") contents = "".join(contents) f.write(contents) f.close() + set_forwarding(True) + enable_dnssec(True) action_utils.service_restart('bind9') def subcommand_configure(arguments): @@ -71,13 +75,16 @@ def subcommand_configure(arguments): if arguments.set_forwarding: set_forwarding(arguments.set_forwarding) + if arguments.enable_dnssec: + enable_dnssec(arguments.enable_dnssec) + action_utils.service_restart('bind9') def set_forwarding(choice): + data = [line.strip() for line in open(CONFIG_FILE, 'r')] + flag = 0 if choice == "false": - flag = 0 - data = [line.strip() for line in open(CONFIG_FILE, 'r')] if 'forwarders {' in data and not '// forwarders {' in data: f = open(CONFIG_FILE, 'w') for line in data: @@ -87,14 +94,13 @@ def set_forwarding(choice): line = ' // '+line if 'forward only' in line: flag = 0 - f.write(line+'\n') + if "0.0.0.0" not in line: + f.write(line+'\n') f.close() else: - flag = 0 - data = [line.strip() for line in open(CONFIG_FILE, 'r')] if '// forwarders {' in data: f = open(CONFIG_FILE, 'w') for line in data: @@ -102,8 +108,30 @@ def set_forwarding(choice): flag = 1 if flag == 1: line = line[2:] - if 'forward only' in line: + if 'forward first' in line: flag = 0 + if "0.0.0.0" not in line: + f.write(line+'\n') + f.close() + + +def enable_dnssec(choice): + data = [line.strip() for line in open(CONFIG_FILE, 'r')] + if choice == "false": + if '//dnssec-enable yes;' not in data: + f = open(CONFIG_FILE, 'w') + for line in data: + if 'dnssec-enable yes;' in line: + line = '//' + line + f.write(line+'\n') + f.close() + + else: + if '//dnssec-enable yes;' in data: + f = open(CONFIG_FILE, 'w') + for line in data: + if '//dnssec-enable yes;' in line: + line = line[2:] f.write(line+'\n') f.close() diff --git a/plinth/modules/bind/__init__.py b/plinth/modules/bind/__init__.py index 0184f0380..07519970d 100644 --- a/plinth/modules/bind/__init__.py +++ b/plinth/modules/bind/__init__.py @@ -66,7 +66,7 @@ def init(): if setup_helper.get_state() != 'needs-setup': service = service_module.Service( managed_services[0], title, ports=['bind-plinth'], - is_external=True, + is_external=False, ) @@ -82,7 +82,7 @@ def setup(helper, old_version=None): global service if service is None: service = service_module.Service( - managed_services[0], title, ports=['bind-plinth'], + managed_services[0], title, ports=['dns'], is_external=True, enable=enable, disable=disable) helper.call('post', service.notify_enabled, None, True) @@ -105,6 +105,8 @@ def diagnose(): results.append(action_utils.diagnose_port_listening(53, 'tcp6')) results.append(action_utils.diagnose_port_listening(53, 'udp6')) + results.append(action_utils.diagnose_port_listening(53, 'tcp4')) + results.append(action_utils.diagnose_port_listening(53, 'udp4')) return results @@ -118,9 +120,15 @@ def get_default(): """Get initial value for forwarding""" data = [line.strip() for line in open(CONFIG_FILE, 'r')] if '// forwarders {' in data: - conf = { - 'set_forwarding': False} + set_forwarding = False else: - conf = { - 'set_forwarding': True} + set_forwarding = True + if '//dnssec-enable yes;' in data: + enable_dnssec = False + else: + enable_dnssec = True + conf = { + 'set_forwarding': set_forwarding, + 'enable_dnssec': enable_dnssec + } return conf diff --git a/plinth/modules/bind/forms.py b/plinth/modules/bind/forms.py index cb36a5217..1ea6629ab 100644 --- a/plinth/modules/bind/forms.py +++ b/plinth/modules/bind/forms.py @@ -31,3 +31,8 @@ class BindForm(ServiceForm): label=_('Enable forwarding'), required=False, help_text=_('Enable forwarding on your BIND server')) + + enable_dnssec = forms.BooleanField( + label=_('Enable DNSSEC'), + required=False, + help_text=_('Enable Domain Name System Security Extensions')) diff --git a/plinth/modules/bind/views.py b/plinth/modules/bind/views.py index 2de927241..d030914c8 100644 --- a/plinth/modules/bind/views.py +++ b/plinth/modules/bind/views.py @@ -57,4 +57,13 @@ class BindServiceView(ServiceView): # pylint: disable=too-many-ancestors messages.success(self.request, _('Set forwarding configuration updated')) + if old_config['enable_dnssec'] != data['enable_dnssec']: + value = 'true' if data['enable_dnssec'] else 'false' + actions.superuser_run( + 'bind', + ['configure', '--enable-dnssec', value]) + messages.success(self.request, + _('Enable DNSSEC configuration updated')) + + return super().form_valid(form)