bind8/setup_trusted.cgi

   1 #!/usr/local/bin/perl
   2 # Add lookaside and trusted key records for ICS's DLV zone
   3
   4 require './bind8-lib.pl';
   5 $access{'defaults'} || &error($text{'trusted_ecannot'});
   6 &error_setup($text{'trusted_err'});
   7 &ReadParse();
   8
   9 &lock_file(&make_chroot($config{'named_conf'}));
  10 $parent = &get_config_parent();
  11 $conf = $parent->{'members'};
  12 $options = &find("options", $conf);
  13
  14 # Enable DNSSEC
  15 &save_directive($options, "dnssec-enable",
  16                 [ { 'name' => 'dnssec-enable',
  17                     'values' => [ 'yes' ] } ], 1);
  18 if (&supports_dnssec_client() == 2) {
  19         &save_directive($options, "dnssec-validation",
  20                         [ { 'name' => 'dnssec-validation',
  21                             'values' => [ 'yes' ] } ], 1);
  22         }
  23
  24 # Lookaside
  25 &save_directive($options, "dnssec-lookaside",
  26                 [ { 'name' => 'dnssec-lookaside',
  27                     'values' => [ ".", "trust-anchor", $dnssec_dlv_zone ] } ],
  28                 1);
  29
  30 # ICS's key
  31 $trusted = &find("trusted-keys", $conf);
  32 if (!$trusted) {
  33         # Need to create block
  34         $trusted = { 'name' => 'trusted-keys',
  35                      'type' => 1,
  36                      'members' => [ ] };
  37         &save_directive($parent, "trusted-keys", [ $trusted ]);
  38         }
  39 &save_directive($trusted, [ ],
  40                 [ { 'name' => $dnssec_dlv_zone,
  41                     'values' => \@dnssec_dlv_key } ], 1);
  42
  43 &flush_file_lines();
  44 &unlock_file(&make_chroot($config{'named_conf'}));
  45 &restart_bind();
  46 &webmin_log("trusted");
  47 &redirect("");