function dnsseck() { $unix = new unix(); $pdnssec = $unix->find_program("pdnssec"); if (!is_file($pdnssec)) { echo "Starting......: PowerDNS pdnssec no such binary !!!\n"; return; } $sql = "SELECT id,name FROM domains"; $q = new mysql(); $results = $q->QUERY_SQL($sql, 'powerdns'); if (!$q->ok) { echo "{$q->mysql_error}\n"; } while ($ligne = mysql_fetch_array($results, MYSQL_ASSOC)) { echo "Starting......: PowerDNS pdnssec checking zone {$ligne["name"]}\n"; if (!dnsseck_is_crypto($ligne["id"])) { echo "Starting......: PowerDNS pdnssec securing zone {$ligne["name"]}\n"; shell_exec("{$pdnssec} rectify-zone {$ligne["name"]} >/dev/null 2>&1"); shell_exec("{$pdnssec} add-zone-key {$ligne["name"]} >/dev/null 2>&1"); shell_exec("{$pdnssec} secure-zone {$ligne["name"]} >/dev/null 2>&1"); shell_exec("{$pdnssec} set-presigned {$ligne["name"]} >/dev/null 2>&1"); if (!dnsseck_is_crypto($ligne["id"])) { echo "Starting......: PowerDNS pdnssec securing zone {$ligne["name"]} Failed\n"; continue; } } $zones = array(); $ok = false; exec("{$pdnssec} show-zone {$ligne["name"]} 2>&1", $zones); while (list($num1, $line2) = each($zones)) { if (preg_match("#Zone has NSEC semantics#", $line2)) { echo "Starting......: PowerDNS pdnssec checking zone {$ligne["name"]} OK\n"; $ok = true; break; } } if (!$ok) { echo "Starting......: PowerDNS pdnssec checking zone {$ligne["name"]} not secure...\n"; } } }
function dnsseck() { $unix = new unix(); $pdnssec = $unix->find_program("pdnssec"); if (!is_file($pdnssec)) { echo "Starting......: " . date("H:i:s") . " PowerDNS pdnssec no such binary !!!\n"; return; } $sql = "SELECT id,name FROM domains"; $q = new mysql(); $results = $q->QUERY_SQL($sql, 'powerdns'); if (!$q->ok) { echo "{$q->mysql_error}\n"; } while ($ligne = mysql_fetch_array($results, MYSQL_ASSOC)) { echo "Starting......: " . date("H:i:s") . " PowerDNS pdnssec checking zone {$ligne["name"]}\n"; if (!dnsseck_is_crypto($ligne["id"])) { echo "Starting......: " . date("H:i:s") . " PowerDNS pdnssec securing zone {$ligne["name"]}\n"; shell_exec2("{$pdnssec} add-zone-key {$ligne["name"]} ksk >/dev/null 2>&1"); shell_exec2("{$pdnssec} set-presigned {$ligne["name"]} >/dev/null 2>&1"); if (!dnsseck_is_crypto($ligne["id"], $ligne["name"])) { echo "Starting......: " . date("H:i:s") . " PowerDNS pdnssec securing zone {$ligne["name"]} Failed\n"; continue; } } $DOMAINSZ[$ligne["name"]] = true; shell_exec2("{$pdnssec} secure-zone {$ligne["name"]} >/dev/null 2>&1"); } if (count($DOMAINSZ) > 0) { while (list($domain, $line2) = each($DOMAINSZ)) { shell_exec2("{$pdnssec} rectify-zone {$domain} >/dev/null 2>&1"); shell_exec2("{$pdnssec} set-nsec3 {$domain} '1 1 1 ab' >/dev/null 2>&1"); } reset($DOMAINSZ); while (list($domain, $none) = each($DOMAINSZ)) { $zones = array(); $ok = false; if ($GLOBALS["VERBOSE"]) { echo "Starting......: " . date("H:i:s") . " PowerDNS Execute `{$pdnssec} show-zone {$domain} 2>&1` in order to see results\n"; } exec("{$pdnssec} show-zone {$domain} 2>&1", $zones); while (list($num1, $line2) = each($zones)) { if (preg_match("#Zone has.+?semantics#", $line2)) { echo "Starting......: " . date("H:i:s") . " PowerDNS pdnssec checking zone {$domain} OK\n"; $ok = true; break; } } if (!$ok) { echo "Starting......: " . date("H:i:s") . " PowerDNS pdnssec checking zone {$domain} not secure...\n"; } } } shell_exec2("{$pdnssec} rectify-all-zones >/dev/null 2>&1"); }