示例#1
0
function dnsseck()
{
    $unix = new unix();
    $pdnssec = $unix->find_program("pdnssec");
    if (!is_file($pdnssec)) {
        echo "Starting......: PowerDNS pdnssec no such binary !!!\n";
        return;
    }
    $sql = "SELECT id,name FROM domains";
    $q = new mysql();
    $results = $q->QUERY_SQL($sql, 'powerdns');
    if (!$q->ok) {
        echo "{$q->mysql_error}\n";
    }
    while ($ligne = mysql_fetch_array($results, MYSQL_ASSOC)) {
        echo "Starting......: PowerDNS pdnssec checking zone {$ligne["name"]}\n";
        if (!dnsseck_is_crypto($ligne["id"])) {
            echo "Starting......: PowerDNS pdnssec securing zone {$ligne["name"]}\n";
            shell_exec("{$pdnssec} rectify-zone {$ligne["name"]} >/dev/null 2>&1");
            shell_exec("{$pdnssec} add-zone-key {$ligne["name"]} >/dev/null 2>&1");
            shell_exec("{$pdnssec} secure-zone {$ligne["name"]} >/dev/null 2>&1");
            shell_exec("{$pdnssec} set-presigned {$ligne["name"]} >/dev/null 2>&1");
            if (!dnsseck_is_crypto($ligne["id"])) {
                echo "Starting......: PowerDNS pdnssec securing zone {$ligne["name"]} Failed\n";
                continue;
            }
        }
        $zones = array();
        $ok = false;
        exec("{$pdnssec} show-zone {$ligne["name"]} 2>&1", $zones);
        while (list($num1, $line2) = each($zones)) {
            if (preg_match("#Zone has NSEC semantics#", $line2)) {
                echo "Starting......: PowerDNS pdnssec checking zone {$ligne["name"]} OK\n";
                $ok = true;
                break;
            }
        }
        if (!$ok) {
            echo "Starting......: PowerDNS pdnssec checking zone {$ligne["name"]} not secure...\n";
        }
    }
}
示例#2
0
function dnsseck()
{
    $unix = new unix();
    $pdnssec = $unix->find_program("pdnssec");
    if (!is_file($pdnssec)) {
        echo "Starting......: " . date("H:i:s") . " PowerDNS pdnssec no such binary !!!\n";
        return;
    }
    $sql = "SELECT id,name FROM domains";
    $q = new mysql();
    $results = $q->QUERY_SQL($sql, 'powerdns');
    if (!$q->ok) {
        echo "{$q->mysql_error}\n";
    }
    while ($ligne = mysql_fetch_array($results, MYSQL_ASSOC)) {
        echo "Starting......: " . date("H:i:s") . " PowerDNS pdnssec checking zone {$ligne["name"]}\n";
        if (!dnsseck_is_crypto($ligne["id"])) {
            echo "Starting......: " . date("H:i:s") . " PowerDNS pdnssec securing zone {$ligne["name"]}\n";
            shell_exec2("{$pdnssec} add-zone-key {$ligne["name"]} ksk >/dev/null 2>&1");
            shell_exec2("{$pdnssec} set-presigned {$ligne["name"]} >/dev/null 2>&1");
            if (!dnsseck_is_crypto($ligne["id"], $ligne["name"])) {
                echo "Starting......: " . date("H:i:s") . " PowerDNS pdnssec securing zone {$ligne["name"]} Failed\n";
                continue;
            }
        }
        $DOMAINSZ[$ligne["name"]] = true;
        shell_exec2("{$pdnssec} secure-zone {$ligne["name"]} >/dev/null 2>&1");
    }
    if (count($DOMAINSZ) > 0) {
        while (list($domain, $line2) = each($DOMAINSZ)) {
            shell_exec2("{$pdnssec} rectify-zone {$domain} >/dev/null 2>&1");
            shell_exec2("{$pdnssec} set-nsec3 {$domain} '1 1 1 ab' >/dev/null 2>&1");
        }
        reset($DOMAINSZ);
        while (list($domain, $none) = each($DOMAINSZ)) {
            $zones = array();
            $ok = false;
            if ($GLOBALS["VERBOSE"]) {
                echo "Starting......: " . date("H:i:s") . " PowerDNS Execute `{$pdnssec} show-zone {$domain} 2>&1` in order to see results\n";
            }
            exec("{$pdnssec} show-zone {$domain} 2>&1", $zones);
            while (list($num1, $line2) = each($zones)) {
                if (preg_match("#Zone has.+?semantics#", $line2)) {
                    echo "Starting......: " . date("H:i:s") . " PowerDNS pdnssec checking zone {$domain} OK\n";
                    $ok = true;
                    break;
                }
            }
            if (!$ok) {
                echo "Starting......: " . date("H:i:s") . " PowerDNS pdnssec checking zone {$domain} not secure...\n";
            }
        }
    }
    shell_exec2("{$pdnssec} rectify-all-zones >/dev/null 2>&1");
}