diff options
| -rw-r--r-- | Makefile | 24 | ||||
| -rwxr-xr-x | bin/get_catalog | 41 |
2 files changed, 49 insertions, 16 deletions
@@ -2,6 +2,8 @@ # # Primary makefile for DNS management. +# Make sure failures in != expansions cause make to stop. +.MAKEFLAGS: -W ### Our local master server. MASTER= lily.le-fay.org @@ -10,9 +12,9 @@ MASTER_ADDR!= getaddrinfo -f inet6 -p tcp -t stream ${MASTER} \ ### Default SOA values. -# Serial is always 1; nsdiff handles this magically. SOA_MNAME= ${MASTER}. SOA_RNAME= hostmaster.le-fay.org. +# Serial is always 1; nsdiff handles this magically. SOA_SERIAL= 1 SOA_REFRESH= 1d SOA_RETRY= 1h @@ -30,20 +32,8 @@ NAMESERVERS= ns1.le-fay.org \ DN42_MASTER= fd42:4242:2601:ac53::1 -# The zones we serve. -ZONES= le-fay.org \ - le-fay.dn42 \ - b.6.0.b.3.8.a.0.b.5.d.f.ip6.arpa \ - e.1.0.0.0.8.c.1.6.0.a.2.ip6.arpa \ - b.6.0.0.8.9.0.1.0.0.a.2.ip6.arpa \ - a.4.0.4.8.a.b.0.1.0.0.2.ip6.arpa \ - 5.1.0.4.8.a.b.0.1.0.0.2.ip6.arpa \ - 5.b.a.a.0.b.8.0.1.0.0.2.ip6.arpa \ - 117.73.187.81.in-addr.arpa \ - 160-175.96.2.81.in-addr.arpa \ - 192-207.47.187.81.in-addr.arpa \ - 0/26.76.23.172.in-addr.arpa \ - 18.198.in-addr.arpa +# The zones we serve; fetch this list from the catalog zone. +ZONES!= bin/get_catalog "catalog.invalid" "${MASTER}" # These zones are used for DN42. DN42_ZONES= \ @@ -68,7 +58,7 @@ UNBOUND_SERVERS?= \ amaranth.le-fay.org \ rose.le-fay.org \ witch.le-fay.org \ -# turnera.le-fay.org + turnera.le-fay.org # Forwarder addresses for Unbound forwarders. UNBOUND_FORWARDERS?= \ @@ -77,6 +67,8 @@ UNBOUND_FORWARDERS?= \ # -Dforwarder means this server forwards queries to ${UNBOUND_FORWARDERS}. # -Dnolocal means this server doesn't have a copy of our local zones. +# -Dtls enables DoH and DoT; certificates should be provided in confdir +# (tls/cert.pem, tls/key.pem). # UNBOUND_PROCESS_FLAGS.hemlock.le-fay.org= -Dnolocal=yes -Dforwarder=yes UNBOUND_PROCESS_FLAGS.fuchsia.eden.le-fay.org= -Dnolocal=yes -Dforwarder=yes diff --git a/bin/get_catalog b/bin/get_catalog new file mode 100755 index 0000000..d9e744b --- /dev/null +++ b/bin/get_catalog @@ -0,0 +1,41 @@ +#! /bin/sh +# +# Fetch the catalog zone '$1' from the server '$2' and print a list of zones. + +set -e + +catalog="$1" +server="$2" + +tempfile="$(mktemp -t catalog)" +trap 'rm $tempfile' 0 + +if ! dig "$catalog" axfr @"$server" +noall +answer >"$tempfile"; then + printf >&2 '%s: query failed\n' "$0" + exit 1 +fi + +# Make sure the result has an SOA, otherwise the query failed. +if ! awk <"$tempfile" " +BEGIN { + exitcode=1 +} + +\$1 == \"$catalog.\" && \$4 == \"SOA\" { + exitcode=0 +} + +END { + exit exitcode +} +"; then + printf >&2 '%s: no SOA found in zone; transfer failed?\n' "$0" + exit 1 +fi + +awk <"$tempfile" " +\$1 ~ /zones.$catalog/ && \$4 == \"PTR\" { + zone = \$5 + sub(/\\.$/, \"\", zone) + print zone +}" |