From bb7b8e789104a77b12030df5fe508afbe0eac2a5 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 4 Jan 2015 14:20:22 -0400 Subject: add $INCLUDE of pubkeys before zone file is written, to avoid pogoing --- src/Propellor/Property/Dns.hs | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'src/Propellor/Property/Dns.hs') diff --git a/src/Propellor/Property/Dns.hs b/src/Propellor/Property/Dns.hs index c5a4efa9..e9c7c769 100644 --- a/src/Propellor/Property/Dns.hs +++ b/src/Propellor/Property/Dns.hs @@ -133,7 +133,7 @@ signedPrimary recurrance hosts domain soa rs = RevertableProperty setup cleanup -- TODO enable dnssec options. -- dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; setup = combineProperties ("dns primary for " ++ domain ++ " (signed)") - [ setupPrimary zonefile signedZoneFile hosts domain soa rs + [ setupPrimary zonefile signedZoneFile hosts domain soa rs' , toProp (zoneSigned domain zonefile) ] `onChange` Service.reloaded "bind9" @@ -142,6 +142,10 @@ signedPrimary recurrance hosts domain soa rs = RevertableProperty setup cleanup `onChange` toProp (revert (zoneSigned domain zonefile)) `onChange` Service.reloaded "bind9" + -- Include the public keys into the zone file. + rs' = include PubKSK : include PubZSK : rs + include k = (RootDomain, INCLUDE (keyFn domain k)) + -- Put DNSSEC zone files in a different directory than is used for -- the regular ones. This allows 'primary' to be reverted and -- 'signedPrimary' enabled, without the reverted property stomping @@ -267,6 +271,7 @@ rField (MX _ _) = "MX" rField (NS _) = "NS" rField (TXT _) = "TXT" rField (SRV _ _ _ _) = "SRV" +rField (INCLUDE _) = "$INCLUDE" rValue :: Record -> String rValue (Address (IPv4 addr)) = addr @@ -280,6 +285,7 @@ rValue (SRV priority weight port target) = unwords , show port , dValue target ] +rValue (INCLUDE f) = f rValue (TXT s) = [q] ++ filter (/= q) s ++ [q] where q = '"' @@ -345,12 +351,16 @@ genZoneFile (Zone zdomain soa rs) = unlines $ header = com $ "BIND zone file for " ++ zdomain ++ ". Generated by propellor, do not edit." genRecord :: Domain -> (BindDomain, Record) -> String +genRecord _ (_, record@(INCLUDE _)) = intercalate "\t" + [ rField record + , rValue record + ] genRecord zdomain (domain, record) = intercalate "\t" - [ domainHost zdomain domain - , "IN" - , rField record - , rValue record - ] + [ domainHost zdomain domain + , "IN" + , rField record + , rValue record + ] genSOA :: SOA -> [String] genSOA soa = -- cgit v1.2.3