|
|
|---|
# | # |
# djbdns-setup | # djbdns-setup |
# | # |
# Copyright (C) 2004 Kalin Kozhuharov <kalin@ThinRope.net> |
# Copyright (C) 2004-2006 Kalin KOZHUHAROV <kalin@thinrope.net> |
|
# The latest version of this script can be accessed at: |
|
# rsync://rsync.tar.bz/gentoo-portage-pkalin/net-dns/djbdns/files/djbdns-setup |
# | # |
# This program is free software; you can redistribute it and/or | # This program is free software; you can redistribute it and/or |
# modify it under the terms of the GNU General Public License | # modify it under the terms of the GNU General Public License |
|
|
|---|
# http://www.gnu.org/copyleft/gpl.html | # http://www.gnu.org/copyleft/gpl.html |
# | # |
| |
. /sbin/functions.sh |
# {{{ Rip off the ewarn code from /sbin/functions.sh |
# void ewarn(char* message) |
WARN=$'\e[33;01m' |
# |
NORMAL=$'\e[0m' |
# show a warning message and do NOT log it |
|
ewarn() { | ewarn() { |
if [ "${RC_QUIET_STDOUT}" = "yes" ] |
echo -e " ${WARN}*${NORMAL} $*" |
then |
|
echo " ${*}" |
|
else |
|
echo -e " ${WARN}*${NORMAL} ${*}" |
|
fi |
|
|
|
return 0 | return 0 |
} | } |
|
# }}} |
| |
|
# {{{ global vars |
S_SEPARATOR="--------------------------------------------------------------------------------" | S_SEPARATOR="--------------------------------------------------------------------------------" |
D_SEPARATOR="================================================================================" | D_SEPARATOR="================================================================================" |
| |
|
|
|---|
tinydns=1 | tinydns=1 |
axfrdns=2 | axfrdns=2 |
| |
|
# global vars }}} |
|
|
|
# {{{ functions |
check_group_users() | check_group_users() |
{ | { |
echo ": Checking for required group (${REQ_GROUP}) :" |
echo ": Checking for required group (${REQ_GROUP}) :" |
grep ${REQ_GROUP} /etc/group &> /dev/null |
grep ${REQ_GROUP} /etc/group &> /dev/null |
if [ $? -ne 0 ] |
if [ $? -ne 0 ] |
then |
then |
ebegin "Adding group ${REQ_GROUP}" | ebegin "Adding group ${REQ_GROUP}" |
/usr/sbin/groupadd ${REQ_GROUP} &>/dev/null && eend 0 || eend 1 | /usr/sbin/groupadd ${REQ_GROUP} &>/dev/null && eend 0 || eend 1 |
fi |
fi |
| |
echo ": Checking for required users (${REQ_USERS}) :" |
echo ": Checking for required users (${REQ_USERS}) :" |
for user in ${REQ_USERS}; |
for user in ${REQ_USERS}; |
do |
do |
grep ${user} /etc/passwd &> /dev/null | grep ${user} /etc/passwd &> /dev/null |
if [ $? -ne 0 ] | if [ $? -ne 0 ] |
then | then |
ebegin "Adding user ${user}" |
ebegin "Adding user ${user}" |
/usr/sbin/useradd -d /dev/null -s /bin/false -g ${REQ_GROUP} ${user} &>/dev/null && eend 0 || eend 1 |
/usr/sbin/useradd -d /dev/null -s /bin/false -g ${REQ_GROUP} ${user} &>/dev/null && eend 0 || eend 1 |
fi | fi |
done |
done |
return 0 |
return 0 |
} | } |
| |
start_services() | start_services() |
{ | { |
local services="$1" |
local services="$1" |
| |
echo "${SEPARATOR}" |
echo "${SEPARATOR}" |
echo ": Start services :" |
echo ": Start services :" |
echo |
echo |
echo " Your services (${services// /, }) are ready for startup!" |
echo " Your services (${services// /, }) are ready for startup!" |
echo |
echo |
ewarn " The following requires daemontools to be running!" |
ewarn " The following requires daemontools to be running!" |
local answer="" |
local answer="" |
read -p " Would you like ${services// /, } to be started and supervised by daemontools now? [Y|n]> " answer |
read -p " Would you like ${services// /, } to be started and supervised by daemontools now? [Y|n]> " answer |
if [ "${answer}" == "Y" ] || [ "${answer}" == "" ] |
if [ "${answer}" == "Y" ] || [ "${answer}" == "" ] |
then |
then |
| |
ebegin "Checking if daemontools are running" | ebegin "Checking if daemontools are running" |
ps -A |grep svscanboot &>/dev/null && eend 0 || eend 1 | ps -A |grep svscanboot &>/dev/null && eend 0 || eend 1 |
|
|
|---|
local fixedroot_path=`echo ${mypath} | sed -e 's#^/#../#'` | local fixedroot_path=`echo ${mypath} | sed -e 's#^/#../#'` |
for service in ${services}; | for service in ${services}; |
do | do |
for ip in ${IPs[${service}]}; |
for ip in ${IPs[${service}]}; |
do |
do |
ln -sf ${fixedroot_path}/${service}/${ip} /service/${service}_${ip} | ln -sf ${fixedroot_path}/${service}/${ip} /service/${service}_${ip} |
done |
done |
done | done |
| |
eend 0 | eend 0 |
|
|
|---|
echo | echo |
for service in ${services}; | for service in ${services}; |
do | do |
for ip in ${IPs[${service}]}; |
for ip in ${IPs[${service}]}; |
do |
do |
svstat /service/${service}_${ip} /service/${service}_${ip}/log | svstat /service/${service}_${ip} /service/${service}_${ip}/log |
done |
done |
done | done |
fi |
fi |
return 0 |
return 0 |
} | } |
| |
tinydns_setup() | tinydns_setup() |
{ | { |
return 0 |
return 0 |
} | } |
| |
axfrdns_setup() | axfrdns_setup() |
|
|
|---|
echo | echo |
TCPRULES_DIR="${mypath}/axfrdns/${myip}/control" | TCPRULES_DIR="${mypath}/axfrdns/${myip}/control" |
echo " axfrdns is accessed by your secondary servers and when response cannot fit UDP packet" | echo " axfrdns is accessed by your secondary servers and when response cannot fit UDP packet" |
echo " You have to specify their which IP addresses are allowed to access it" |
echo " You have to specify which IP addresses are allowed to access it" |
echo " in ${TCPRULES_DIR}/tcp.axfrdns" | echo " in ${TCPRULES_DIR}/tcp.axfrdns" |
echo | echo |
echo " Example:" | echo " Example:" |
|
|
|---|
sed -i -e "s#-x tcp.cdb#-x control/tcp.axfrdns.cdb#g" ${mypath}/axfrdns/${myip}/run | sed -i -e "s#-x tcp.cdb#-x control/tcp.axfrdns.cdb#g" ${mypath}/axfrdns/${myip}/run |
if [ -e ${TCPRULES_DIR}/tcp.axfrdns ] | if [ -e ${TCPRULES_DIR}/tcp.axfrdns ] |
then | then |
ewarn "${TCPRULES_DIR}/tcp.axfrdns exists." |
ewarn "${TCPRULES_DIR}/tcp.axfrdns exists." |
read -p " Do you want it cleared? [Y|n]: " answer |
read -p " Do you want it cleared? [y|N]: " answer |
if [ "${answer}" == "Y" ] || [ "${answer}" == "" ] |
if [ "${answer}" == "y" ] |
then |
then |
echo '# sample line: 1.2.3.4:allow,AXFR="heaven.af.mil/3.2.1.in-addr.arpa"' > ${TCPRULES_DIR}/tcp.axfrdns | echo '# sample line: 1.2.3.4:allow,AXFR="heaven.af.mil/3.2.1.in-addr.arpa"' > ${TCPRULES_DIR}/tcp.axfrdns |
fi |
fi |
fi | fi |
| |
read -p " IP to allow (press Enter to end)> " ipallow | read -p " IP to allow (press Enter to end)> " ipallow |
| |
while [ "$ipallow" != "" ] | while [ "$ipallow" != "" ] |
do | do |
echo "${ipallow}:allow" >> ${TCPRULES_DIR}/tcp.axfrdns |
echo "${ipallow}:allow" >> ${TCPRULES_DIR}/tcp.axfrdns |
read -p " IP to allow (press Enter to end)> " ipallow |
read -p " IP to allow (press Enter to end)> " ipallow |
done | done |
echo ":deny" >> ${TCPRULES_DIR}/tcp.axfrdns | echo ":deny" >> ${TCPRULES_DIR}/tcp.axfrdns |
| |
echo " Here is the tcprules file created so far:" |
echo " Here are the tcprules created so far:" |
echo | echo |
cat ${TCPRULES_DIR}/tcp.axfrdns | cat ${TCPRULES_DIR}/tcp.axfrdns |
echo | echo |
|
|
|---|
read -p " Would you like ${TCPRULES_DIR}/tcp.axfrdns.cdb updated? [Y|n]: " answer | read -p " Would you like ${TCPRULES_DIR}/tcp.axfrdns.cdb updated? [Y|n]: " answer |
if [ "${answer}" == "Y" ] || [ "${answer}" == "" ] | if [ "${answer}" == "Y" ] || [ "${answer}" == "" ] |
then | then |
ebegin "Updating ${TCPRULES_DIR}/tcp.axfrdns.cdb" |
ebegin "Updating ${TCPRULES_DIR}/tcp.axfrdns.cdb" |
bash -c "cd ${TCPRULES_DIR} && make" && eend 0 || eend 1 |
bash -c "cd ${TCPRULES_DIR} && make" && eend 0 || eend 1 |
fi | fi |
return 0 | return 0 |
} | } |
|
|
|---|
{ | { |
echo ": Configure forwarding :" | echo ": Configure forwarding :" |
echo | echo |
echo " dnscache can be configured to forward queries to another DNS cache" |
echo " dnscache can be configured to forward queries to another" |
echo " (such as the one your ISP provides) rather than perform the lookups itself." |
echo " DNS cache (such as the one your ISP provides) rather than" |
|
echo " performing the lookups itself." |
echo | echo |
echo " To enable this forwarding-only mode (a good idea most of the time)," |
echo " To enable this forwarding-only mode (usually a good idea)," |
echo " provide the IPs of the caches to forward to." | echo " provide the IPs of the caches to forward to." |
echo " To have dnscache perform the lookups itself, just press Enter." | echo " To have dnscache perform the lookups itself, just press Enter." |
echo | echo |
|
|
|---|
echo | echo |
if [ "$myforward" != "" ] | if [ "$myforward" != "" ] |
then | then |
echo $myforward > ${mypath}/dnscache/${myip}/root/servers/\@ |
echo $myforward > ${mypath}/dnscache/${myip}/root/servers/\@ |
echo -n "1" > ${mypath}/dnscache/${myip}/env/FORWARDONLY |
echo -n "1" > ${mypath}/dnscache/${myip}/env/FORWARDONLY |
| |
read -p " forward-to IP (press Enter to end)> " myforward |
read -p " forward-to IP (press Enter to end)> " myforward |
while [ "$myforward" != "" ] |
while [ "$myforward" != "" ] |
do |
do |
echo $myforward >> ${mypath}/dnscache/${myip}/root/servers/\@ | echo $myforward >> ${mypath}/dnscache/${myip}/root/servers/\@ |
read -p " forward-to IP (press Enter to end)> " myforward | read -p " forward-to IP (press Enter to end)> " myforward |
done |
done |
| |
echo |
echo |
echo " Currently all queries will be forwarded to:" |
echo " Currently all queries will be forwarded to:" |
echo |
echo |
cat ${mypath}/dnscache/${myip}/root/servers/\@ |
cat ${mypath}/dnscache/${myip}/root/servers/\@ |
echo |
echo |
fi | fi |
| |
echo "${SEPARATOR}" | echo "${SEPARATOR}" |
echo ": Configuring clients :" | echo ": Configuring clients :" |
echo | echo |
echo " By default dnscache allows only localhost (127.0.0.1) to access it." |
echo " By default dnscache allows only localhost (127.0.0.1) to" |
echo " You have to specify the IP addresses of the clients that shall be allowed to use it." |
echo " access it. You have to specify the IP addresses of the" |
|
echo " clients that shall be allowed to use it." |
echo | echo |
echo " Example:" | echo " Example:" |
echo " 1.2.3.4 would allow only the host 1.2.3.4" |
echo " 1.2.3.4 would allow only one host: 1.2.3.4" |
echo " 1.2.3 would allow all hosts 1.2.3.x (like 1.2.3.4, 1.2.3.100, etc.)" |
echo " 1.2.3 would allow all hosts 1.2.3.0/24 (e.g. 1.2.3.4, 1.2.3.100, etc.)" |
echo | echo |
echo " Press Enter if you do not want to allow external clients!" |
echo " Press Enter if you do NOT want to allow external clients!" |
echo | echo |
| |
read -p " Allowed IP> " myclientip | read -p " Allowed IP> " myclientip |
| |
while [ "$myclientip" != "" ] | while [ "$myclientip" != "" ] |
do | do |
touch ${mypath}/dnscache/${myip}/root/ip/${myclientip} |
touch ${mypath}/dnscache/${myip}/root/ip/${myclientip} |
read -p " Allowed IP (press Enter to end)> " myclientip |
read -p " Allowed IP (press Enter to end)> " myclientip |
done | done |
| |
echo | echo |
|
|
|---|
| |
common_setup() | common_setup() |
{ | { |
local service_human="$1" |
local service_human="$1" |
local service_machine="$2" |
local service_machine="$2" |
local services="$3" |
local services="$3" |
| |
echo ": ${service_human} setup :" |
echo ": ${service_human} setup :" |
echo |
echo |
| |
for service in ${services}; |
for service in ${services}; |
do |
do |
if [ ! -e ${mypath}/${service} ] | if [ ! -e ${mypath}/${service} ] |
then | then |
ebegin "Creating ${mypath}/${service}" |
ebegin "Creating ${mypath}/${service}" |
mkdir -p $mypath/${service} && eend 0 || eend 1 |
mkdir -p $mypath/${service} && eend 0 || eend 1 |
fi | fi |
done |
done |
| |
echo "${SEPARATOR}" |
echo "${SEPARATOR}" |
echo ": IP address to bind to :" |
echo ": IP address to bind to :" |
echo |
echo |
echo " Specify an address to which the ${service_human} should bind." |
echo " Specify an address to which the ${service_human} should bind." |
echo " Currently accessible IPs:" |
echo " Currently accessible IPs:" |
local addrs=`ifconfig -a | grep "inet addr" | cut -f2 -d":" | cut -f1 -d" "` |
local addrs=`ifconfig -a | grep "inet addr" | cut -f2 -d":" | cut -f1 -d" "` |
echo " "$addrs |
echo " "$addrs |
echo |
echo |
| |
while [ "${myip}" == "" ] |
while [ "${myip}" == "" ] |
do |
do |
read -p " IP to bind to> " myip | read -p " IP to bind to> " myip |
done |
done |
echo |
echo |
| |
for service in ${services}; |
for service in ${services}; |
do |
do |
IPs[${service}]="${IPs[${service}]} ${myip}" | IPs[${service}]="${IPs[${service}]} ${myip}" |
done |
done |
| |
local dnscache_INSTALL="/usr/bin/dnscache-conf dnscache dnslog ${mypath}/dnscache/${myip} $myip" |
local dnscache_INSTALL="/usr/bin/dnscache-conf dnscache dnslog ${mypath}/dnscache/${myip} $myip" |
local tinydns_INSTALL="/usr/bin/tinydns-conf tinydns dnslog ${mypath}/tinydns/${myip} $myip" |
local tinydns_INSTALL="/usr/bin/tinydns-conf tinydns dnslog ${mypath}/tinydns/${myip} $myip" |
local axfrdns_INSTALL="\ |
local axfrdns_INSTALL="\ |
/usr/bin/axfrdns-conf tinydns dnslog ${mypath}/axfrdns/${myip} ${mypath}/tinydns/${myip} $myip &&\ | /usr/bin/axfrdns-conf tinydns dnslog ${mypath}/axfrdns/${myip} ${mypath}/tinydns/${myip} $myip &&\ |
mkdir -p ${mypath}/axfrdns/${myip}/control &&\ | mkdir -p ${mypath}/axfrdns/${myip}/control &&\ |
echo -e \"tcp.axfrdns.cdb:\ttcp.axfrdns\n\ttcprules tcp.axfrdns.cdb .tcp.axfrdns.cdb.tmp < tcp.axfrdns\" > ${mypath}/axfrdns/${myip}/control/Makefile &&\ | echo -e \"tcp.axfrdns.cdb:\ttcp.axfrdns\n\ttcprules tcp.axfrdns.cdb .tcp.axfrdns.cdb.tmp < tcp.axfrdns\" > ${mypath}/axfrdns/${myip}/control/Makefile &&\ |
rm -f ${mypath}/axfrdns/${myip}/tcp ${mypath}/axfrdns/${myip}/Makefile" | rm -f ${mypath}/axfrdns/${myip}/tcp ${mypath}/axfrdns/${myip}/Makefile" |
| |
for service in ${services}; |
for service in ${services}; |
do |
do |
if [ ! -e ${mypath}/${service}/${myip} ] | if [ ! -e ${mypath}/${service}/${myip} ] |
then | then |
ebegin "Setting up ${service} in ${mypath}/${service}/${myip}" |
ebegin "Setting up ${service} in ${mypath}/${service}/${myip}" |
eval command=\$${service}_INSTALL |
eval command=\$${service}_INSTALL |
/bin/bash -c "${command}" && eend 0 || eend 1 |
/bin/bash -c "${command}" && eend 0 || eend 1 |
else | else |
ewarn "${service} directory ${mypath}/${service}/${myip} exists, nothing done." |
ewarn "${service} directory ${mypath}/${service}/${myip} exists, nothing done." |
fi | fi |
done |
done |
| |
} | } |
| |
|
# functions }}} |
| |
|
# {{{ main script |
|
|
|
|
| |
if [ `id -u` -ne 0 ] | if [ `id -u` -ne 0 ] |
then | then |
eerror "${0}: You must be root." |
ewarn "You must be root to run this script, sorry." |
exit 1 | exit 1 |
else | else |
| |
echo "${D_SEPARATOR}" |
echo "${D_SEPARATOR}" |
echo ": DJB DNS setup :" |
echo ": DJB DNS setup :" |
echo |
echo |
echo " This script will help you setup the following:" |
echo " This script will help you setup the following:" |
echo |
echo |
echo " DNS server(s): to publish addresses of Internet hosts" |
echo " DNS server(s): to publish addresses of Internet hosts" |
echo |
echo |
echo " DNS cache(s) : to find addresses of Internet hosts" |
echo " DNS cache(s) : to find addresses of Internet hosts" |
echo |
echo |
echo " For further information see:" |
echo " For further information see:" |
echo " http://cr.yp.to/djbdns/blurb/overview.html" |
echo " http://cr.yp.to/djbdns/blurb/overview.html" |
echo |
echo |
ewarn "If you have already setup your services," |
ewarn "If you have already setup your services," |
ewarn "either exit now, or setup in different directories." |
ewarn "either exit now, or setup in different directories." |
echo |
echo |
|
|
answer="" |
answer="" |
read -p " Would you like to continue with setup? [Y|n]> " answer |
read -p " Would you like to continue with setup? [Y|n]> " answer |
if [ "${answer}" == "n" ] || [ "${answer}" == "N" ] |
if [ "${answer}" == "n" ] || [ "${answer}" == "N" ] |
then |
then |
ewarn "Aborting setup" | ewarn "Aborting setup" |
exit 1 | exit 1 |
fi |
fi |
| |
echo "${D_SEPARATOR}" |
echo "${D_SEPARATOR}" |
echo ": Choose install location :" |
echo ": Choose install location :" |
echo |
echo |
default_path="/var" |
default_path="/var" |
echo " The default (${default_path}) will install them" |
echo " The default (${default_path}) will install them" |
echo " in ${default_path}/\${service}/\${IP_ADDRESS}" |
echo " in ${default_path}/\${service}/\${IP_ADDRESS}" |
echo |
echo |
echo " For example:" |
echo " For example:" |
echo " /var/tinydns /1.2.3.4" |
echo " /var/tinydns /1.2.3.4" |
echo " /192.168.33.1" |
echo " /192.168.33.1" |
echo " /axfrdns /1.2.3.4" |
echo " /axfrdns /1.2.3.4" |
echo " /192.168.33.1" |
echo " /192.168.33.1" |
echo " /dnscache/127.0.0.1" |
echo " /dnscache/127.0.0.1" |
echo |
echo |
ewarn "Do NOT enter trailing slash" |
ewarn "Do NOT enter trailing slash" |
echo " Where do you want services installed?" |
echo " Where do you want services installed?" |
read -p "[${default_path}] > " mypath |
read -p "[${default_path}] > " mypath |
echo |
echo |
| |
if [ "${mypath}" == "" ] |
if [ "${mypath}" == "" ] |
then |
then |
mypath=${default_path} | mypath=${default_path} |
fi |
fi |
| |
echo "${D_SEPARATOR}" |
echo "${D_SEPARATOR}" |
check_group_users |
check_group_users |
| |
answer="" |
answer="" |
another="" |
another="" |
until [ "$answer" == "n" ] |
until [ "$answer" == "n" ] |
do |
do |
echo "${D_SEPARATOR}" | echo "${D_SEPARATOR}" |
answer="" | answer="" |
read -p " Would you like to setup ${another}dnscache? [Y|n]> " answer | read -p " Would you like to setup ${another}dnscache? [Y|n]> " answer |
if [ "${answer}" == "Y" ] || [ "${answer}" == "" ] | if [ "${answer}" == "Y" ] || [ "${answer}" == "" ] |
then | then |
myip="" |
myip="" |
echo "${S_SEPARATOR}" |
echo "${S_SEPARATOR}" |
common_setup "DNS cache" "dnscache" "dnscache" |
common_setup "DNS cache" "dnscache" "dnscache" |
if [ $? == 0 ] |
if [ $? == 0 ] |
then |
then |
dnscache_setup | dnscache_setup |
else |
else |
ewarn "Skipping dnscache specific setup." | ewarn "Skipping dnscache specific setup." |
fi |
fi |
fi | fi |
another="another " | another="another " |
done |
done |
| |
answer="" |
answer="" |
another="" |
another="" |
until [ "$answer" == "n" ] |
until [ "$answer" == "n" ] |
do |
do |
echo "${D_SEPARATOR}" | echo "${D_SEPARATOR}" |
answer="" | answer="" |
read -p " Would you like to setup ${another}DNS server? [Y|n]> " answer | read -p " Would you like to setup ${another}DNS server? [Y|n]> " answer |
if [ "${answer}" == "Y" ] || [ "${answer}" == "" ] | if [ "${answer}" == "Y" ] || [ "${answer}" == "" ] |
then | then |
myip="" |
myip="" |
echo "${S_SEPARATOR}" |
echo "${S_SEPARATOR}" |
common_setup "DNS server" "{tinydns,afxrdns}" "tinydns axfrdns" |
common_setup "DNS server" "{tinydns,afxrdns}" "tinydns axfrdns" |
if [ $? == 0 ] |
if [ $? == 0 ] |
then |
then |
tinydns_setup | tinydns_setup |
axfrdns_setup | axfrdns_setup |
else |
else |
ewarn "Skipping tinydns and axfrdns specific setup." | ewarn "Skipping tinydns and axfrdns specific setup." |
fi |
fi |
fi | fi |
another="another " | another="another " |
done |
done |
| |
echo "${D_SEPARATOR}" |
echo "${D_SEPARATOR}" |
| |
start_services "tinydns axfrdns dnscache" |
start_services "tinydns axfrdns dnscache" |
|
|
echo "${D_SEPARATOR}" |
echo "${D_SEPARATOR}" |
fi | fi |
|
# main script }}} |
|
# vim: set ts=4 fenc=utf-8 foldmethod=marker: |
