apr 19 update

2022-04-19 13:38:56 -07:00
parent a0a9496aef
commit 18dd3d9761
208 changed files with 12435 additions and 1112 deletions
--- a/jails/config/dns/dns_update.sh
+++ b/jails/config/dns/dns_update.sh
@ -0,0 +1,58 @@
+#!/usr/local/bin/bash
+
+# Copyright (c) 2018-2021, diyIT.org
+# All rights reserved.
+#
+# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
+# https://diyit.org/license/
+#
+#
+
+#SIM="-s"
+#SIM=""
+
+#rpl $SIM -v -R "2001:470:480a:a1::" "2001:470:480a:8001::" ./namedb
+#rpl $SIM -v -R "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8" "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8" ./namedb
+#rpl $SIM -v -R "2021120700" "2022010100" ./namedb
+#service $SIM named $SIM restart
+
+
+service named stop
+
+cd /data/namedb/master
+
+rm /data/namedb/master/*signed*
+
+declare -A ZONE_PEM
+ZONE_PEM=(["ahlawat.com"]="" ["beyondbell.com"]="bb" ["diyit.org"]="diy" ["xflow.org"]="xflow" ["datavpc.com"]="dvpc" ["mydatavpc.com"]="mdvpc" ["rockwoodestates.org"]="rwe" ["rockwoodranch.org"]="rwr" ["scvcc-rental.com"]="scvcc")
+
+for ZONE in "${!ZONE_PEM[@]}"
+do
+    PEM=${ZONE_PEM[$ZONE]}
+
+    /usr/local/bin/ldns-dane -c "/mnt/certs/"$PEM"fullchain.pem" create mail.$ZONE 25 3 1 1 > /data/namedb/master/tlsa-$ZONE
+    /usr/local/bin/ldns-dane -c "/mnt/certs/"$PEM"fullchain.pem" create mail-backup.$ZONE 25 3 1 1 >> /data/namedb/master/tlsa-$ZONE
+    /usr/local/bin/ldns-dane -c "/mnt/certs/"$PEM"fullchain.pem" create $ZONE 443 3 1 1 >> /data/namedb/master/tlsa-$ZONE
+    /usr/local/bin/ldns-dane -c "/mnt/certs/"$PEM"fullchain.pem" create www.$ZONE 443 3 1 1 >> /data/namedb/master/tlsa-$ZONE
+done
+
+NEW_SERIAL=`date -j +%Y%m%d%H`
+#NEW_SERIAL="2022022635"
+echo $NEW_SERIAL
+
+for DBFILE in `ls /data/namedb/master/*.db`
+do
+    ZONE=`echo $DBFILE | cut -d/ -f 5 | cut -d. -f -2`
+
+    /usr/local/sbin/named-checkzone $ZONE $DBFILE
+    SERIAL=`/usr/local/sbin/named-checkzone $ZONE $DBFILE | egrep -ho '[0-9]{10}'`
+    echo $SERIAL
+    sed -i .orig 's/'$SERIAL'/'$(($NEW_SERIAL))'/' $DBFILE
+
+    #/usr/local/sbin/dnssec-signzone -S -K /data/namedb/master -t -o $ZONE $DBFILE
+    /usr/local/sbin/dnssec-signzone -3 $(head -c 1024 /dev/random | sha1sum | cut -b 1-16) -K /data/namedb/master -t -o $ZONE $DBFILE
+done
+
+chown bind:bind /data/namedb/master/*
+
+service named start
--- a/jails/config/dns/dns_verify-6.sh
+++ b/jails/config/dns/dns_verify-6.sh
@ -0,0 +1,29 @@
+
+#### dns_verify-6.sh
+#
+NETS="2603:3024:3f6:e1: 2603:3024:3f6:e2: 2603:3024:3f6:e5:"
+IPS=$(seq 1 254)
+#
+echo
+echo -e "\tip        ->     hostname      -> ip"
+echo '--------------------------------------------------------'  
+for NET in $NETS; do
+  for n in $IPS; do
+    A=${NET}:${n}
+    echo -e "\t$A"
+    HOST=$(dig -6 -x $A +short)
+    if test -n "$HOST"; then
+      ADDR=$(dig -6 -t "AAAA" $HOST +short)
+      if test "$A" = "$ADDR"; then
+        echo -e "ok\t$A -> $HOST -> $ADDR"
+      elif test -n "$ADDR"; then
+        echo -e "fail\t$A -> $HOST -> $ADDR"
+      else
+        echo -e "fail\t$A -> $HOST -> [unassigned]"
+      fi
+    fi
+  done
+done
+
+echo ""
+echo "DONE."
--- a/jails/config/dns/dns_verify.sh
+++ b/jails/config/dns/dns_verify.sh
@ -0,0 +1,27 @@
+#### dns_verify.sh
+#
+NETS="192.168.0 192.168.1 192.168.2"
+IPS=$(seq 1 254)
+#
+echo
+echo -e "\tip        ->     hostname      -> ip"
+echo '--------------------------------------------------------'  
+for NET in $NETS; do
+  for n in $IPS; do
+    A=${NET}.${n}
+    HOST=$(dig -x $A +short)
+    if test -n "$HOST"; then
+      ADDR=$(dig $HOST +short)
+      if test "$A" = "$ADDR"; then
+        echo -e "ok\t$A -> $HOST -> $ADDR"
+      elif test -n "$ADDR"; then
+        echo -e "fail\t$A -> $HOST -> $ADDR"
+      else
+        echo -e "fail\t$A -> $HOST -> [unassigned]"
+      fi
+    fi
+  done
+done
+
+echo ""
+echo "DONE."
--- a/jails/config/dns/pkg-list-details.txt
+++ b/jails/config/dns/pkg-list-details.txt
@ -0,0 +1,7 @@
+pkgp-freebsd-pkg____bash-5.1.16
+pkgp-freebsd-pkg____bash-completion-2.11_1,2
+pkgp-freebsd-pkg____bind916-9.16.27
+pkgp-freebsd-pkg____ldns-1.8.1
+pkgp-freebsd-pkg____nano-6.0
+pkgp-freebsd-pkg____pkg-1.17.5_1
+pkgp-freebsd-pkg____rpl-1.4.1
--- a/jails/config/dns/pkg-list.txt
+++ b/jails/config/dns/pkg-list.txt
@ -0,0 +1 @@
+bash bash-completion bind916 ldns nano pkg rpl
--- a/jails/config/dns/update6.sh
+++ b/jails/config/dns/update6.sh
@ -1,18 +0,0 @@
-#!/usr/local/bin/bash
-
-# Copyright (c) 2018-2021, diyIT.org
-# All rights reserved.
-#
-# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
-# https://diyit.org/license/
-#
-#
-
-SIM="-s"
-#SIM=""
-
-rpl $SIM -v -R "2603:3024:3f6:21::" "2603:3024:3f6:1::" ./namedb
-rpl $SIM -v -R "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.2" "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1" ./namedb
-rpl $SIM -v -R "2021030900" "2021031100" ./namedb
-
-service $SIM named $SIM restart
				`@ -0,0 +1 @@`
				`bash bash-completion bind916 ldns nano pkg rpl`