Implement zone validity checking using BIND's named-checkzone

1 files changed, 27 insertions, 0 deletions

diff --git a/dns.php b/dns.php
index 8a3454d..6e560d9 100644
--- a/dns.php
+++ b/dns.php
@@ -12,6 +12,8 @@ error_reporting(E_ALL);
 
 define("ZONEROOT", "/var/bind/pri/");
 define("ZONESUFFIX", ".zone");
+define("TMPROOT", "/tmp/");
+define("TMPSUFFIX", ".zone.tmp");
 
 function incrementserial($zonetext) {
   $serial = array("");
@@ -90,8 +92,33 @@ function writezone($domain, $zonetext, $password = null) {
     die("somehow the password went bad");
   }
 
+  // Escape characters that will break the echo later on
   $zonetext = str_replace('$', '\$', $zonetext);
 
+  // Create a temporary file for checking the zone file validity
+  sshrun("echo -en \"$zonetext\" > " . TMPROOT . $domain . TMPSUFFIX);
+  // Use named-checkzone to check for validity (get named-checkzone output and its return code)
+  $zonecheck = sshrun("/usr/sbin/named-checkzone " . $domain . " " . TMPROOT . $domain . TMPSUFFIX . " && echo $? || echo $? && rm " . TMPROOT . $domain . TMPSUFFIX);
+
+  // Striple possible \r newlines
+  $zonecheck = str_replace("\r", "", $zonecheck);
+  // Split into individual lines
+  $arrzonecheck = explode("\n", $zonecheck);
+  // Make sure the last element isn't blank
+  while ($arrzonecheck[sizeof($arrzonecheck) - 1] == "") {
+    array_pop($arrzonecheck);
+  }
+
+  // If the return code was non-zero then fail
+  if ($arrzonecheck[sizeof($arrzonecheck) - 1] != "0") {
+    echo "<p>error: not loading zone due to zone errors:<pre>$zonecheck</pre>";
+    die();
+  } else if (sizeof($arrzonecheck) > 3) {
+    // With a return code of zero, if the output had more than three lines, one must be a warning
+    echo "<p>Zone file will load, but check below for possible warnings:</p><pre>$zonecheck</pre>";
+  }
+
+  // Reload the zone if we got this far
   sshrun("echo -en \"$zonetext\" > " . ZONEROOT . "$domain" . ZONESUFFIX);
   sshrun("rndc reload $domain");
 }