summaryrefslogtreecommitdiff
path: root/dns.php
diff options
context:
space:
mode:
authorLuke Bratch <luke@bratch.co.uk>2017-04-14 18:34:17 +0100
committerLuke Bratch <luke@bratch.co.uk>2017-04-14 18:34:17 +0100
commitf56418929029b40b758e9ae8051afc9f4782cb60 (patch)
treea1e911158765552b92774607c0fa71f281376ef7 /dns.php
parent9e254b13f3a1103a224f6759ac39c4398c46e0d9 (diff)
Implement zone validity checking using BIND's named-checkzone
Diffstat (limited to 'dns.php')
-rw-r--r--dns.php27
1 files changed, 27 insertions, 0 deletions
diff --git a/dns.php b/dns.php
index 8a3454d..6e560d9 100644
--- a/dns.php
+++ b/dns.php
@@ -12,6 +12,8 @@ error_reporting(E_ALL);
define("ZONEROOT", "/var/bind/pri/");
define("ZONESUFFIX", ".zone");
+define("TMPROOT", "/tmp/");
+define("TMPSUFFIX", ".zone.tmp");
function incrementserial($zonetext) {
$serial = array("");
@@ -90,8 +92,33 @@ function writezone($domain, $zonetext, $password = null) {
die("somehow the password went bad");
}
+ // Escape characters that will break the echo later on
$zonetext = str_replace('$', '\$', $zonetext);
+ // Create a temporary file for checking the zone file validity
+ sshrun("echo -en \"$zonetext\" > " . TMPROOT . $domain . TMPSUFFIX);
+ // Use named-checkzone to check for validity (get named-checkzone output and its return code)
+ $zonecheck = sshrun("/usr/sbin/named-checkzone " . $domain . " " . TMPROOT . $domain . TMPSUFFIX . " && echo $? || echo $? && rm " . TMPROOT . $domain . TMPSUFFIX);
+
+ // Striple possible \r newlines
+ $zonecheck = str_replace("\r", "", $zonecheck);
+ // Split into individual lines
+ $arrzonecheck = explode("\n", $zonecheck);
+ // Make sure the last element isn't blank
+ while ($arrzonecheck[sizeof($arrzonecheck) - 1] == "") {
+ array_pop($arrzonecheck);
+ }
+
+ // If the return code was non-zero then fail
+ if ($arrzonecheck[sizeof($arrzonecheck) - 1] != "0") {
+ echo "<p>error: not loading zone due to zone errors:<pre>$zonecheck</pre>";
+ die();
+ } else if (sizeof($arrzonecheck) > 3) {
+ // With a return code of zero, if the output had more than three lines, one must be a warning
+ echo "<p>Zone file will load, but check below for possible warnings:</p><pre>$zonecheck</pre>";
+ }
+
+ // Reload the zone if we got this far
sshrun("echo -en \"$zonetext\" > " . ZONEROOT . "$domain" . ZONESUFFIX);
sshrun("rndc reload $domain");
}