From f56418929029b40b758e9ae8051afc9f4782cb60 Mon Sep 17 00:00:00 2001 From: Luke Bratch Date: Fri, 14 Apr 2017 18:34:17 +0100 Subject: Implement zone validity checking using BIND's named-checkzone --- dns.php | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/dns.php b/dns.php index 8a3454d..6e560d9 100644 --- a/dns.php +++ b/dns.php @@ -12,6 +12,8 @@ error_reporting(E_ALL); define("ZONEROOT", "/var/bind/pri/"); define("ZONESUFFIX", ".zone"); +define("TMPROOT", "/tmp/"); +define("TMPSUFFIX", ".zone.tmp"); function incrementserial($zonetext) { $serial = array(""); @@ -90,8 +92,33 @@ function writezone($domain, $zonetext, $password = null) { die("somehow the password went bad"); } + // Escape characters that will break the echo later on $zonetext = str_replace('$', '\$', $zonetext); + // Create a temporary file for checking the zone file validity + sshrun("echo -en \"$zonetext\" > " . TMPROOT . $domain . TMPSUFFIX); + // Use named-checkzone to check for validity (get named-checkzone output and its return code) + $zonecheck = sshrun("/usr/sbin/named-checkzone " . $domain . " " . TMPROOT . $domain . TMPSUFFIX . " && echo $? || echo $? && rm " . TMPROOT . $domain . TMPSUFFIX); + + // Striple possible \r newlines + $zonecheck = str_replace("\r", "", $zonecheck); + // Split into individual lines + $arrzonecheck = explode("\n", $zonecheck); + // Make sure the last element isn't blank + while ($arrzonecheck[sizeof($arrzonecheck) - 1] == "") { + array_pop($arrzonecheck); + } + + // If the return code was non-zero then fail + if ($arrzonecheck[sizeof($arrzonecheck) - 1] != "0") { + echo "

error: not loading zone due to zone errors:

$zonecheck
"; + die(); + } else if (sizeof($arrzonecheck) > 3) { + // With a return code of zero, if the output had more than three lines, one must be a warning + echo "

Zone file will load, but check below for possible warnings:

$zonecheck
"; + } + + // Reload the zone if we got this far sshrun("echo -en \"$zonetext\" > " . ZONEROOT . "$domain" . ZONESUFFIX); sshrun("rndc reload $domain"); } -- cgit v1.2.3