"ssh-rsa")); ssh2_auth_pubkey_file($connection, $user, $keypub, $keypriv); $stream = ssh2_exec($connection, $command); stream_set_blocking($stream, true); $stream_out = ssh2_fetch_stream($stream, SSH2_STREAM_STDIO); return stream_get_contents($stream_out); } function getzone($domain, $password = null) { if (!preg_match('/^[0-9A-Za-z\.\-]*$/', $domain)) { die("invalid domain"); } $string = sshrun("cat " . ZONEROOT . $domain . ZONESUFFIX); $zonelines = explode("\n", $string); $zonehash = explode(" ", $zonelines[0]); // Not all calls to this function need a password if (!$password) { return $string; } else if (strtolower($zonehash[sizeof($zonehash) - 1]) == strtolower($password)) { return $string; } else { return; } } function writezone($domain, $zonetext, $password = null) { if (!preg_match('/^[0-9A-Za-z\.\-]*$/', $domain)) { die("invalid domain"); } // Not all calls to this function need a password. If passwords are in use, // check to make sure it is correct. if ($password && !getzone($domain, $password)) { die("somehow the password went bad"); } // Escape characters that will break the echo later on $zonetext = str_replace('$', '\$', $zonetext); $zonetext = str_replace('"', '\"', $zonetext); // Create a temporary file for checking the zone file validity sshrun("echo -en \"$zonetext\" > " . TMPROOT . $domain . TMPSUFFIX); // Use named-checkzone to check for validity (get named-checkzone output and its return code) $zonecheck = sshrun("/usr/sbin/named-checkzone " . $domain . " " . TMPROOT . $domain . TMPSUFFIX . " && echo $? || echo $? && rm " . TMPROOT . $domain . TMPSUFFIX); // Striple possible \r newlines $zonecheck = str_replace("\r", "", $zonecheck); // Split into individual lines $arrzonecheck = explode("\n", $zonecheck); // Make sure the last element isn't blank while ($arrzonecheck[sizeof($arrzonecheck) - 1] == "") { array_pop($arrzonecheck); } // If the return code was non-zero then fail if ($arrzonecheck[sizeof($arrzonecheck) - 1] != "0") { echo "

error: not loading zone due to zone errors:

$zonecheck
"; die(); } else if (sizeof($arrzonecheck) > 3) { // With a return code of zero, if the output had more than three lines, one must be a warning echo "

Zone file will load, but check below for possible warnings:

$zonecheck
"; } // Reload the zone if we got this far $zonewrite = sshrun("echo -en \"$zonetext\" > " . ZONEROOT . "$domain" . ZONESUFFIX . " && echo $? || echo $?"); // If the return code was non-zero then fail if ($zonewrite[sizeof($zonewrite) - 1] != "0") { echo "

error: something went wrong when writing the zone file, please ask someone for help

"; die(); } sshrun("rndc reload $domain"); } // Main entry point if (isset($_GET['mode']) && isset($_GET['zone']) && isset($_GET['hash'])) { // Some sort of mode (at the moment only "update" is supported if ($_GET['mode'] == "update") { // An auto update is being requested. This is where one or more zone records // are requested to be updated to the requester's IP address. $zonetext = getzone($_GET['zone']); // Only use \n for newlines $zonetext = str_replace("\r", "", $zonetext); // Split into individual lines $zonelines = explode("\n", $zonetext); $matches = array(); // Find lines that ended with the hash provided (if any) $i = 0; foreach ($zonelines as $line) { if (preg_match("/" . $_GET['hash'] . "$/", $line)) { array_push($matches, array($i, $line)); } $i++; } // Go through the lines that matched the hash and see if we can find an update to do foreach ($matches as $arrline) { $line = $arrline[1]; // Get rid of the comment $exploded = explode(";", $line); $record = $exploded[0]; // Split into individual components $parts = preg_split("/\s+/", $record); // Make sure the last element isn't blank (would happen if the comment had a space before it) while ($parts[sizeof($parts) - 1] == "") { array_pop($parts); } // See if the record type on this line matches the request address type (e.g. an A record update must be requested by an IPv4 address) if ($parts[sizeof($parts) - 2] == "A") { // Regex for IPv4 address if (preg_match("/\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}\b/", $_SERVER['REMOTE_ADDR'])) { $parts[sizeof($parts) - 1] = $_SERVER['REMOTE_ADDR']; } else { die("A record and non-IPv4 request - bad."); } } else if ($parts[sizeof($parts) - 2] == "AAAA") { // Regex for IPv6 address if (preg_match("/(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))/", $_SERVER['REMOTE_ADDR'])) { $parts[sizeof($parts) - 1] = $_SERVER['REMOTE_ADDR']; } else { die("AAAA record and non-IPv6 request - bad."); } } else { die("Unrecognised record type!"); } // Update original zone file array with the new line at the correct position $zonelines[$arrline[0]] = preg_replace("/[A-Za-z0-9:\.]+([[:space:]]*;)/", $parts[sizeof($parts) - 1] . "$1", $line); } // Next we need to turn the zone file array back into a string again $newzonetext = ""; // If the last element was blank, remove it since we'll add a new blank ourselves if ($zonelines[sizeof($zonelines) - 1] == "") { array_pop($zonelines); } // Do the actual converstion to string foreach ($zonelines as $line) { $newzonetext .= $line . "\n"; } // See if there was actually a change as a result of this request... if ($zonetext == $newzonetext) { // ...if not, abandon ship echo "

no changes detected :)

"; } else { // ...if so, increment the serial number and... $newzonetext = incrementserial($newzonetext)[0]; // ...finally write the zone with the updated record(s) writezone($_GET['zone'], $newzonetext); echo "

record(s) updated :)

"; } } } else if (isset($_POST['domain']) && isset($_POST['password']) && !isset($_POST['zonetext'])) { if (!preg_match('/^[0-9A-Za-z\.\-]*$/', $_POST['domain'])) { die("invalid domain"); } $password = hash("sha256", $_POST['password']); if ($zonefile = getzone($_POST['domain'], $password)) { ?>

1. Your zonefile is below.

2. Ensure the first line always ends with a SHA-256 hash of your chosen password.

3. To automatically update a particular record, give the line a comment ending with a secret ID (e.g. a SHA-256 hash), e.g.:

test    300     IN      A       192.168.0.1 ; sha256 = 7f480e744a79953eb916b68f540e0eeec6f9cf23edf4aa08cc1cdf5f077c0f6f
test    300     IN      AAAA    ::1 ; sha256 = b493d48364afe44d11c0165cf470a4164d1e2609911ef998be868d46ade3de4e

And then do an HTTP(S) request to:

https://bladns.net/dns.php?mode=update&zone=yourdomain.tld&hash=yourid

Your record will be updated with the IP you did the request from.




sorry, the domain or password is wrong :(

"; } } else if (isset($_POST['domain']) && isset($_POST['password']) && isset($_POST['zonetext'])) { $zonetext = str_replace("\r", '', $_POST['zonetext']); // Increment the serial number if the box was checked if (isset($_POST['increment'])) { $zonetext = incrementserial($zonetext)[0]; } writezone($_POST['domain'], $zonetext, $_POST['password']); echo "

all done :)
"; echo 'Return to login'; } else { ?>

Domain name:
Password: