def finalize_or_sign_zones(regen_all):
all_zones = dnsutil.read_all_db_files()
os.makedirs(OUTPUT_DIR, exist_ok=True)
for z in all_zones:
needed_files = [ INPUT_DIR + "/" + dnsutil.ufqdn(z.get("name")) ]
output_file = OUTPUT_DIR + "/" + dnsutil.ufqdn(z.get("name"))
if filestamps.file_updated(needed_files, output_file):
print("[finalizer] Creating zone " + z.get("name"))
finalize_or_sign_zone(z)
def create_zone_files(regen=False):
# in essence, simply copy them to uncompleted
# unless regen is specified, only copy if original is updated
source_file = INPUT_DIR + "/types.wb.sidnlabs.nl"
target_file1 = env.OUTPUT_BASE_PATH + "/uncompleted/types.wb.sidnlabs.nl"
target_file2 = env.OUTPUT_BASE_PATH + "/uncompleted/types-signed.wb.sidnlabs.nl"
if regen or filestamps.file_updated(target_file1):
shutil.copyfile(source_file, target_file1)
if regen or filestamps.file_updated(target_file2):
shutil.copyfile(source_file, target_file2)
# Copy all files in auto
for af in list_files():
# Create an entry for each file in auto
autofiles = list_files()
source_file = af[1]
target_file = env.OUTPUT_BASE_PATH + "/uncompleted/" + af[0]
if filestamps.file_updated([source_file], target_file):
shutil.copyfile(source_file, target_file)
def create_zone_files(regen=False):
os.makedirs(env.OUTPUT_BASE_PATH + "/uncompleted", exist_ok=True)
# in essence, simply copy them to uncompleted
# unless regen is specified, only copy if original is updated
source_file = INPUT_DIR + "/types.wb.sidnlabs.nl"
target_file = env.OUTPUT_BASE_PATH + "/uncompleted/types.wb.sidnlabs.nl"
if regen or filestamps.file_updated([source_file], target_file):
shutil.copyfile(source_file, target_file)
target_file = env.OUTPUT_BASE_PATH + "/uncompleted/types-signed.wb.sidnlabs.nl"
if regen or filestamps.file_updated([source_file], target_file):
shutil.copyfile(source_file, target_file)
source_file = INPUT_DIR + "/apexcname.wb.sidnlabs.nl"
target_file = env.OUTPUT_BASE_PATH + "/uncompleted/apexcname.wb.sidnlabs.nl"
if regen or filestamps.file_updated([source_file], target_file):
shutil.copyfile(source_file, target_file)
source_file = INPUT_DIR + "/wildcards-nsec3.wb.sidnlabs.nl"
target_file = env.OUTPUT_BASE_PATH + "/uncompleted/wildcards-nsec3.wb.sidnlabs.nl"
if regen or filestamps.file_updated([source_file], target_file):
shutil.copyfile(source_file, target_file)
source_file = INPUT_DIR + "/nsec3-opt-out.wb.sidnlabs.nl"
target_file = env.OUTPUT_BASE_PATH + "/uncompleted/nsec3-opt-out.wb.sidnlabs.nl"
if regen or filestamps.file_updated([source_file], target_file):
shutil.copyfile(source_file, target_file)
# Copy all files in auto
for (target_name, source) in list_files():
target = env.OUTPUT_BASE_PATH + "/uncompleted/" + target_name
if regen or filestamps.file_updated([source], target):
shutil.copyfile(source, target)
def copy_or_sign_zones(regen_all):
all_zones = dnsutil.read_all_db_files()
os.makedirs(OUTPUT_DIR, exist_ok=True)
# needed info: zone file name, zone origin, signer commands
#print([str(zd) for zd in all_zones])
for z in all_zones:
needed_files = [INPUT_DIR + "/" + dnsutil.ufqdn(z.get("name"))]
output_file = OUTPUT_DIR + "/" + dnsutil.ufqdn(z.get("name"))
if len(z.get("signer_keys")) > 0:
needed_files.extend(
[KEYS_DIR + "/" + k for k in z.get("signer_keys")])
if filestamps.file_updated(needed_files, output_file):
print("[signer] Creating zone " + z.get("name"))
copy_or_sign_zone(z)
def create_zones(zones, regen):
template_files = [
dnsutil.get_template_filename("basic_zone"),
dnsutil.get_template_filename("all_ns")
]
zds = []
# create the keys first
for z in zones:
# Check whether the key exists, if not, create
keyfile = dnsutil.get_keyfile(z)
dnsutil.check_create_key(z, keyfile)
for z in zones:
zonefile = ZONES_DIR + "/" + dnsutil.ufqdn(z)
nsname = z.split(".")[0]
zd = zonedata.ZoneData()
zd.set("name", z)
if nsname != "delegations":
zd.add("primary_names", nsname)
dnsutil.add_standard_sign_options(zd)
zds.append(zd)
if filestamps.file_updated(template_files, zonefile) or regen:
with open(zonefile, "w") as out_file:
dnsutil.add_template(out_file, "basic_zone", z, 3600)
if nsname != "delegations":
# one NS at apex, start with firstlabel
out_file.write(" IN NS %s.%s\n" %
(nsname, SERVER_ZONE))
else:
# Add all nameservers for the top-level zone
dnsutil.add_template(out_file, "all_ns", z, 3600)
for deleg in delegation_servers:
delname = deleg + "." + z
if delname in zones:
out_file.write("%s IN NS %s.%s\n" %
(delname, deleg, SERVER_ZONE))
zonedata.write_zone_data(env.ZONE_DB_PATH + "/" + OUTPUT_FILE, zds)
def complete_zones(zones, regen_all):
ds_names = find_all_ds_names()
os.makedirs(OUTPUT_DIR, exist_ok=True)
for z in zones:
zname = dnsutil.fqdn(z)
z_infile = INPUT_DIR + z
z_outfile = OUTPUT_DIR + "/" + z
# First determine which files need update-checks
ds_files = []
for ds_name in ds_names:
if dnsutil.is_direct_parent(zname, ds_name):
add_ds_file(ds_files, ds_name)
if filestamps.file_updated([z_infile] + ds_files, z_outfile) or\
regen_all:
# Update the serial. This also copies the zone file to the
# next step
update_serial_and_copy(zname, z_infile, z_outfile)
for ds_file in ds_files:
add_ds_to_zone(ds_file, z_outfile)
def create_bad_dnssec_tree(regen):
zone_list = create_bad_dnssec_tree_zonelist(BASE_ZONE, 4)
# For each of those, check whether key exists, and generate
# the zone if necessary
for zone in zone_list:
# Check whether the key exists, if not, create
keyfile = dnsutil.get_keyfile(zone)
dnsutil.check_create_key(zone, keyfile)
used_templates =\
[dnsutil.get_template_filename(t) for t in ["all_ns", "basic_zone" ]]
zds = []
for zone in zone_list:
# Check whether the key exists, if not, create
keyfile = dnsutil.get_keyfile(zone)
zonefile = ZONES_DIR + "/" + dnsutil.ufqdn(zone)
# Create the zone
if filestamps.file_updated(used_templates + [keyfile], zonefile):
print("[bad_dnssec] Creating zone " + zone)
create_zone(zone, zonefile)
# Add entry to db
generate_bad_dnssec_zone_entry(zds, zone)
zonedata.write_zone_data(env.ZONE_DB_PATH + "/" + OUTPUT_FILE, zds)