Commit 8886c9b6 authored by Joshua Tauberer's avatar Joshua Tauberer

move the server: block of nsd.conf out of the management daemon and into the setup scripts

parent a07de38e
...@@ -432,25 +432,9 @@ $TTL 1800 ; default time to live ...@@ -432,25 +432,9 @@ $TTL 1800 ; default time to live
######################################################################## ########################################################################
def write_nsd_conf(zonefiles, additional_records, env): def write_nsd_conf(zonefiles, additional_records, env):
# Basic header. # Write the list of zones to a configuration file.
nsdconf = """ nsd_conf_file = "/etc/nsd/zones.conf"
server: nsdconf = ""
hide-version: yes
# identify the server (CH TXT ID.SERVER entry).
identity: ""
# The directory for zonefile: files.
zonesdir: "/etc/nsd/zones"
"""
# Since we have bind9 listening on localhost for locally-generated
# DNS queries that require a recursive nameserver, and the system
# might have other network interfaces for e.g. tunnelling, we have
# to be specific about the network interfaces that nsd binds to.
for ipaddr in (env.get("PRIVATE_IP", "") + " " + env.get("PRIVATE_IPV6", "")).split(" "):
if ipaddr == "": continue
nsdconf += " ip-address: %s\n" % ipaddr
# Append the zones. # Append the zones.
for domain, zonefile in zonefiles: for domain, zonefile in zonefiles:
...@@ -472,16 +456,17 @@ zone: ...@@ -472,16 +456,17 @@ zone:
provide-xfr: %s NOKEY provide-xfr: %s NOKEY
""" % (ipaddr, ipaddr) """ % (ipaddr, ipaddr)
# Check if the file is changing. If it isn't changing,
# Check if the nsd.conf is changing. If it isn't changing,
# return False to flag that no change was made. # return False to flag that no change was made.
with open("/etc/nsd/nsd.conf") as f: if os.path.exists(nsd_conf_file):
with open(nsd_conf_file) as f:
if f.read() == nsdconf: if f.read() == nsdconf:
return False return False
with open("/etc/nsd/nsd.conf", "w") as f: # Write out new contents and return True to signal that
# configuration changed.
with open(nsd_conf_file, "w") as f:
f.write(nsdconf) f.write(nsdconf)
return True return True
######################################################################## ########################################################################
......
...@@ -22,6 +22,28 @@ apt_install nsd ldnsutils openssh-client ...@@ -22,6 +22,28 @@ apt_install nsd ldnsutils openssh-client
mkdir -p /var/run/nsd mkdir -p /var/run/nsd
cat > /etc/nsd/nsd.conf << EOF;
# No not edit. Overwritten by Mail-in-a-Box setup.
server:
hide-version: yes
# identify the server (CH TXT ID.SERVER entry).
identity: ""
# The directory for zonefile: files.
zonesdir: "/etc/nsd/zones"
EOF
# Since we have bind9 listening on localhost for locally-generated
# DNS queries that require a recursive nameserver, and the system
# might have other network interfaces for e.g. tunnelling, we have
# to be specific about the network interfaces that nsd binds to.
for ip in $PRIVATE_IP $PRIVATE_IPV6; do
echo " ip-address: $ip" >> /etc/nsd/nsd.conf;
done
echo "include: /etc/nsd/zones.conf" >> /etc/nsd/nsd.conf;
# Create DNSSEC signing keys. # Create DNSSEC signing keys.
mkdir -p "$STORAGE_ROOT/dns/dnssec"; mkdir -p "$STORAGE_ROOT/dns/dnssec";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment