mirror of
https://github.com/Froxlor/Froxlor.git
synced 2024-09-21 10:27:29 +00:00
add complete list of nameserver-ips and given axfr-servers to allow-axfr-ips list for PowerDNS; fixes #985
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
parent
37ae69f07a
commit
4ad2a1da1c
@ -38,13 +38,43 @@ if ($userinfo['change_serversettings'] == '1') {
|
||||
|
||||
// try to convert namserver hosts to ip's
|
||||
$ns_ips = "";
|
||||
$known_ns_ips = [];
|
||||
if (Settings::Get('system.nameservers') != '') {
|
||||
$nameservers = explode(',', Settings::Get('system.nameservers'));
|
||||
foreach ($nameservers as $nameserver) {
|
||||
$nameserver = trim($nameserver);
|
||||
// DNS servers might be multi homed; allow transfer from all ip
|
||||
// addresses of the DNS server
|
||||
$nameserver_ips = \Froxlor\PhpHelper::gethostbynamel6($nameserver);
|
||||
if (is_array($nameserver_ips) && count($nameserver_ips) > 0) {
|
||||
$ns_ips .= implode(",", $nameserver_ips);
|
||||
// append dot to hostname
|
||||
if (substr($nameserver, - 1, 1) != '.') {
|
||||
$nameserver .= '.';
|
||||
}
|
||||
// ignore invalid responses
|
||||
if (! is_array($nameserver_ips)) {
|
||||
// act like \Froxlor\PhpHelper::gethostbynamel6() and return unmodified hostname on error
|
||||
$nameserver_ips = array(
|
||||
$nameserver
|
||||
);
|
||||
} else {
|
||||
$known_ns_ips = array_merge($known_ns_ips, $nameserver_ips);
|
||||
}
|
||||
if (!empty($ns_ips)) {
|
||||
$ns_ips .= ',';
|
||||
}
|
||||
$ns_ips .= implode(",", $nameserver_ips);
|
||||
}
|
||||
}
|
||||
|
||||
// AXFR server
|
||||
if (Settings::Get('system.axfrservers') != '') {
|
||||
$axfrservers = explode(',', Settings::Get('system.axfrservers'));
|
||||
foreach ($axfrservers as $axfrserver) {
|
||||
if (!in_array(trim($axfrserver), $known_ns_ips)) {
|
||||
if (!empty($ns_ips)) {
|
||||
$ns_ips .= ',';
|
||||
}
|
||||
$ns_ips .= trim($axfrserver);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -59,7 +89,6 @@ if ($userinfo['change_serversettings'] == '1') {
|
||||
'<SERVERIP>' => Settings::Get('system.ipaddress'),
|
||||
'<NAMESERVERS>' => Settings::Get('system.nameservers'),
|
||||
'<NAMESERVERS_IP>' => $ns_ips,
|
||||
'<AXFRSERVERS>' => Settings::Get('system.axfrservers'),
|
||||
'<VIRTUAL_MAILBOX_BASE>' => Settings::Get('system.vmail_homedir'),
|
||||
'<VIRTUAL_UID_MAPS>' => Settings::Get('system.vmail_uid'),
|
||||
'<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),
|
||||
|
||||
@ -341,13 +341,43 @@ class ConfigServicesAction extends \Froxlor\Cli\Action
|
||||
|
||||
// try to convert namserver hosts to ip's
|
||||
$ns_ips = "";
|
||||
$known_ns_ips = [];
|
||||
if (Settings::Get('system.nameservers') != '') {
|
||||
$nameservers = explode(',', Settings::Get('system.nameservers'));
|
||||
foreach ($nameservers as $nameserver) {
|
||||
$nameserver = trim($nameserver);
|
||||
// DNS servers might be multi homed; allow transfer from all ip
|
||||
// addresses of the DNS server
|
||||
$nameserver_ips = \Froxlor\PhpHelper::gethostbynamel6($nameserver);
|
||||
if (is_array($nameserver_ips) && count($nameserver_ips) > 0) {
|
||||
$ns_ips .= implode(",", $nameserver_ips);
|
||||
// append dot to hostname
|
||||
if (substr($nameserver, - 1, 1) != '.') {
|
||||
$nameserver .= '.';
|
||||
}
|
||||
// ignore invalid responses
|
||||
if (! is_array($nameserver_ips)) {
|
||||
// act like \Froxlor\PhpHelper::gethostbynamel6() and return unmodified hostname on error
|
||||
$nameserver_ips = array(
|
||||
$nameserver
|
||||
);
|
||||
} else {
|
||||
$known_ns_ips = array_merge($known_ns_ips, $nameserver_ips);
|
||||
}
|
||||
if (!empty($ns_ips)) {
|
||||
$ns_ips .= ',';
|
||||
}
|
||||
$ns_ips .= implode(",", $nameserver_ips);
|
||||
}
|
||||
}
|
||||
|
||||
// AXFR server
|
||||
if (Settings::Get('system.axfrservers') != '') {
|
||||
$axfrservers = explode(',', Settings::Get('system.axfrservers'));
|
||||
foreach ($axfrservers as $axfrserver) {
|
||||
if (!in_array(trim($axfrserver), $known_ns_ips)) {
|
||||
if (!empty($ns_ips)) {
|
||||
$ns_ips .= ',';
|
||||
}
|
||||
$ns_ips .= trim($axfrserver);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -365,7 +395,6 @@ class ConfigServicesAction extends \Froxlor\Cli\Action
|
||||
'<SERVERIP>' => Settings::Get('system.ipaddress'),
|
||||
'<NAMESERVERS>' => Settings::Get('system.nameservers'),
|
||||
'<NAMESERVERS_IP>' => $ns_ips,
|
||||
'<AXFRSERVERS>' => Settings::Get('system.axfrservers'),
|
||||
'<VIRTUAL_MAILBOX_BASE>' => Settings::Get('system.vmail_homedir'),
|
||||
'<VIRTUAL_UID_MAPS>' => Settings::Get('system.vmail_uid'),
|
||||
'<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),
|
||||
|
||||
@ -388,7 +388,6 @@ exit "$RETVAL"
|
||||
# allow-axfr-ips Allow zonetransfers only to these subnets
|
||||
#
|
||||
allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
|
||||
# add these entries to the list if any specified: <AXFRSERVERS>
|
||||
|
||||
#################################
|
||||
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.
|
||||
@ -933,7 +932,6 @@ gmysql-password=
|
||||
# allow-axfr-ips Allow zonetransfers only to these subnets
|
||||
#
|
||||
# allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
|
||||
# add these entries to the list if any specified: <AXFRSERVERS>
|
||||
|
||||
#################################
|
||||
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.
|
||||
|
||||
@ -377,7 +377,6 @@ exit "$RETVAL"
|
||||
# allow-axfr-ips Allow zonetransfers only to these subnets
|
||||
#
|
||||
allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
|
||||
# add these entries to the list if any specified: <AXFRSERVERS>
|
||||
|
||||
#################################
|
||||
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.
|
||||
@ -907,7 +906,6 @@ gmysql-password=
|
||||
# allow-axfr-ips Allow zonetransfers only to these subnets
|
||||
#
|
||||
# allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
|
||||
# add these entries to the list if any specified: <AXFRSERVERS>
|
||||
|
||||
#################################
|
||||
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.
|
||||
|
||||
@ -377,7 +377,6 @@ exit "$RETVAL"
|
||||
# allow-axfr-ips Allow zonetransfers only to these subnets
|
||||
#
|
||||
allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
|
||||
# add these entries to the list if any specified: <AXFRSERVERS>
|
||||
|
||||
#################################
|
||||
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.
|
||||
@ -907,7 +906,6 @@ gmysql-password=
|
||||
# allow-axfr-ips Allow zonetransfers only to these subnets
|
||||
#
|
||||
# allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
|
||||
# add these entries to the list if any specified: <AXFRSERVERS>
|
||||
|
||||
#################################
|
||||
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.
|
||||
|
||||
@ -375,7 +375,6 @@ exit "$RETVAL"
|
||||
# allow-axfr-ips Allow zonetransfers only to these subnets
|
||||
#
|
||||
allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
|
||||
# add these entries to the list if any specified: <AXFRSERVERS>
|
||||
|
||||
#################################
|
||||
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.
|
||||
@ -920,7 +919,6 @@ gmysql-password=
|
||||
# allow-axfr-ips Allow zonetransfers only to these subnets
|
||||
#
|
||||
# allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
|
||||
# add these entries to the list if any specified: <AXFRSERVERS>
|
||||
|
||||
#################################
|
||||
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.
|
||||
|
||||
@ -398,7 +398,6 @@ mail IN A <SERVERIP>
|
||||
# allow-axfr-ips Allow zonetransfers only to these subnets
|
||||
#
|
||||
allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
|
||||
# add these entries to the list if any specified: <AXFRSERVERS>
|
||||
|
||||
#################################
|
||||
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.
|
||||
@ -929,7 +928,6 @@ gmysql-password=
|
||||
# allow-axfr-ips Allow zonetransfers only to these subnets
|
||||
#
|
||||
allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
|
||||
# add these entries to the list if any specified: <AXFRSERVERS>
|
||||
|
||||
#################################
|
||||
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.
|
||||
|
||||
@ -377,7 +377,6 @@ exit "$RETVAL"
|
||||
# allow-axfr-ips Allow zonetransfers only to these subnets
|
||||
#
|
||||
allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
|
||||
# add these entries to the list if any specified: <AXFRSERVERS>
|
||||
|
||||
#################################
|
||||
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.
|
||||
@ -922,7 +921,6 @@ gmysql-password=
|
||||
# allow-axfr-ips Allow zonetransfers only to these subnets
|
||||
#
|
||||
# allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
|
||||
# add these entries to the list if any specified: <AXFRSERVERS>
|
||||
|
||||
#################################
|
||||
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.
|
||||
|
||||
@ -388,7 +388,6 @@ exit "$RETVAL"
|
||||
# allow-axfr-ips Allow zonetransfers only to these subnets
|
||||
#
|
||||
allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
|
||||
# add these entries to the list if any specified: <AXFRSERVERS>
|
||||
|
||||
#################################
|
||||
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.
|
||||
@ -933,7 +932,6 @@ gmysql-password=
|
||||
# allow-axfr-ips Allow zonetransfers only to these subnets
|
||||
#
|
||||
# allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
|
||||
# add these entries to the list if any specified: <AXFRSERVERS>
|
||||
|
||||
#################################
|
||||
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user