diff --git a/conf/create_opendkim_key.conf.sample b/conf/create_opendkim_key.conf.sample index 56659b0..b0f6eb6 100644 --- a/conf/create_opendkim_key.conf.sample +++ b/conf/create_opendkim_key.conf.sample @@ -6,13 +6,13 @@ # ---------- # DNS Server # ---------- - -# - dns_server -# - -# - The DNS Server who is serving the update zone and is used -# - for the dynamic updates (nsupdate) -# - -dns_server="b.ns.oopen.de" + +# - dns_dkim_zone_master_server +# - +# - The DNS Server who is serving the update zone and is used +# - for the dynamic updates (nsupdate) +# - +#dns_dkim_zone_master_server="" # - update_dns # - @@ -109,7 +109,7 @@ dns_server="b.ns.oopen.de" # - Script increases the serial for a given domain or a given # - hostname's concerning domain. # - -# - Defaults to /root/bin/bind/bind_set_new_serial.sh +# - Defaults to '/root/bin/bind/bind_set_new_serial.sh' # - #set_new_serial_script="/root/bin/bind/bind_set_new_serial.sh" @@ -117,7 +117,25 @@ dns_server="b.ns.oopen.de" # - # - Script adds DKIM subdomain delegation for a given domain # - -#create_dkim_delegation_script="bind_create_dkim_delegation.sh" +# - Defaults to '/root/bin/bind/bind_create_dkim_delegation.sh' +# - +#create_dkim_delegation_script="/root/bin/bind/bind_create_dkim_delegation.sh" + +# - add_dkim_zone_master_script +# - +# - Script adds zone _domainkey. as master zone +# - +# - Defaults to '/root/bin/bind/bind_add_dkim_zone_master.sh' +# - +#add_dkim_zone_master_script="/root/bin/bind/bind_add_dkim_zone_master.sh" + +# - add_dkim_zone_slave_script +# - +# - Script adds zone _domainkey. as slave zone +# - +# - Defaults to '/root/bin/bind/bind_add_dkim_zone_slave.sh' +# - +#add_dkim_zone_slave_script="/root/bin/bind/bind_add_dkim_zone_slave.sh" diff --git a/create_opendkim_key.sh b/create_opendkim_key.sh index f818825..75ef579 100755 --- a/create_opendkim_key.sh +++ b/create_opendkim_key.sh @@ -26,7 +26,8 @@ DEFAULT_dns_ssh_key="/root/.ssh/id_rsa-opendkim" DEFAULT_set_new_serial_script="/root/bin/bind/bind_set_new_serial.sh" DEFAULT_create_dkim_delegation_script="/root/bin/bind/bind_create_dkim_delegation.sh" -#DEFAULT_ +DEFAULT_add_dkim_zone_master_script="/root/bin/bind/bind_add_dkim_zone_master.sh" +DEFAULT_add_dkim_zone_slave_script="/root/bin/bind/bind_add_dkim_zone_slave.sh" opendkim_dir="/etc/opendkim" @@ -204,27 +205,27 @@ info (){ echo_done() { if $terminal ; then - echo -e "\033[75G[ \033[32mdone\033[m ]" + echo -e "\033[80G[ \033[32mdone\033[m ]" fi } echo_ok() { if $terminal ; then - echo -e "\033[75G[ \033[32mok\033[m ]" + echo -e "\033[80G[ \033[32mok\033[m ] " fi } echo_failed(){ if $terminal ; then - echo -e "\033[75G[ \033[1;31mfailed\033[m ]" + echo -e "\033[80G[ \033[1;31mfailed\033[m ]" fi } echo_skipped() { if $terminal ; then - echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]" + echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]" fi } echo_wait(){ if $terminal ; then - echo -en "\033[75G[ \033[5m\033[1m...\033[m ]" + echo -en "\033[80G[ \033[5m\033[1m...\033[m ]" fi } @@ -346,7 +347,7 @@ while getopts bd:D:hns:t:z: opt ; do case $opt in b) BATCH_MODE=true ;; d) dkim_domain=$OPTARG ;; - D) dns_server=$OPTARG ;; + D) dns_dkim_zone_master_server=$OPTARG ;; h) usage ;; n) update_dns=false ;; s) key_secret=$OPTARG ;; @@ -496,9 +497,12 @@ fi if $update_dns && [[ -z "$ttl" ]]; then ttl="$DEFAULT_ttl" fi -if $update_dns && [[ -z "$dns_server" ]]; then +if $update_dns && [[ -z "$dns_dkim_zone_master_server" ]]; then fatal "No DNS server for updating given!" fi +if [[ -z "$(dig +short ${dkim_domain} NS)" ]] ; then + fatal "No Nameserver for domain '${dkim_domain}' found!" +fi if $update_dns ; then cname_record="*._domainkey.${dkim_domain}. IN CNAME ${dkim_domain}.${update_zone}." @@ -512,6 +516,8 @@ fi #Scripts envoked at DNS Server [[ -z "$set_new_serial_script" ]] && set_new_serial_script="$DEFAULT_set_new_serial_script" [[ -z "$create_dkim_delegation_script" ]] && create_dkim_delegation_script="$DEFAULT_create_dkim_delegation_script" +[[ -z "$add_dkim_zone_master_script" ]] && add_dkim_zone_master_script="$DEFAULT_add_dkim_zone_master_script" +[[ -z "$add_dkim_zone_slave_script" ]] && add_dkim_zone_slave_script="$DEFAULT_add_dkim_zone_slave_script" blank_line @@ -530,7 +536,7 @@ if $terminal ; then echo -e " Create/Update DKIM TXT record....: \033[33mNo\033[m" fi echo "" - echo " DNS Server.......................: $dns_server" + echo " DNS Master Server................: $dns_dkim_zone_master_server" if [[ -z "$ttl" ]] || [[ "${ttl,,}" = "none" ]] ; then echo -e " TTL for the DKIM TXT Record......: \033[33m- Not set -\033[m" else @@ -558,6 +564,16 @@ if $terminal && ! $BATCH_MODE ; then fatal "Abort by user request - Answer as not 'YES'" fi echo "" +else + declare -i _count=0 + declare -i _stop=${#dkim_domain}+2 + echo "" + echo "*${dkim_domain}*" + while [[ $_count -lt $_stop ]] ; do + echo -n "=" + ((_count++)) + done + echo "" fi @@ -566,7 +582,19 @@ key_dir=${key_base_dir}/${dkim_domain} dkim_domain_shortname="${dkim_domain%.*}" declare -a generated_files_arr=() + +declare -a dns_dkim_zone_slave_server_arr=() +for _server in $(dig +short ${dkim_domain} NS) ; do + # - Eliminate trailing '.' character(s) + # - + _server="${_server%"${_server##*[!\.]}"}" + + [[ "$_server" = "$dns_dkim_zone_master_server" ]] && continue + dns_dkim_zone_slave_server_arr+=("$_server") +done + _create_delegation=false +_create_dkim_zone=false _wait=false if $update_dns && [[ "$dkim_domain" != "$update_zone" ]] ; then @@ -592,7 +620,13 @@ if $update_dns && [[ "$dkim_domain" != "$update_zone" ]] ; then if ! $_create_delegation ; then _tmp_string="; ----- Delegation DKIM Keys ${dkim_domain}" for _server in $(dig +short ${dkim_domain} NS) ; do - _tmp_string="$_tmp_string\n${update_zone}. IN NS $_server" + + + # - Eliminate trailing '.' character(s) + # - + _server="${_server%"${_server##*[!\.]}"}" + + _tmp_string="$_tmp_string\n${update_zone}. IN NS ${_server}." done @@ -620,6 +654,7 @@ if $_create_delegation ; then # - Generate Subdomain delegation for zone update_zone # - if $terminal ; then + echo "" echo "" echo -e " \033[32mGenerate Subdomain delegation for zone \033[37m\033[1m${update_zone}\033[m" echo "" @@ -637,6 +672,7 @@ if $_create_delegation ; then # - Check if Nameserver is accessable via ssh # - echononl "Check if Nameserver '$_dns_master' is accessable via ssh .." + echo_wait ssh -q -p $dns_ssh_port \ -o BatchMode=yes \ -o StrictHostKeyChecking=no \ @@ -650,7 +686,9 @@ if $_create_delegation ; then fi # - Check if Script '$set_new_serial_script' is accessable via ssh .." - echononl "Check if Script '$set_new_serial_script' .." + # - + echononl "Check Script '$set_new_serial_script' .." + echo_wait ssh -q -p $dns_ssh_port \ -o BatchMode=yes \ -o StrictHostKeyChecking=no \ @@ -664,7 +702,9 @@ if $_create_delegation ; then fi # - Check if Script '$create_dkim_delegation_script' is accessable via ssh .." - echononl "Check if Script '$create_dkim_delegation_script'.." + # - + echononl "Check Script '$create_dkim_delegation_script'.." + echo_wait ssh -q -p $dns_ssh_port \ -o BatchMode=yes \ -o StrictHostKeyChecking=no \ @@ -679,111 +719,296 @@ if $_create_delegation ; then blank_line + _delegation_created=false echononl "Create NS Record (delegation) for '$update_zone'.." + echo_wait ssh -q -p $dns_ssh_port \ -o BatchMode=yes \ -o StrictHostKeyChecking=no \ -i $dns_ssh_key \ $dns_ssh_user@$_dns_master "sudo $create_dkim_delegation_script $dkim_domain" > /dev/null 2>&1 ret_val=$? - case $ret_val in - 0) $terminal && echo_skipped - if $terminal ; then - info "DKIM subdomain delegation for \033[1m${update_zone}\033[m already exists." - else - echo "" - echo " [ Info ] DKIM subdomain delegation for ${update_zone} already exists." - echo "" - - fi - ;; - 1) $terminal && echo_ok - if $terminal ; then - info "DKIM subdomain delegation for \033[1m${update_zone}\033[m added." - else - echo "" - echo " [ Info ] DKIM subdomain delegation for ${update_zone} successfully added." - echo "" + case $ret_val in + 0) $terminal && echo_skipped + if $terminal ; then + info "DKIM subdomain delegation for \033[1m${update_zone}\033[m already exists." + else + echo "" + echo " [ Info ] DKIM subdomain delegation for ${update_zone} already exists." - fi - ;; - 11) $terminal && echo_failed - fatal "No zonefile for domain '$dkim_domain' found!" - ;; - 15) $terminal && echo_failed - fatal "Domain '$dkim_domain' not supported!" - ;; - 16) $terminal && echo_failed - fatal "Determin nameservers for domain '$dkim_domain' failed!" - ;; - 21) $terminal && echo_failed - fatal "Adding NS Record for subdomain delegation failed!" - ;; - 99) $terminal && echo_failed - fatal "Fatal error!" - ;; - *) $terminal && echo_failed - fatal "Unknown exit code from remote script \"$create_dkim_delegation_script\"!" - ;; - esac + fi + ;; + 1) $terminal && echo_ok + if $terminal ; then + info "DKIM subdomain delegation for \033[1m${update_zone}\033[m added." + else + echo "" + echo " [ Info ] DKIM subdomain delegation for ${update_zone} successfully added." + + fi + _delegation_created=true + ;; + 11) $terminal && echo_failed + fatal "No zonefile for domain '$dkim_domain' found!" + ;; + 15) $terminal && echo_failed + fatal "Domain '$dkim_domain' not supported!" + ;; + 16) $terminal && echo_failed + fatal "Determin nameservers for domain '$dkim_domain' failed!" + ;; + 21) $terminal && echo_failed + fatal "Adding NS Record for subdomain delegation failed!" + ;; + 99) $terminal && echo_failed + fatal "Fatal error!" + ;; + *) $terminal && echo_failed + fatal "Unknown exit code from remote script \"$create_dkim_delegation_script\"!" + ;; + esac echononl "Increase serial an reload zone ($dkim_domain).." + echo_wait + if $_delegation_created ; then + ssh -q -p $dns_ssh_port \ + -o BatchMode=yes \ + -o StrictHostKeyChecking=no \ + -i $dns_ssh_key \ + $dns_ssh_user@$_dns_master "sudo $set_new_serial_script $dkim_domain" > /dev/null 2>&1 + ret_val=$? + case $ret_val in + 0) $terminal && echo_ok + if $terminal ; then + info "Serial is replaced and Zone is reloaded (\033[1m${update_zone}\033[m)." + else + echo "" + echo " [ Info ] Serial is replaced and Zone is reloaded (${update_zone})." + + fi + ;; + 10) $terminal && echo_failed + fatal "Invalid Hostname/Domain given!" + ;; + 11) $terminal && echo_failed + fatal "No zonefile found!" + ;; + 12) $terminal && echo_failed + fatal "Determin new Serial failed!" + ;; + 13) $terminal && echo_failed + fatal "Increasing Serial failed!" + ;; + 14) $terminal && echo_failed + fatal "Reloading Zone failed!" + ;; + 15) $terminal && echo_failed + fatal "Hostname/Domain not supported!" + ;; + 99) $terminal && echo_failed + fatal "Fatal error!" + ;; + *) $terminal && echo_failed + fatal "Unknown exit code from remote script \"$create_dkim_delegation_script\"!" + ;; + + esac + else + echo_skipped + fi + +fi # if $_create_delegation + + +# - Check if zonefile creation is needed +# - +for _server in ${dns_dkim_zone_slave_server_arr[@]} ; do + if [[ -z "$(dig +short @$_server ${update_zone}. NS)" ]] ; then + _create_dkim_zone=true + break + fi +done +if ! $_create_dkim_zone && [[ -z "$(dig +short @$dns_dkim_zone_master_server +short ${update_zone}. NS)" ]] ; then + _create_dkim_zone=true +fi + +if $_create_dkim_zone ; then + + blank_line + + # - Check if Script '$add_dkim_zone_master_script' is accessable via ssh .." + # - + echononl "Check Script '$add_dkim_zone_master_script'.." + echo_wait ssh -q -p $dns_ssh_port \ -o BatchMode=yes \ -o StrictHostKeyChecking=no \ -i $dns_ssh_key \ - $dns_ssh_user@$_dns_master "sudo $set_new_serial_script $dkim_domain" > /dev/null 2>&1 + $dns_ssh_user@$dns_dkim_zone_master_server "sudo $add_dkim_zone_master_script check" > /dev/null 2>&1 + if [[ $? -gt 0 ]] ;then + echo_failed + fatal "Script '$add_dkim_zone_master_script' is NOT accessable via ssh!" + else + echo_ok + fi + + # - Check if Script '$add_dkim_zone_slave_script' is accessable on slave servers + # - + for _server in ${dns_dkim_zone_slave_server_arr[@]} ; do + echononl "Check Script '$add_dkim_zone_master_script'at $_server .." + echo_wait + ssh -q -p $dns_ssh_port \ + -o BatchMode=yes \ + -o StrictHostKeyChecking=no \ + -i $dns_ssh_key \ + $dns_ssh_user@$_server "sudo $add_dkim_zone_slave_script check" > /dev/null 2>&1 + if [[ $? -gt 0 ]] ;then + echo_failed + fatal "Script '$add_dkim_zone_master_script' is NOT accessable via ssh!" + else + echo_ok + fi + done + + blank_line + + # - Create zone zone $update_zone at dns master + # - + if $terminal ; then + echo "" + echo "" + echo -e " \033[32mCreate zone \033[37m\033[1m${update_zone}\033[m at dns master." + echo "" + fi + echononl "Create zone '${update_zone}' at dns master '${_dns_master}'.." + echo_wait + ssh -q -p $dns_ssh_port \ + -o BatchMode=yes \ + -o StrictHostKeyChecking=no \ + -i $dns_ssh_key \ + $dns_ssh_user@$dns_dkim_zone_master_server "sudo $add_dkim_zone_master_script $dkim_domain" > /dev/null 2>&1 ret_val=$? + case $ret_val in + 0) $terminal && echo_ok + if $terminal ; then + info "Master zone \033[1m${update_zone}\033[m and zone file created." + else + echo "" + echo " [ Info ] Master zone '${update_zone}'and zone file created." + + fi + ;; + 1) $terminal && echo_ok + if $terminal ; then + info "Master zone \033[1m${update_zone}\033[m already exists, zone file created." + else + echo "" + echo " [ Info ] Master zone '${update_zone}' already exists, zone file created." + + fi + ;; + 2) $terminal && echo_skipped + if $terminal ; then + info "Master zone \033[1m${update_zone}\033[m and zone file already exists." + else + echo "" + echo " [ Info ] Master zone '${update_zone}' and zone file already exists." + + fi + ;; + 10) $terminal && echo_failed + fatal "Missing option for zone definition!" + ;; + 15) $terminal && echo_failed + fatal "DKIM domain '$dkim_domain' not supported by this nameserver!" + ;; + 20) $terminal && echo_failed + fatal "Adding Zone definition for '${update_zone}' failed!" + ;; + 21) $terminal && echo_failed + fatal "Adding Zonefile for '${update_zone}' failed!" + ;; + 22) $terminal && echo_failed + fatal "Change owner for newly created zonefile failed!" + ;; + 23) $terminal && echo_failed + fatal "Reload bind configuration failed!" + ;; + 99) $terminal && echo_failed + fatal "Fatal error!" + ;; + *) $terminal && echo_failed + fatal "Unknown exit code from remote script \"$create_dkim_delegation_script\"!" + ;; + esac + + + # - Create zone $update_zone ar dns slave(s) + # - + if $terminal ; then + echo "" + echo "" + echo -e " \033[32mCreate zone \033[37m\033[1m${update_zone}\033[m at dns slave(s)." + echo "" + fi + + for _server in ${dns_dkim_zone_slave_server_arr[@]} ; do + echononl "Create zone '${update_zone}' at dns slave '${_server}'.." + echo_wait + ssh -q -p $dns_ssh_port \ + -o BatchMode=yes \ + -o StrictHostKeyChecking=no \ + -i $dns_ssh_key \ + $dns_ssh_user@$_server "sudo $add_dkim_zone_slave_script $dkim_domain" > /dev/null 2>&1 + ret_val=$? case $ret_val in 0) $terminal && echo_ok - if $terminal ; then - info "Serial is replaced and Zone is reloaded (\033[1m${update_zone}\033[m)." - else - echo "" - echo " [ Info ] Serial is replaced and Zone is reloaded (${update_zone})." - echo "" + if $terminal ; then + info "Slave zone \033[1m${update_zone}\033[m at '${_server}' configured." + else + echo "" + echo " [ Info ] Slave zone '${update_zone}' at '${_server}' configured." + + fi + echononl "Sleeping 5 seconds.." + echo_wait + echo_ok + sleep 5 + ;; + 1) $terminal && echo_skipped + if $terminal ; then + info "Slave zone \033[1m${update_zone}\033[m already exists at '${_server}'." + else + echo "" + echo " [ Info ] Slave zone '${update_zone}' already exists '${_server}'." - fi - ;; - 10) $terminal && echo_failed - fatal "Invalid Hostname/Domain given!" - ;; - 11) $terminal && echo_failed - fatal "No zonefile found!" - ;; - 12) $terminal && echo_failed - fatal "Determin new Serial failed!" - ;; - 13) $terminal && echo_failed - fatal "Increasing Serial failed!" - ;; - 14) $terminal && echo_failed - fatal "Reloading Zone failed!" - ;; - 15) $terminal && echo_failed - fatal "Hostname/Domain not supported!" - ;; - 99) $terminal && echo_failed - fatal "Fatal error!" - ;; - *) $terminal && echo_failed - fatal "Unknown exit code from remote script \"$create_dkim_delegation_script\"!" - ;; + fi + ;; + 15) $terminal && echo_failed + fatal "Variable for DNS Master Server (DKIM_DNS_MASTER) not present!" + ;; + 21) $terminal && echo_failed + fatal "Adding Slave Zone '${update_zone}' at '${_server}' failed!" + ;; + 23) $terminal && echo_failed + fatal "Reload bind configuration failed!" + ;; + 99) $terminal && echo_failed + fatal "Fatal error!" + ;; + *) $terminal && echo_failed + fatal "Unknown exit code from remote script \"$create_dkim_delegation_script\"!" + ;; + esac - esac - - -fi - - -if [[ -z "$(dig +short ${update_zone}. NS)" ]] ; then - fatal "No NS Record found for zone \033[1m${update_zone}.\033[m" + done fi # - Generate private/public keys # - if $terminal ; then + echo "" echo "" echo -e " \033[32mGenerate Generate private/public keys\033[m" echo "" @@ -931,13 +1156,13 @@ if $update_dns ; then # - if $terminal ; then echo "" - echo -e " \033[32mUpdate DNS Server \033[37m\033[1m${dns_server}\033[m" + echo -e " \033[32mUpdate DNS Server \033[37m\033[1m${dns_dkim_zone_master_server}\033[m" echo "" fi echononl " Update zone '$update_zone' .." cat < $log_file 2>&1 -server $dns_server +server $dns_dkim_zone_master_server zone $update_zone key ${key_algo}:$key_name $key_secret update delete ${dkim_domain}.${update_zone}. @@ -1021,6 +1246,7 @@ if $terminal ; then fi echononl " Restart OpenDKIM.." +echo_wait if $systemd_supported ; then systemctl restart opendkim > $log_file 2>&1 if [[ $? -eq 0 ]] ; then