Subversion Repositories ALCASAR

Rev

Rev 2833 | Rev 2861 | Go to most recent revision | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2833 Rev 2836
1
#!/bin/bash
1
#!/bin/bash
2
# $Id: alcasar-dns-local.sh 2833 2020-06-14 10:13:18Z rexy $
2
# $Id: alcasar-dns-local.sh 2836 2020-06-15 22:03:08Z rexy $
3
 
3
 
4
# alcasar-dns-local.sh
4
# alcasar-dns-local.sh
5
# by Rexy - 3abtux
5
# by Rexy - 3abtux
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
 
7
 
8
# active ou desactive la redirection du service DNS sur le réseau de consultation
8
# active ou desactive la redirection du service DNS sur le réseau de consultation
9
# enable or disable the redirector of internal DNS service on consultation LAN
9
# enable or disable the redirector of internal DNS service on consultation LAN
10
 
10
 
11
SED="/bin/sed -i"
11
SED="/bin/sed -i"
12
 
12
 
13
ALCASAR_CONF_FILE="/usr/local/etc/alcasar.conf"
13
ALCASAR_CONF_FILE="/usr/local/etc/alcasar.conf"
14
LOCAL_DOMAIN_CONF_FILE="/etc/unbound/conf.d/common/local-forward/dns-redirector.conf"
14
LOCAL_DOMAIN_CONF_FILE="/etc/unbound/conf.d/common/local-forward/dns-redirector.conf"
15
LOCAL_HOSTNAME_FILE="/etc/hosts"
15
LOCAL_HOSTNAME_FILE="/etc/hosts"
16
 
16
 
17
# define DNS parameters (LAN side)
17
# define DNS parameters (LAN side)
18
INT_DNS_DOMAIN=`grep ^DOMAIN $ALCASAR_CONF_FILE|cut -d"=" -f2`
18
INT_DNS_DOMAIN=`grep ^DOMAIN $ALCASAR_CONF_FILE|cut -d"=" -f2`
19
INT_DNS_HOST=`grep ^HOSTNAME $ALCASAR_CONF_FILE|cut -d"=" -f2`
19
INT_DNS_HOST=`grep ^HOSTNAME $ALCASAR_CONF_FILE|cut -d"=" -f2`
20
INT_DNS_IP_MASK=`grep ^PRIVATE_IP $ALCASAR_CONF_FILE|cut -d"=" -f2`
20
INT_DNS_IP_MASK=`grep ^PRIVATE_IP $ALCASAR_CONF_FILE|cut -d"=" -f2`
21
INT_DNS_IP=`grep ^PRIVATE_IP $ALCASAR_CONF_FILE|cut -d"=" -f2|cut -d"/" -f1`
21
INT_DNS_IP=`grep ^PRIVATE_IP $ALCASAR_CONF_FILE|cut -d"=" -f2|cut -d"/" -f1`
22
INTIF=`grep ^INTIF $ALCASAR_CONF_FILE|cut -d"=" -f2`
22
INTIF=`grep ^INTIF $ALCASAR_CONF_FILE|cut -d"=" -f2`
23
INT_DNS_ACTIVE=`grep INT_DNS_ACTIVE $ALCASAR_CONF_FILE|cut -d"=" -f2`
23
INT_DNS_ACTIVE=`grep INT_DNS_ACTIVE $ALCASAR_CONF_FILE|cut -d"=" -f2`
24
LOCAL_DNS_FILE="/etc/unbound/conf.d/common/local-dns/$INTIF.conf"
24
LOCAL_DNS_FILE="/etc/unbound/conf.d/common/local-dns/$INTIF.conf"
25
LOCAL_DNS_BLACKHOLE_FILE="/etc/unbound/conf.d/blackhole/iface.$INTIF.conf"
25
LOCAL_DNS_BLACKHOLE_FILE="/etc/unbound/conf.d/blackhole/iface.$INTIF.conf"
26
 
26
 
27
usage="Usage: alcasar-dns-local.sh {--on | -on} | {--off | -off} | {--add | -add} ip domain | {--del | -del} ip domain | {--reload | -reload}"
27
usage="Usage: alcasar-dns-local.sh {--on | -on} | {--off | -off} | {--add | -add} ip domain | {--del | -del} ip domain | {--reload | -reload}"
28
nb_args=$#
28
nb_args=$#
29
args=$1
29
args=$1
30
if [ $nb_args -eq 0 ]
30
if [ $nb_args -eq 0 ]
31
then
31
then
32
	echo "$usage"
32
	echo "$usage"
33
	exit 1
33
	exit 1
34
fi
34
fi
35
 
35
 
36
function restart_dns(){
36
function restart_dns(){
37
	for dns in unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole
37
	for dns in unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole
38
	do
38
	do
39
		systemctl restart $dns
39
		systemctl restart $dns
40
	done
40
	done
41
}
41
}
42
 
42
 
43
function hosts_to_unbound(){  # configure the unbound conf file with local host names resolution (forward + blackhole)
43
function hosts_to_unbound(){  # configure the unbound conf file with local host names resolution (forward + blackhole)
44
		cat << EOF > $LOCAL_DNS_FILE
44
		cat << EOF > $LOCAL_DNS_FILE
45
server:
45
server:
46
	local-zone: "$INT_DNS_DOMAIN" static
46
	local-zone: "$INT_DNS_DOMAIN" static
47
	local-data: "$INT_DNS_HOST.$INT_DNS_DOMAIN A $INT_DNS_IP"
47
	local-data: "$INT_DNS_HOST.$INT_DNS_DOMAIN A $INT_DNS_IP"
48
	local-data-ptr: "$INT_DNS_IP $INT_DNS_HOST.$INT_DNS_DOMAIN"
48
	local-data-ptr: "$INT_DNS_IP $INT_DNS_HOST.$INT_DNS_DOMAIN"
49
EOF
49
EOF
50
	if [ "$HOSTNAME" != 'alcasar' ]
-
 
51
	then
-
 
52
		echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
-
 
53
		echo -e "\tlocal-zone: \"alcasar A $PRIVATE_IP\"" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
-
 
54
		echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/forward/iface.lo.conf
-
 
55
		echo -e "\tlocal-zone: \"alcasar A 127.0.0.1\"" >> /etc/unbound/conf.d/forward/iface.lo.conf
-
 
56
	fi
-
 
57
		cat << EOF > $LOCAL_DNS_BLACKHOLE_FILE
50
		cat << EOF > $LOCAL_DNS_BLACKHOLE_FILE
58
server:
51
server:
59
	server:
52
	server:
60
	interface: ${INT_DNS_IP}@56
53
	interface: ${INT_DNS_IP}@56
61
	access-control-view: $INT_DNS_IP_MASK $INTIF
54
	access-control-view: $INT_DNS_IP_MASK $INTIF
62
view:
55
view:
63
	name: "$INTIF"
56
	name: "$INTIF"
64
	local-zone: "." redirect
57
	local-zone: "." redirect
65
	local-data: ". A $INT_DNS_IP"
58
	local-data: ". A $INT_DNS_IP"
66
	local-zone: "$INT_DNS_DOMAIN" static
59
	local-zone: "$INT_DNS_DOMAIN" static
67
	local-data: "$INT_DNS_HOST.$INT_DNS_DOMAIN A $INT_DNS_IP"
60
	local-data: "$INT_DNS_HOST.$INT_DNS_DOMAIN A $INT_DNS_IP"
68
	local-data-ptr: "$INT_DNS_IP $INT_DNS_HOST.$INT_DNS_DOMAIN"
61
	local-data-ptr: "$INT_DNS_IP $INT_DNS_HOST.$INT_DNS_DOMAIN"
69
EOF
62
EOF
70
	while read -r line
63
	while read -r line
71
	do
64
	do
72
		ip_address=$(echo $line | awk '{ print $1 }')
65
		ip_address=$(echo $line | awk '{ print $1 }')
73
		domain=$(echo $line | awk '{ print $2 }')
66
		domain=$(echo $line | awk '{ print $2 }')
74
		if ! echo $line | grep -E -q "^([0-9\.\t ]+alcasar( |$)|127\.0\.0)"
67
		if ! echo $line | grep -E -q "^([0-9\.\t ]+alcasar( |$)|127\.0\.0)"
75
		then
68
		then
76
			echo -e "\tlocal-data: \"$domain.$INT_DNS_DOMAIN A $ip_address\"" >> $LOCAL_DNS_FILE
69
			echo -e "\tlocal-data: \"$domain.$INT_DNS_DOMAIN A $ip_address\"" >> $LOCAL_DNS_FILE
77
			echo -e "\tlocal-data-ptr: \"$ip_address $domain.$INT_DNS_DOMAIN\"" >> $LOCAL_DNS_FILE
70
			echo -e "\tlocal-data-ptr: \"$ip_address $domain.$INT_DNS_DOMAIN\"" >> $LOCAL_DNS_FILE
78
			echo -e "\tlocal-data: \"$domain.$INT_DNS_DOMAIN A $ip_address\"" >> $LOCAL_DNS_BLACKHOLE_FILE
71
			echo -e "\tlocal-data: \"$domain.$INT_DNS_DOMAIN A $ip_address\"" >> $LOCAL_DNS_BLACKHOLE_FILE
79
			echo -e "\tlocal-data-ptr: \"$ip_address $domain.$INT_DNS_DOMAIN\"" >> $LOCAL_DNS_BLACKHOLE_FILE
72
			echo -e "\tlocal-data-ptr: \"$ip_address $domain.$INT_DNS_DOMAIN\"" >> $LOCAL_DNS_BLACKHOLE_FILE
80
		fi
73
		fi
81
	done < $LOCAL_HOSTNAME_FILE
74
	done < $LOCAL_HOSTNAME_FILE
82
}
75
}
83
 
76
 
84
case $args in
77
case $args in
85
	-\? | -h | --h)
78
	-\? | -h | --h)
86
		echo "$usage"
79
		echo "$usage"
87
		exit 0
80
		exit 0
88
		;;
81
		;;
89
	--add|-add) # add a local host resolution
82
	--add|-add) # add a local host resolution
90
		if [ $nb_args -ne 3 ]
83
		if [ $nb_args -ne 3 ]
91
		then
84
		then
92
			echo "$usage"
85
			echo "$usage"
93
			exit 1
86
			exit 1
94
		else
87
		else
95
			# removing if already exists
88
			# removing if already exists
96
			$SED "/^$2\t$3/d" $LOCAL_HOSTNAME_FILE
89
			$SED "/^$2\t$3/d" $LOCAL_HOSTNAME_FILE
97
			# adding to the hosts file
90
			# adding to the hosts file
98
			echo -e "$2\t$3" >> $LOCAL_HOSTNAME_FILE
91
			echo -e "$2\t$3" >> $LOCAL_HOSTNAME_FILE
99
			hosts_to_unbound
92
			hosts_to_unbound
100
			restart_dns
93
			restart_dns
101
		fi
94
		fi
102
		;;
95
		;;
103
	--del|-del) # remove a local host resolution
96
	--del|-del) # remove a local host resolution
104
		if [ $nb_args -ne 3 ]
97
		if [ $nb_args -ne 3 ]
105
		then
98
		then
106
			echo "$usage"
99
			echo "$usage"
107
			exit 1
100
			exit 1
108
		else
101
		else
109
			$SED "/^$2\t$3/d" $LOCAL_HOSTNAME_FILE
102
			$SED "/^$2\t$3/d" $LOCAL_HOSTNAME_FILE
110
			hosts_to_unbound
103
			hosts_to_unbound
111
			restart_dns
104
			restart_dns
112
		fi
105
		fi
113
		;;
106
		;;
114
	--reload|-reload)
107
	--reload|-reload)
115
			hosts_to_unbound
108
			hosts_to_unbound
116
			restart_dns
109
			restart_dns
117
		;;
110
		;;
118
	--hosts_to_unbound|-hosts_to_unbound)
111
	--hosts_to_unbound|-hosts_to_unbound)
119
			hosts_to_unbound
112
			hosts_to_unbound
120
		;;
113
		;;
121
	--off|-off) # disable DNS redirector
114
	--off|-off) # disable DNS redirector
122
		#$SED "s?^#filterwin2k.*?filterwin2k?g" $DNSMASQ_CONF_FILE
115
		#$SED "s?^#filterwin2k.*?filterwin2k?g" $DNSMASQ_CONF_FILE
123
		rm -f $LOCAL_DOMAIN_CONF_FILE
116
		rm -f $LOCAL_DOMAIN_CONF_FILE
124
		$SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=off?g" $ALCASAR_CONF_FILE
117
		$SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=off?g" $ALCASAR_CONF_FILE
125
		restart_dns
118
		restart_dns
126
 
119
 
127
		# Reload firewall
120
		# Reload firewall
128
		/usr/local/bin/alcasar-iptables.sh
121
		/usr/local/bin/alcasar-iptables.sh
129
		;;
122
		;;
130
	--on|-on) # enable DNS redirector
123
	--on|-on) # enable DNS redirector
131
		#$SED "s?^filterwin2k.*?#filterwin2k?g" $DNSMASQ_CONF_FILE
124
		#$SED "s?^filterwin2k.*?#filterwin2k?g" $DNSMASQ_CONF_FILE
132
		cat > $LOCAL_DOMAIN_CONF_FILE << EOF
125
		cat > $LOCAL_DOMAIN_CONF_FILE << EOF
133
server:
126
server:
134
    local-zone: "$INT_DNS_DOMAIN." transparent
127
    local-zone: "$INT_DNS_DOMAIN." transparent
135
forward-zone:
128
forward-zone:
136
	name: "$INT_DNS_DOMAIN."
129
	name: "$INT_DNS_DOMAIN."
137
	forward-addr: $INT_DNS_IP
130
	forward-addr: $INT_DNS_IP
138
EOF
131
EOF
139
		$SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=on?g" $ALCASAR_CONF_FILE
132
		$SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=on?g" $ALCASAR_CONF_FILE
140
		restart_dns
133
		restart_dns
141
		# Reload firewall
134
		# Reload firewall
142
		/usr/local/bin/alcasar-iptables.sh
135
		/usr/local/bin/alcasar-iptables.sh
143
		;;
136
		;;
144
	*)
137
	*)
145
		echo "Argument inconnu : $1";
138
		echo "Argument inconnu : $1";
146
		echo "$usage"
139
		echo "$usage"
147
		exit 1
140
		exit 1
148
		;;
141
		;;
149
esac
142
esac
150
 
143