2022-06-21 14:18:32 +02:00
|
|
|
#!/bin/bash
|
2022-06-15 14:23:05 +02:00
|
|
|
|
2022-06-21 14:41:27 +02:00
|
|
|
# create sqlite database for DNSSEC
|
|
|
|
if test ! -e /var/lib/powerdns/bind-dnssec-db.sqlite3; then
|
|
|
|
echo [$0] Initializing /var/lib/powerdns/bind-dnssec-db.sqlite3
|
|
|
|
/usr/bin/pdnsutil create-bind-db /var/lib/powerdns/bind-dnssec-db.sqlite3
|
|
|
|
fi
|
|
|
|
sed -i 's/^# bind-dnssec-db=/bind-dnssec-db=\/var\/lib\/powerdns\/bind-dnssec-db.sqlite3/' /etc/powerdns/pdns.d/bind.conf
|
|
|
|
|
|
|
|
# start powerdns server
|
2022-06-19 19:19:48 +02:00
|
|
|
/usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no &
|
|
|
|
|
2022-06-21 14:41:27 +02:00
|
|
|
# watch for zone changes
|
2022-12-24 19:53:13 +01:00
|
|
|
inotifywait -mqre modify --exclude '.*(\.git|.*\.swp)' --format '%w%f' "/var/lib/powerdns/zones/" |
|
2022-06-19 19:19:48 +02:00
|
|
|
while read -r path; do
|
|
|
|
zone=$(basename $path)
|
|
|
|
echo [$0] A modification was detected in $path
|
|
|
|
echo [$0] Executing \`/usr/bin/pdns_control bind-reload-now $zone\`
|
|
|
|
/usr/bin/pdns_control bind-reload-now $zone
|
2022-06-21 14:41:27 +02:00
|
|
|
if pdnsutil show-zone $zone 2>/dev/null | grep -q "Zone is not actively secured"; then
|
|
|
|
echo [$0] Zone is not actively secured, skipping \`pdnsutil rectify-zone $zone\`
|
|
|
|
else
|
|
|
|
echo [$0] DNSSEC secured zone. Executing \`pdnsutil rectify-zone $zone\`
|
|
|
|
/usr/bin/pdnsutil rectify-zone $zone
|
|
|
|
fi
|
2022-06-21 14:18:32 +02:00
|
|
|
done &
|
|
|
|
|
|
|
|
wait -n
|
|
|
|
|
|
|
|
exit $?
|