Work on DNSSEC support

bind8/bind8-lib.pl

@@ -2544,5 +2544,13 @@ if (!$access{'ro'} && ($access{'apply'} == 1 || $access{'apply'} == 3)) {
 return join('<br>', @rv);
 }
 
+# supports_dnssec()
+# Returns 1 if zone signing is supported
+sub supports_dnssec
+{
+return &has_command($config{'signzone'}) &&
+       &has_command($config{'keygen'});
+}
+
 1;
 

bind8/conf_dnssec.cgi

@@ -0,0 +1,47 @@
+#!/usr/local/bin/perl
+# Show a list of signing keys, with a form to add
+#
+# XXX key commands
+#     dnssec-keygen -a DSA -b 768 -n ZONE signingtest.com
+#     dnssec-signzone -o signingtest.com signingtest.com.hosts
+# XXX what if key is for a different domain??
+# XXX need separate source files?
+# XXX virtualmin support
+#	XXX re-sign after all changes
+# XXX keys need to go in zone files? Can re-use?
+
+require './bind8-lib.pl';
+$access{'defaults'} || &error($text{'dnssec_ecannot'});
+&ui_print_header(undef, $text{'dnssec_title'}, "",
+		 undef, undef, undef, undef, &restart_links());
+
+# Create keys table
+@keys = &list_dnssec_keys();
+foreach $k (@keys) {
+	# XXX
+	}
+print &ui_form_columns_table(
+	"delete_dnssec.cgi",
+	[ [ undef, $text{'dnssec_delete'} ] ],
+	0,
+	undef,
+	undef,
+	[ $text{'dnssec_id'}, $text{'dnssec_alg'}, $text{'dnssec_bits'},
+	undef,
+	\@table);
+
+# Show new new form
+print &ui_form_start("create_dnssec.cgi", "post");
+print &ui_table_start($text{'dnssec_header'}, undef, 2);
+
+# XXX key name
+
+# XXX key algorithm
+# XXX default to DSA
+
+# XXX bits
+
+print &ui_table_end();
+print &ui_form_end([ [ undef, $text{'create'} ] ]);
+
+&ui_print_footer("", $text{'index_return'});

bind8/config-aix

@@ -31,3 +31,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-cobalt-linux

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-coherent-linux

@@ -37,3 +37,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-corel-linux

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-debian-linux

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-debian-linux-2.2

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-debian-linux-3.0

@@ -36,3 +36,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-debian-linux-3.1-*

@@ -36,3 +36,5 @@ rndc_conf=/etc/bind/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-freebsd-2.1-2.2

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-freebsd-3.0

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-freebsd-3.1-3.5

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-freebsd-4.0-*

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-generic-linux

@@ -34,3 +34,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-gentoo-linux

@@ -36,3 +36,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-hpux

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-irix

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-macos

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-macos-1.3-*

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-mandrake-linux

@@ -35,3 +35,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-mandrake-linux-10.2-*

@@ -36,3 +36,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-msc-linux

@@ -35,3 +35,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-netbsd

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-open-linux

@@ -35,3 +35,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-openbsd-2.5-3.1

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-openbsd-3.2-*

@@ -34,3 +34,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-openmamba-linux

@@ -35,3 +35,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-openserver

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-osf1

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-redhat-linux

@@ -35,3 +35,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-redhat-linux-10.0

@@ -40,3 +40,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-redhat-linux-11.0-*

@@ -40,3 +40,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-redhat-linux-7.1-9.0

@@ -36,3 +36,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-slackware-linux

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-slackware-linux-8.0-*

@@ -34,3 +34,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-sol-linux

@@ -36,3 +36,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-solaris

@@ -34,3 +34,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-solaris-10-*

@@ -34,3 +34,5 @@ rndcconf_cmd=/usr/bin/rndc-confgen
 largezones=0
 no_pid_chroot=0
 checkzone=/usr/bin/named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-solaris-7-9

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-suse-linux

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-suse-linux-8.2

@@ -38,3 +38,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-suse-linux-9.0-9.2

@@ -39,3 +39,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-suse-linux-9.3-*

@@ -41,3 +41,5 @@ largezones=0
 slave_dir=/var/lib/named/slave
 master_dir=/var/lib/named/master
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-trustix-linux

@@ -40,3 +40,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-trustix-linux-2.1

@@ -40,3 +40,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-trustix-linux-2.2-*

@@ -40,3 +40,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-turbo-linux

@@ -33,3 +33,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-united-linux

@@ -36,3 +36,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-unixware

@@ -34,3 +34,5 @@ rndc_conf=/etc/rndc.conf
 rndcconf_cmd=rndc-confgen
 largezones=0
 checkzone=named-checkzone
+keygen=keygen
+signzone=signzone

bind8/config-windows

@@ -51,3 +51,5 @@ start_cmd=sc start named
 zones_file=
 extra_forward=
 slave_dir=
+keygen=keygen
+signzone=signzone

bind8/config.info

@@ -6,6 +6,7 @@ named_user=User to start BIND as,3,Default
 named_group=Group to start BIND as,3,Default
 zones_file=Add new zones to file,3,named.conf
 relative_paths=Use relative zone file paths in <tt>named.conf</tt>?,1,1-Yes,0-No
+keys_dir=Directory for DNSSEC keys,3,Same as zone files
 
 line1=Display options,11
 show_list=Display domains as,1,0-Icons,1-List,2-Hierarchy
@@ -51,6 +52,8 @@ rndc_cmd=Full path to rndc command,0
 rndcconf_cmd=Full path to rndc-confgen command,0
 rndc_conf=Full path to the rndc.conf file,0
 checkzone=Full path to named-checkzone command,0
+keygen=Full path to dnssec-keygen command,0
+signzone=Full path to dnssec-signzone command,0
 pid_file=Default PID file location(s),3,/var/run/named.pid
 no_pid_chroot=PID file is under chroot directory?,1,0-Yes,1-No
 start_cmd=Command to start BIND,3,Default

bind8/index.cgi

@@ -91,7 +91,8 @@ if ($access{'defaults'}) {
 		   "conf_files.cgi", "conf_forwarding.cgi", "conf_net.cgi",
 		   "conf_misc.cgi", "conf_controls.cgi", "conf_keys.cgi",
 		   "conf_zonedef.cgi", "list_slaves.cgi",
-		   ($bind_version >= 9 ? ( "conf_rndc.cgi" ) : ( )),
+		   $bind_version >= 9 ? ( "conf_rndc.cgi" ) : ( ),
+		   &supports_dnssec() ? ( "conf_dnssec.cgi" ) : ( ),
 		   "conf_manual.cgi" );
 	@otitles = map { /(conf|list)_(\S+).cgi/; $text{$2."_title"} } @olinks;
 	@oicons = map { /^(conf|list)_(\S+).cgi/; "images/$2.gif"; } @olinks;

bind8/lang/en

@@ -980,3 +980,12 @@ links_restart=Apply Configuration
 links_stop=Stop BIND
 links_start=Start BIND
 links_apply=Apply Zone
+
+dnssec_title=DNSSEC Keys
+dnssec_ecannot=You are not allowed to manage DNSSEC keys
+dnssec_delete=Delete Selected Keys
+dnssec_id=Key ID
+dnssec_alg=Algorithm
+dnssec_bits=Key bits
+dnssec_none=No DNSSEC signing keys have been created yet.
+dnssec_header=Create DNSSEC key