Merge pull request #123 from jimmy-bergman-robo10/develop

Feature: Add atomiapowerdnssync update_dnssec_settings

bind_sync/Makefile.PL

@@ -1,7 +1,7 @@
 use ExtUtils::MakeMaker;
 WriteMakefile(
    'NAME' => 'Atomia::Bind::Syncer',
-   'VERSION' => '1.1.62',
+   'VERSION' => '1.1.63',
    'AUTHOR' => 'Jimmy Bergman <jimmy@atomia.com>',
    'EXE_FILES' => [ 'bin/atomiabindsync' ]
 );

bind_sync/debian/changelog

@@ -1,3 +1,9 @@
+atomiadns-bindsync (1.1.63) hardy; urgency=low
+
+  * Add atomiapowerdnssync update_dnssec_settings
+
+ -- Jimmy Bergman <jimmy@sigint.se>  Ons, 27 Mar 2024 15:00:52 +0100
+
 atomiadns-bindsync (1.1.62) hardy; urgency=low
 
   * Fix NSEC3 ordername with PowerDNS

dyndns/Makefile.PL

@@ -1,7 +1,7 @@
 use ExtUtils::MakeMaker;
 WriteMakefile(
    'NAME' => 'atomiadyndns',
-   'VERSION' => '1.1.62',
+   'VERSION' => '1.1.63',
    'AUTHOR' => 'Jimmy Bergman <jimmy@atomia.com>',
    'EXE_FILES' => [ 'bin/atomiadyndns' ]
 );

dyndns/debian/changelog

@@ -1,3 +1,9 @@
+atomiadns-dyndns (1.1.63) hardy; urgency=low
+
+  * Add atomiapowerdnssync update_dnssec_settings
+
+ -- Jimmy Bergman <jimmy@sigint.se>  Ons, 27 Mar 2024 15:00:52 +0100
+
 atomiadns-dyndns (1.1.62) hardy; urgency=low
 
   * Fix NSEC3 ordername with PowerDNS

powerdns_sync/Makefile.PL

@@ -1,7 +1,7 @@
 use ExtUtils::MakeMaker;
 WriteMakefile(
    'NAME' => 'Atomia::DNS::PowerDNSSyncer',
-   'VERSION' => '1.1.62',
+   'VERSION' => '1.1.63',
    'AUTHOR' => 'Jimmy Bergman <jimmy@atomia.com>',
    'EXE_FILES' => [ 'bin/atomiapowerdnssync' ]
 );

powerdns_sync/bin/atomiapowerdnssync

@@ -39,6 +39,10 @@ Marks all zones as changed so that the update-process propagates them on all nam
 
 Marks all slave zones as changed so that the update-process propagates them on all nameservers.
 
+=item update_dnssec_settings
+
+Forces an update of the DNSSEC settings in the global_domainmetadata table.
+
 =item updated
 
 Fetches a list of changed zones and adds/removes them from the PowerDNS database.
@@ -125,7 +129,7 @@ $| = 1;
 
 if (scalar(@ARGV) < 1) {
 	print "usage: $0 mode\n";
-	print "where mode is one of full_reload_online, full_reload_slavezones, add_server, remove_server, get_server, disable_updates, enable_updates, import_zonefile, set_external_dnssec_keys\n";
+	print "where mode is one of full_reload_online, full_reload_slavezones, add_server, remove_server, get_server, disable_updates, enable_updates, import_zonefile, set_external_dnssec_keys, update_dnssec_settings\n";
 	exit 1;
 }
 
@@ -215,6 +219,19 @@ SWITCH: {
 		last SWITCH;
 	};
 
+	/^update_dnssec_settings$/i && do {
+		eval {
+			my $syncer = Atomia::DNS::PowerDNSSyncer->new(configfile => "/etc/atomiadns.conf");
+			$syncer->sync_dnssec_keys(1);
+		};
+
+		my $exception = $@;
+		if ($exception) {
+			handle_exception($exception);
+		}
+		last SWITCH;
+	};
+
 	/^updated$/i && do {
 		FOREVER: while(1) {
 			eval {

powerdns_sync/debian/changelog

@@ -1,3 +1,9 @@
+atomiadns-powerdnssync (1.1.63) hardy; urgency=low
+
+  * Add atomiapowerdnssync update_dnssec_settings
+
+ -- Jimmy Bergman <jimmy@sigint.se>  Ons, 27 Mar 2024 15:00:52 +0100
+
 atomiadns-powerdnssync (1.1.62) hardy; urgency=low
 
   * Fix NSEC3 ordername with PowerDNS

powerdns_sync/lib/Atomia/DNS/PowerDNSDatabase.pm

@@ -18,10 +18,10 @@ sub BUILD {
 	$self->nsec3_iterations(defined($self->config->{"powerdns_nsec3_iterations"}) ? $self->config->{"powerdns_nsec3_iterations"} : 1);
 	my $salt = $self->config->{"powerdns_nsec3_salt"} || "ab";
 	die "powerdns_nsec3_salt should be one byte in hex format, like 7f or - to skip salting" unless defined($salt) && $salt =~ /^([0-9A-F]{2}|-)$/i;
-	$self->nsec3_salt(chr(hex($salt)));
+	$self->nsec3_salt(chr(hex($salt))) if $salt ne '-';
 	$self->nsec3_salt_pres($salt);
 
-	my $opt_out = $self->config->{"powerdns_nsec3_opt_out"} || "1";
+	my $opt_out = defined($self->config->{"powerdns_nsec3_opt_out"}) ? $self->config->{"powerdns_nsec3_opt_out"} : "1";
 	$self->nsec3_opt_out($opt_out);
 }
 
@@ -291,6 +291,7 @@ sub set_dnssec_metadata {
 	my $presigned = shift;
 	my $also_notify = shift;
 	my $nsec_type = shift;
+	my $force = shift;
 
 	$presigned = 0 if defined($presigned) && $presigned != 1;
 	$also_notify = '' unless defined($also_notify) && $also_notify =~ /^[\d.]+$/;
@@ -307,18 +308,18 @@ sub set_dnssec_metadata {
 	my $db_correct_notify = ($num_metadata->[3] == ($also_notify ne '' ? 1 : 0) && $num_metadata->[0] == 1);
 
 	eval {
-		if (defined($presigned) && $presigned && !$db_is_presigned) {
+		if (defined($presigned) && $presigned && (defined($force) || !$db_is_presigned)) {
 			$self->dbi->do("DELETE FROM global_domainmetadata");
 			$self->dbi->do("INSERT INTO global_domainmetadata (kind, content) VALUES ('PRESIGNED', '1')");
 			$self->dbi->do("INSERT INTO global_domainmetadata (kind, content) VALUES ('ALSO-NOTIFY', '$also_notify')") unless $also_notify eq '';
 			$self->dbi->commit();
-		} elsif (defined($presigned) && !$presigned && !$db_correct_nsec) {
+		} elsif (defined($presigned) && !$presigned && (defined($force) || !$db_correct_nsec)) {
 			$self->dbi->do("DELETE FROM global_domainmetadata");
 			$self->dbi->do("INSERT INTO global_domainmetadata (kind, content) VALUES ('SOA-EDIT', 'INCEPTION-EPOCH')");
 			$self->dbi->do("INSERT INTO global_domainmetadata (kind, content) VALUES ('NSEC3PARAM', '1 " . $self->nsec3_opt_out . " " . $self->nsec3_iterations . " " . $self->nsec3_salt_pres . "')") if $nsec_type ne 'NSEC';
 			$self->dbi->do("INSERT INTO global_domainmetadata (kind, content) VALUES ('NSEC3NARROW', '1')") if $nsec_type eq 'NSEC3NARROW';
 			$self->dbi->commit();
-		} elsif (!defined($presigned) && !$db_correct_notify) {
+		} elsif (!defined($presigned) && (defined($force) || !$db_correct_notify)) {
 			$self->dbi->do("DELETE FROM global_domainmetadata");
 			$self->dbi->do("INSERT INTO global_domainmetadata (kind, content) VALUES ('ALSO-NOTIFY', '$also_notify')") unless $also_notify eq '';
 		}

powerdns_sync/lib/Atomia/DNS/PowerDNSSyncer.pm

@@ -77,6 +77,7 @@ sub sync_zone_transfers {
 
 sub sync_dnssec_keys {
 	my $self = shift;
+	my $force = shift;
 
 	if (!defined($self->config->{"powerdns_sync_keys"}) || $self->config->{"powerdns_sync_keys"} ne "0") {
 		my $keyset = $self->soap->GetDNSSECKeys();
@@ -85,11 +86,11 @@ sub sync_dnssec_keys {
 		$keyset = $keyset->result;
 
 		$self->database->sync_keyset($keyset);
-		$self->database->set_dnssec_metadata(0, undef, $self->config->{"powerdns_zone_nsec_format"});
+		$self->database->set_dnssec_metadata(0, undef, $self->config->{"powerdns_zone_nsec_format"}, $force);
 	} elsif (defined($self->config->{"powerdns_presigned_dnssec"}) && $self->config->{"powerdns_presigned_dnssec"} eq "1") {
-		$self->database->set_dnssec_metadata(1, $self->config->{"powerdns_master_also_notify"}, $self->config->{"powerdns_zone_nsec_format"});
+		$self->database->set_dnssec_metadata(1, $self->config->{"powerdns_master_also_notify"}, $self->config->{"powerdns_zone_nsec_format"}, $force);
 	} elsif (defined($self->config->{"powerdns_master_also_notify"})) {
-		$self->database->set_dnssec_metadata(undef, $self->config->{"powerdns_master_also_notify"}, $self->config->{"powerdns_zone_nsec_format"});
+		$self->database->set_dnssec_metadata(undef, $self->config->{"powerdns_master_also_notify"}, $self->config->{"powerdns_zone_nsec_format"}, $force);
 	}
 }
 
@@ -526,8 +527,8 @@ sub reload_updated_domainmetadata {
 		my $domainmetadata_id_and_domain_name = $change_table_domain_id->{"domain_id"};
 
 		my @domainmetadata_id_and_domain_name_arr = split(',', $domainmetadata_id_and_domain_name);
-		my $domainmetadata_id = @domainmetadata_id_and_domain_name_arr[0];
-		my $domain_name = @domainmetadata_id_and_domain_name_arr[1];
+		my $domainmetadata_id = $domainmetadata_id_and_domain_name_arr[0];
+		my $domain_name = $domainmetadata_id_and_domain_name_arr[1];
 
 		my $domainmetadata;
 		eval {

server/Makefile.PL

@@ -1,7 +1,7 @@
 use ExtUtils::MakeMaker;
 WriteMakefile(
    'NAME' => 'Atomia::DNS::Server',
-   'VERSION' => '1.1.62',
+   'VERSION' => '1.1.63',
    'AUTHOR' => 'Jimmy Bergman <jimmy@pingdom.com>',
    'DIR' => [],
    'EXE_FILES' => [ 'bin/generate_private_key' ]

server/SPECS/atomiadns-masterserver.spec

@@ -5,7 +5,7 @@
 
 Summary: Complete master SOAP server for Atomia DNS
 Name: atomiadns-masterserver
-Version: 1.1.62
+Version: 1.1.63
 Release: 1%{?dist}
 License: Commercial
 Group: System Environment/Daemons
@@ -18,7 +18,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 
 BuildArch: noarch
 
-Requires: atomiadns-api >= 1.1.62 atomiadns-database >= 1.1.62
+Requires: atomiadns-api >= 1.1.63 atomiadns-database >= 1.1.63
 
 %description
 Complete master SOAP server for Atomia DNS
@@ -37,6 +37,8 @@ Complete master SOAP server for Atomia DNS
 %files
 
 %changelog
+* Ons Mar 27 2024 Jimmy Bergman <jimmy@sigint.se> - 1.1.63-1
+- Add atomiapowerdnssync update_dnssec_settings
 * Tis Mar 26 2024 Jimmy Bergman <jimmy@sigint.se> - 1.1.62-1
 - Fix NSEC3 ordername with PowerDNS
 * Thu Oct 12 2023 Nemanja Zivkovic <nemanja.zivkovic@atomia.com> - 1.1.61-1

server/client/Makefile.PL

@@ -1,7 +1,7 @@
 use ExtUtils::MakeMaker;
 WriteMakefile(
    'NAME' => 'atomiadnsclient',
-   'VERSION' => '1.1.62',
+   'VERSION' => '1.1.63',
    'AUTHOR' => 'Jimmy Bergman <jimmy@atomia.com>',
    'EXE_FILES' => [ 'atomiadnsclient', 'dnssec_zsk_rollover' ]
 );

server/debian/changelog

@@ -1,3 +1,9 @@
+atomiadns-masterserver (1.1.63) hardy; urgency=low
+
+  * Add atomiapowerdnssync update_dnssec_settings
+
+ -- Jimmy Bergman <jimmy@sigint.se>  Ons, 27 Mar 2024 15:00:52 +0100
+
 atomiadns-masterserver (1.1.62) hardy; urgency=low
 
   * Fix NSEC3 ordername with PowerDNS

server/debian/control

@@ -8,7 +8,7 @@ Standards-Version: 3.6.1
 
 Package: atomiadns-masterserver
 Architecture: all
-Depends: atomiadns-api (>= 1.1.62), atomiadns-database (>= 1.1.62)
+Depends: atomiadns-api (>= 1.1.63), atomiadns-database (>= 1.1.63)
 Description: Complete master SOAP server for Atomia DNS
 
 Package: atomiadns-api

syncer/Makefile.PL

@@ -1,7 +1,7 @@
 use ExtUtils::MakeMaker;
 WriteMakefile(
    'NAME' => 'Atomia::DNS::Syncer',
-   'VERSION' => '1.1.62',
+   'VERSION' => '1.1.63',
    'AUTHOR' => 'Jimmy Bergman <jimmy@atomia.com>',
    'EXE_FILES' => [ 'bin/atomiadnssync' ]
 );

syncer/debian/changelog

@@ -1,3 +1,9 @@
+atomiadns-nameserver (1.1.63) hardy; urgency=low
+
+  * Add atomiapowerdnssync update_dnssec_settings
+
+ -- Jimmy Bergman <jimmy@sigint.se>  Ons, 27 Mar 2024 15:00:52 +0100
+
 atomiadns-nameserver (1.1.62) hardy; urgency=low
 
   * Fix NSEC3 ordername with PowerDNS

webapp/debian/changelog

@@ -1,3 +1,9 @@
+atomiadns-webapp (1.1.63) hardy; urgency=low
+
+  * Add atomiapowerdnssync update_dnssec_settings
+
+ -- Jimmy Bergman <jimmy@sigint.se>  Ons, 27 Mar 2024 15:00:52 +0100
+
 atomiadns-webapp (1.1.62) hardy; urgency=low
 
   * Fix NSEC3 ordername with PowerDNS

webapp/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "atomiadns-controlpanel",
-	"version": "1.1.62",
+	"version": "1.1.63",
 	"private": true,
 	"dependencies": {
 		"express":		"= 3.11.0",

zonefileimporter/Makefile.PL

@@ -1,7 +1,7 @@
 use ExtUtils::MakeMaker;
 WriteMakefile(
    'NAME' => 'atomiadns_zoneimport',
-   'VERSION' => '1.1.62',
+   'VERSION' => '1.1.63',
    'AUTHOR' => 'Jimmy Bergman <jimmy@atomia.com>',
    'EXE_FILES' => [ 'atomiadns_zoneimport' ]
 );

zonefileimporter/debian/changelog

@@ -1,3 +1,9 @@
+atomiadns-zoneimport (1.1.63) hardy; urgency=low
+
+  * Add atomiapowerdnssync update_dnssec_settings
+
+ -- Jimmy Bergman <jimmy@sigint.se>  Ons, 27 Mar 2024 15:00:52 +0100
+
 atomiadns-zoneimport (1.1.62) hardy; urgency=low
 
   * Fix NSEC3 ordername with PowerDNS