smeserver/smeserver-dnscache
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit of file from CVS for e-smith-dnscache on Wed 12 Jul 08:51:05 BST 2023

Browse Source
This commit is contained in:
Brian Read
2023-07-12 08:51:05 +01:00
parent 6b9c45bdb1
commit 985fd9f0ab
46 changed files with 1461 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
root/etc/e-smith/db/configuration/defaults/dnscache.forwarder/status Normal file
View File

@@ -0,0 +1 @@
enabled

1
root/etc/e-smith/db/configuration/defaults/dnscache.forwarder/type Normal file
View File

@@ -0,0 +1 @@
service

1
root/etc/e-smith/db/configuration/defaults/dnscache/TCPPort Normal file
View File

@@ -0,0 +1 @@
53

1
root/etc/e-smith/db/configuration/defaults/dnscache/UDPPort Normal file
View File

@@ -0,0 +1 @@
53

1
root/etc/e-smith/db/configuration/defaults/dnscache/access Normal file
View File

@@ -0,0 +1 @@
private

1
root/etc/e-smith/db/configuration/defaults/dnscache/status Normal file
View File

@@ -0,0 +1 @@
enabled

1
root/etc/e-smith/db/configuration/defaults/dnscache/type Normal file
View File

@@ -0,0 +1 @@
service

22
root/etc/e-smith/db/configuration/migrate/20DNSForwarders Normal file
View File

@@ -0,0 +1,22 @@
{
my %props;
my $forwarder = $DB->get_value_and_delete('DNSPrimaryIP') ||
$DB->get_prop_and_delete('named', 'Forwarder1');
return "" unless defined $forwarder;
$props{'Forwarder'} = $forwarder;
$forwarder = $DB->get_value_and_delete('DNSSecondaryIP') ||
$DB->get_prop_and_delete('named', 'Forwarder2');;
if (defined $forwarder)
{
warn "DNS forwarder $forwarder deleted - support provided for only one";
}
my $dnscache = $DB->get('dnscache') || $DB->new_record('dnscache', { type => 'service' } );
$dnscache->merge_props(%props);
}

0
root/etc/e-smith/events/bootstrap-console-save/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/network-create/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/network-delete/.gitignore vendored Normal file
View File

1
root/etc/e-smith/templates/etc/resolv.conf/25nameserver Normal file
View File

@@ -0,0 +1 @@
nameserver { "$LocalIP" }

4
root/etc/e-smith/templates/var/service/dnscache.forwarder/config/CACHESIZE Normal file
View File

@@ -0,0 +1,4 @@
{
my $c = $dnscache{'CacheSize'} || 10000000;
"export CACHESIZE=$c"
}

4
root/etc/e-smith/templates/var/service/dnscache.forwarder/config/DATALIMIT Normal file
View File

@@ -0,0 +1,4 @@
{
my $datalimit = $dnscache{'DataLimit'} || 12000000;
"DATALIMIT=$datalimit";
}

4
root/etc/e-smith/templates/var/service/dnscache.forwarder/config/FORWARDER Normal file
View File

@@ -0,0 +1,4 @@
{
(defined $dnscache{'Forwarder'} && $dnscache{'Forwarder'}) ?
"export FORWARDONLY=1" : "";
}

1
root/etc/e-smith/templates/var/service/dnscache.forwarder/config/IP Normal file
View File

@@ -0,0 +1 @@
export IP=127.0.0.2

1
root/etc/e-smith/templates/var/service/dnscache.forwarder/config/IPSEND Normal file
View File

@@ -0,0 +1 @@
export IPSEND=0.0.0.0

1
root/etc/e-smith/templates/var/service/dnscache.forwarder/config/ROOT Normal file
View File

@@ -0,0 +1 @@
export ROOT=/var/service/dnscache.forwarder/root

25
root/etc/e-smith/templates/var/service/dnscache.forwarder/root/servers/@ Normal file
View File

@@ -0,0 +1,25 @@
{
my @servers = qw (
198.41.0.4
192.228.79.201
192.33.4.12
199.7.91.13
192.203.230.10
192.5.5.241
192.112.36.4
128.63.2.53
192.36.148.17
192.58.128.30
193.0.14.129
199.7.83.42
202.12.27.33
);
my $forwarder = $dnscache{Forwarder};
$OUT = $forwarder ? "$forwarder" : join("\n", @servers);
if ($forwarder = $dnscache{Forwarder2})
{
$OUT .= "\n$forwarder";
}
}

3
root/etc/e-smith/templates/var/service/dnscache/root/servers/@ Normal file
View File

@@ -0,0 +1,3 @@
{
"127.0.0.2";
}

1
root/service/dnscache Symbolic link
View File

@@ -0,0 +1 @@
/var/service/dnscache

1
root/service/dnscache.forwarder Symbolic link
View File

@@ -0,0 +1 @@
/var/service/dnscache.forwarder

15
root/usr/lib/systemd/system/dnscache.forwarder.service Normal file
View File

@@ -0,0 +1,15 @@
[Unit]
Description=dnscache.forwarder,
After=network.target
Requires=runit.service
[Service]
Type=oneshot
ExecStartPre=/sbin/e-smith/service-status dnscache.forwarder
ExecStart=/usr/bin/sv u /service/dnscache.forwarder
ExecStop=/usr/bin/sv stop /service/dnscache.forwarder
ExecReload=/usr/bin/sv t /service/dnscache.forwarder
RemainAfterExit=yes
[Install]
WantedBy=sme-server.target

15
root/usr/lib/systemd/system/dnscache.service Normal file
View File

@@ -0,0 +1,15 @@
[Unit]
Description=dnscache,
After=network.target
Requires=runit.service
[Service]
Type=oneshot
ExecStartPre=/sbin/e-smith/service-status dnscache
ExecStart=/usr/bin/sv u /service/dnscache
ExecStop=/usr/bin/sv stop /service/dnscache
ExecReload=/usr/bin/sv t /service/dnscache
RemainAfterExit=yes
[Install]
WantedBy=sme-server.target

0
root/var/log/dnscache.forwarder/.gitignore vendored Normal file
View File

0
root/var/log/dnscache/.gitignore vendored Normal file
View File

0
root/var/service/dnscache.forwarder/down Normal file
View File

1
root/var/service/dnscache.forwarder/env/ROOT vendored Normal file
View File

@@ -0,0 +1 @@
/var/service/dnscache/root

28
root/var/service/dnscache.forwarder/log/run Executable file
View File

@@ -0,0 +1,28 @@
#!/bin/sh
#----------------------------------------------------------------------
# copyright (C) 2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
exec \
/usr/local/bin/setuidgid dnslog \
/usr/local/bin/multilog t s5000000 \
/var/log/dnscache.forwarder

0
root/var/service/dnscache.forwarder/root/ip/127 Normal file
View File

1
root/var/service/dnscache.forwarder/root/servers/127.in-addr.arpa Normal file
View File

@@ -0,0 +1 @@
127.0.0.1

12
root/var/service/dnscache.forwarder/run Normal file
View File

@@ -0,0 +1,12 @@
#! /bin/sh
exec 2>&1
. ./config
# Ensure that dnscache has source of randomness to initialise its source
# port RNG
test -f ./seed || /bin/dd if=/dev/urandom bs=128 count=1 of=seed
exec<./seed
# http://marc.theaimsgroup.com/?l=djbdns&m=104812086607532&w=2
trap "" SIGPIPE
exec envuidgid dnscache softlimit -o250 -d "$DATALIMIT" /usr/local/bin/dnscache

109
root/var/service/dnscache/dnscache-log.pl Normal file
View File

@@ -0,0 +1,109 @@
#!/usr/bin/perl -p
# usage: tail -f /service/dnscache/log/main/current | tai64nlocal | dnscache-log
# use tail -F instead of tail -f if your tail supports it (linux, freebsd, etc)
$| = 1;
# strip off the year and the extra tai64 stuff.
s/^\d{4}-(\d\d-\d\d) (\d\d:\d\d:\d\d).(\d*)/$1 $2/;
# convert addresses in hex to dotted decimal notation.
# ugly fix (fn 2003 01 06)
if (!m/ stats \d+ \d+ \d+ \d+/) {
s/\b([a-f0-9]{8})\b/join(".", unpack("C*", pack("H8", $1)))/eg;
}
# strip out length from sent messages.
# sent slot-id length
s/sent (\d+) \d+/sent $1/;
### clean up some messages
# tx gluelessness qtype thing domain where.
s/tx (\d+) (\d+) (\S+) (\S+) (.*)/"tx $1 " . queryType($2) . " $3 $4 $5"/e;
# nodata server ttl qtype thing.
s/nodata (\S+) (\d+) (\d+) (\S+)/"nodata $1 " . queryType($2) . " $3 $4"/e;
# cached qtype info.
s/cached (\d+)/"cached " . queryType($1)/e;
# convert stuff like 127.0.0.2:0422:05be 1 to something more descriptive.
# query slot-id host:port qid qtype thing
s/\b([\d.]+):(\w+):(\w+) (\d+) ([-.\w]+)/printQueryLine($1, $2, $3, $4, $5)/e;
# convert rr messages.
s/rr (\S+) (\d+) (\S+) (\S+) (\S+)/printRRLine($1, $2, $3, $4, $5)/e;
### subs
sub printQueryLine {
my ($host, $port, $query_id, $query_type, $query) = @_;
# pad hostname
my $ret = "$host:";
$ret .= hex($port);
$ret .= ":" . hex($query_id);
$ret .= " " . queryType($query_type) . " $query";
return $ret;
}
sub printRRLine {
my ($host, $ttl, $query_type, $thing, $data) = @_;
my $ret = "rr ";
$ret .= "$host " . padd(6, $ttl) . " ";
$ret .= queryType($query_type) . " $thing ";
if ($query_type == 16) { # it's a txt record
# the first byte is the length. we skip it.
$data = substr($data, 2);
$ret .= "\"" . unpack("A*", pack("H*", $data)) . "\"";
} else {
$ret .= "$data";
}
return $ret;
}
sub queryType {
my ($type) = shift;
my $ret = "";
# i only list the ones that are in dnscache's dns.h.
SWITCH: {
($type == 1) && do { $ret = "a"; last SWITCH; };
($type == 2) && do { $ret = "ns"; last SWITCH; };
($type == 5) && do { $ret = "cname"; last SWITCH; };
($type == 6) && do { $ret = "soa"; last SWITCH; };
($type == 12) && do { $ret = "ptr"; last SWITCH; };
($type == 13) && do { $ret = "hinfo"; last SWITCH; };
($type == 15) && do { $ret = "mx"; last SWITCH; };
($type == 16) && do { $ret = "txt"; last SWITCH; };
($type == 17) && do { $ret = "rp"; last SWITCH; };
($type == 24) && do { $ret = "sig"; last SWITCH; };
($type == 25) && do { $ret = "key"; last SWITCH; };
($type == 28) && do { $ret = "aaaa"; last SWITCH; };
($type == 252) && do { $ret = "axfr"; last SWITCH; };
($type == 255) && do { $ret = "any"; last SWITCH; };
do { $ret .= "$type "; last SWITCH; };
}
return $ret;
}
# there has to be a better way
sub pads {
my ($amount, $item) = @_;
return sprintf "%" . $amount . "s", $item;
}
sub padd {
my ($amount, $item) = @_;
return sprintf "%0" . $amount . "d", $item;
}

0
root/var/service/dnscache/down Normal file
View File

1
root/var/service/dnscache/env/ROOT vendored Normal file
View File

@@ -0,0 +1 @@
/var/service/dnscache/root

28
root/var/service/dnscache/log/run Executable file
View File

@@ -0,0 +1,28 @@
#!/bin/sh
#----------------------------------------------------------------------
# copyright (C) 1999-2003 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
exec \
/usr/local/bin/setuidgid dnslog \
/usr/local/bin/multilog t s5000000 \
/var/log/dnscache

0
root/var/service/dnscache/root/ip/.gitignore vendored Normal file
View File

1
root/var/service/dnscache/root/servers/@ Normal file
View File

@@ -0,0 +1 @@
127.0.0.2

233
root/var/service/dnscache/run Executable file
View File

@@ -0,0 +1,233 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2008 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::ConfigDB;
use esmith::DomainsDB;
use esmith::NetworksDB;
use esmith::util;
sub allow_networks_2access_cache;
sub delegate_domains_2DNS;
unless (-f "/var/service/dnscache/seed")
{
system(qw(/bin/dd
if=/dev/urandom
of=/var/service/dnscache/seed
bs=128 count=1)) == 0
or warn("Could not create seed file");
}
open(STDIN, "<./seed") or warn "Failed to redirect input from seed file: $!";
open(STDERR, ">&STDOUT") or warn "Failed to redirect stderr to stdout: $!";;
my $config = esmith::ConfigDB->open or die "Could not open config db.";
my $dnscache = $config->get('dnscache');
my $forwarders = $dnscache->prop("Forwarder") || "";
if ($dnscache->prop("Forwarder2"))
{
$forwarders .= "," . $dnscache->prop("Forwarder2");
}
unless ($dnscache)
{
die "dnscache not configured in configuration db\n";
}
my $localip = $config->get('LocalIP');
unless ($localip)
{
die "localip not configured in configuration db\n";
}
my $tinydns = $config->get('tinydns');
unless ($tinydns)
{
die "tinydns not configured in configuration db\n";
}
my $tinydns_ip = $tinydns->prop('ListenIP') || "127.0.0.1";
$ENV{FORWARDONLY} = '1';
$ENV{IP} = $dnscache->prop('ListenIP') || $localip->value;
$ENV{IPSEND} = $dnscache->prop('SendIP') || '0.0.0.0';
$ENV{CACHESIZE} = 200000;
$ENV{ROOT} = '/service/dnscache/root';
my $domains = esmith::DomainsDB->open or die "Could not open Domains db.";
my $nets = esmith::NetworksDB->open or die "Could not open Networks db.";
#------------------------------------------------------------
# Configure DNS cache access.
#------------------------------------------------------------
# allow my networks to access the nameserver cache
my @localnetworks = ();
my %reversenets = ();
foreach my $net ($nets->get_all_by_prop('type', 'network'))
{
my $mask = $net->prop('Mask');
my $key = $net->key;
my $systemlocalnetwork = $net->prop('SystemLocalNetwork') || 'no';
my $nameserver = $net->prop('NameServer');
if (defined $nameserver and $nameserver eq $ENV{IP})
{
warn("NameServer property for net $key ($nameserver) would create loop - ignoring\n");
$nameserver = undef;
}
$nameserver ||= ($systemlocalnetwork eq 'yes') ? $tinydns_ip : 'none';
my @all_network_prefixes = esmith::util::computeAllLocalNetworkPrefixes ($key, $mask);
push @localnetworks, @all_network_prefixes;
unless ($nameserver eq 'none')
{
foreach (@all_network_prefixes)
{
my @quads = split(/\./, $_);
my $reverse_zone = join('.', reverse @quads) . ".in-addr.arpa";
$reversenets{$reverse_zone} = $nameserver;
}
}
}
allow_networks_2access_cache(@localnetworks);
delegate_domains_2DNS(
%reversenets,
map { $_->key => ($_->prop('Nameservers') || $tinydns_ip) }
($domains->get_all_by_prop('type', 'domain'),
$domains->get_all_by_prop('type', 'domain-remote')
));
my $datalimit = $dnscache->prop('DataLimit') || 3000000;
# Ensure that forwarder instance is started
system("sv", "u", "/service/dnscache.forwarder");
# http://marc.theaimsgroup.com/?l=djbdns&m=104812086607532&w=2
$SIG{'PIPE'} = 'IGNORE';
exec("envuidgid", "dnscache", "softlimit", "-o250", "-d", "$datalimit",
"/usr/local/bin/dnscache")
or die "failed to execute envuidgid/softlimit/dnscache: $!";
# NOTREACHED
exit (1);
sub allow_networks_2access_cache
{
my %access = map { $_ => 1 } @_;
my $dir = '/var/service/dnscache/root/ip';
unless (-f "$dir/127.0.0")
{
open F,">$dir/127.0.0"
|| die "Cannot add access file for loopback network: $!\n";
close F;
}
opendir(ACCESS, $dir) or
die "Cannot read dnscache access directory: $!";
foreach my $aclfile (readdir (ACCESS))
{
next if "$aclfile" eq "127.0.0";
next if -d "$aclfile";
if (exists $access{$aclfile})
{
# Cross this one off the list so that we don't bother creating it
delete $access{$aclfile};
}
else
{
# We no longer need this entry
unlink "$dir/$aclfile" or
warn "Could not delete dnscache access file $dir/$aclfile: $!\n";
}
}
closedir(ACCESS);
foreach my $aclfile (keys %access)
{
link "$dir/127.0.0", "$dir/$aclfile" or
die "Cannot add network access for $dir/$aclfile: $!\n";
}
}
sub delegate_domains_2DNS
{
my %delegations = @_;
my $serversdir = '/var/service/dnscache/root/servers';
opendir(SERVERS, $serversdir) or
die "Cannot read dnscache servers directory: $!";
foreach my $delegatefile (readdir (SERVERS))
{
next if "$delegatefile" eq '@';
next if -d "$serversdir/$delegatefile";
unless (exists $delegations{$delegatefile})
{
# We no longer need this entry
unlink "$serversdir/$delegatefile" or
warn "Could not delete dnscache domain file $serversdir/$delegatefile: $!\n";
}
}
closedir(SERVERS);
foreach my $delegatefile (keys %delegations)
{
if (-l "$serversdir/$delegatefile")
{
# Legacy symlink - we use files now
unlink "$serversdir/$delegatefile" or
warn "Could not delete dnscache domain link $serversdir/$delegatefile: $!\n";
}
open DELEGATE, ">$serversdir/$delegatefile" or
die "Couldn't create $serversdir/$delegatefile\n";
for my $ns ( split /,/, $delegations{$delegatefile} )
{
if ($ns =~ /^localhost$/)
{
print DELEGATE $tinydns_ip . "\n";
}
elsif ($ns =~ /^corporate$/)
{
print DELEGATE join("\n", split /,/, $forwarders) . "\n";
}
elsif ($ns =~ /^internet$/)
{
unlink "$serversdir/$delegatefile" or
warn "Couldn't unlink $serversdir/$delegatefile\n"
}
else
{
print DELEGATE $ns . "\n";
}
}
close DELEGATE;
}
}