netexternal.cgi: Show DNSSEC status

[people/teissler/ipfire-2.x.git] / html / cgi-bin / netexternal.cgi

diff --git a/html/cgi-bin/netexternal.cgi b/html/cgi-bin/netexternal.cgi
index 156ef2418c604f429f66390e9ef136aa267e1eaa..39c50e15c9a542f5fc438cee34ccecabb8243c9d 100644 (file)
--- a/html/cgi-bin/netexternal.cgi
+++ b/html/cgi-bin/netexternal.cgi
@@ -76,6 +76,82 @@ if ( $querry[0] ne~ ""){
                &Header::closebox();
        }
 
+       ## DNSSEC
+       my @nameservers = ();
+       foreach my $f ("${General::swroot}/red/dns1", "${General::swroot}/red/dns2") {
+               open(DNS, "<$f");
+               my $nameserver = <DNS>;
+               close(DNS);
+
+               chomp($nameserver);
+               if ($nameserver) {
+                       push(@nameservers, $nameserver);
+               }
+       }
+
+       &Header::openbox('100%', 'center', $Lang::tr{'dnssec information'});
+
+       print <<END;
+               <table class="tbl" width='66%'>
+                       <thead>
+                               <tr>
+                                       <th align="center">
+                                               <strong>$Lang::tr{'nameserver'}</strong>
+                                       </th>
+                                       <th align="center">
+                                               <strong>$Lang::tr{'status'}</strong>
+                                       </th>
+                               </tr>
+                       </thead>
+                       <tbody>
+END
+
+       my $id = 0;
+       for my $nameserver (@nameservers) {
+               my $status = &check_dnssec($nameserver, "ping.ipfire.org");
+
+               my $colour = "";
+               my $message = "";
+
+               # DNSSEC Not supported
+               if ($status == 0) {
+                       $message = $Lang::tr{'dnssec not supported'};
+                       $colour = ${Header::colourred};
+
+               # DNSSEC Aware
+               } elsif ($status == 1) {
+                       $message = $Lang::tr{'dnssec aware'};
+                       $colour = ${Header::colouryellow};
+
+               # DNSSEC Validating
+               } elsif ($status == 2) {
+                       $message = $Lang::tr{'dnssec validating'};
+                       $colour = ${Header::colourgreen};
+
+               # Error
+               } else {
+                       $colour = ${Header::colourred};
+               }
+
+               my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'};
+
+               print <<END;
+                       <tr bgcolor="$table_colour">
+                               <td>$nameserver</td>
+                               <td bgcolor="$colour" align="center">
+                                       <font color='white'><strong>$message</strong></font>
+                               </td>
+                       </tr>
+END
+       }
+
+       print <<END;
+                       </tbody>
+               </table>
+END
+
+       &Header::closebox();
+
        if ( $netsettings{'CONFIG_TYPE'} =~ /^(1|2|3|4)$/  && $netsettings{'RED_TYPE'} eq "DHCP"){
 
                &Header::openbox('100%', 'left', "RED $Lang::tr{'dhcp configuration'}");
@@ -161,4 +237,33 @@ END
 
        &Header::closebigbox();
        &Header::closepage();
-}      
+}
+
+sub check_dnssec($$) {
+       my $nameserver = shift;
+       my $record = shift;
+
+       my @command = ("dig", "+dnssec", $record, "\@$nameserver");
+
+       my @output = qx(@command);
+       my $output = join("", @output);
+
+       my $status = 0;
+       if ($output =~ m/status: (\w+)/) {
+               $status = ($1 eq "NOERROR");
+
+               if (!$status) {
+                       return -1;
+               }
+       }
+
+       my @flags = ();
+       if ($output =~ m/flags: (.*);/) {
+               @flags = split(/ /, $1);
+       }
+
+       my $aware = ($output =~ m/RRSIG/);
+       my $validating = ("ad" ~~ @flags);
+
+       return $aware + $validating;
+}