From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 30 Mar 2015 23:38:09 +0000 (+0200)
Subject: DHCP: Add support for DNS Update (RFC2136)
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dbfa3eb9a3dcfb871f30f1738c31273ff0667256;p=people%2Fms%2Fipfire-2.x.git

DHCP: Add support for DNS Update (RFC2136)
---

diff --git a/doc/language_issues.es b/doc/language_issues.es
index c93d40cb4f..481289a055 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -662,6 +662,11 @@ WARNING: untranslated string: dh key move failed
 WARNING: untranslated string: dh key warn
 WARNING: untranslated string: dh key warn1
 WARNING: untranslated string: dh parameter
+WARNING: untranslated string: dhcp dns enable update
+WARNING: untranslated string: dhcp dns key name
+WARNING: untranslated string: dhcp dns update
+WARNING: untranslated string: dhcp dns update algo
+WARNING: untranslated string: dhcp dns update secret
 WARNING: untranslated string: dnat address
 WARNING: untranslated string: dns servers
 WARNING: untranslated string: dnsforward
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index c1dedc59c3..ae94c2f597 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -672,6 +672,11 @@ WARNING: untranslated string: dh key move failed
 WARNING: untranslated string: dh key warn
 WARNING: untranslated string: dh key warn1
 WARNING: untranslated string: dh parameter
+WARNING: untranslated string: dhcp dns enable update
+WARNING: untranslated string: dhcp dns key name
+WARNING: untranslated string: dhcp dns update
+WARNING: untranslated string: dhcp dns update algo
+WARNING: untranslated string: dhcp dns update secret
 WARNING: untranslated string: dnat address
 WARNING: untranslated string: dns address deleted txt
 WARNING: untranslated string: dns servers
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 859cc1fd16..efee6ad458 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -676,6 +676,11 @@ WARNING: untranslated string: dh key move failed
 WARNING: untranslated string: dh key warn
 WARNING: untranslated string: dh key warn1
 WARNING: untranslated string: dh parameter
+WARNING: untranslated string: dhcp dns enable update
+WARNING: untranslated string: dhcp dns key name
+WARNING: untranslated string: dhcp dns update
+WARNING: untranslated string: dhcp dns update algo
+WARNING: untranslated string: dhcp dns update secret
 WARNING: untranslated string: dns servers
 WARNING: untranslated string: dnssec aware
 WARNING: untranslated string: dnssec information
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index c93d40cb4f..481289a055 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -662,6 +662,11 @@ WARNING: untranslated string: dh key move failed
 WARNING: untranslated string: dh key warn
 WARNING: untranslated string: dh key warn1
 WARNING: untranslated string: dh parameter
+WARNING: untranslated string: dhcp dns enable update
+WARNING: untranslated string: dhcp dns key name
+WARNING: untranslated string: dhcp dns update
+WARNING: untranslated string: dhcp dns update algo
+WARNING: untranslated string: dhcp dns update secret
 WARNING: untranslated string: dnat address
 WARNING: untranslated string: dns servers
 WARNING: untranslated string: dnsforward
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 17e3199b11..630bf1ae77 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -666,6 +666,11 @@ WARNING: untranslated string: dh key move failed
 WARNING: untranslated string: dh key warn
 WARNING: untranslated string: dh key warn1
 WARNING: untranslated string: dh parameter
+WARNING: untranslated string: dhcp dns enable update
+WARNING: untranslated string: dhcp dns key name
+WARNING: untranslated string: dhcp dns update
+WARNING: untranslated string: dhcp dns update algo
+WARNING: untranslated string: dhcp dns update secret
 WARNING: untranslated string: disk access per
 WARNING: untranslated string: dnat address
 WARNING: untranslated string: dns servers
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 0ebd3988f9..4d048fe69b 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -663,6 +663,11 @@ WARNING: translation string unused: year-graph
 WARNING: translation string unused: yearly firewallhits
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: bytes
+WARNING: untranslated string: dhcp dns enable update
+WARNING: untranslated string: dhcp dns key name
+WARNING: untranslated string: dhcp dns update
+WARNING: untranslated string: dhcp dns update algo
+WARNING: untranslated string: dhcp dns update secret
 WARNING: untranslated string: fwhost err hostip
 WARNING: untranslated string: incoming compression in bytes per second
 WARNING: untranslated string: incoming overhead in bytes per second
diff --git a/doc/language_missings b/doc/language_missings
index 05798b9114..cb6afdb810 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -83,6 +83,11 @@
 < deprecated fs warn
 < details
 < dh
+< dhcp dns enable update
+< dhcp dns key name
+< dhcp dns update
+< dhcp dns update algo
+< dhcp dns update secret
 < dh key move failed
 < dh key warn
 < dh key warn1
@@ -641,6 +646,11 @@
 < deprecated fs warn
 < details
 < dh
+< dhcp dns enable update
+< dhcp dns key name
+< dhcp dns update
+< dhcp dns update algo
+< dhcp dns update secret
 < dh key move failed
 < dh key warn
 < dh key warn1
@@ -1190,6 +1200,11 @@
 < deprecated fs warn
 < details
 < dh
+< dhcp dns enable update
+< dhcp dns key name
+< dhcp dns update
+< dhcp dns update algo
+< dhcp dns update secret
 < dh key move failed
 < dh key warn
 < dh key warn1
@@ -1717,6 +1732,11 @@
 < deprecated fs warn
 < details
 < dh
+< dhcp dns enable update
+< dhcp dns key name
+< dhcp dns update
+< dhcp dns update algo
+< dhcp dns update secret
 < dh key move failed
 < dh key warn
 < dh key warn1
diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi
index 9a7d983eef..9326aabda0 100644
--- a/html/cgi-bin/dhcp.cgi
+++ b/html/cgi-bin/dhcp.cgi
@@ -70,11 +70,17 @@ foreach my $itf (@ITFs) {
     $dhcpsettings{"NTP2_${itf}"} = '';
     $dhcpsettings{"NEXT_${itf}"} = '';
     $dhcpsettings{"FILE_${itf}"} = '';
+    $dhcpsettings{"DNS_UPDATE_KEY_NAME_${itf}"} = '';
+    $dhcpsettings{"DNS_UPDATE_KEY_SECRET_${itf}"} = '';
+    $dhcpsettings{"DNS_UPDATE_KEY_ALGO_${itf}"} = '';
 }
 
 $dhcpsettings{'SORT_FLEASELIST'} = 'FIPADDR';
 $dhcpsettings{'SORT_LEASELIST'} = 'IPADDR';
 
+# DNS Update settings
+$dhcpsettings{'DNS_UPDATE_ENABLED'} = 'off';
+
 #Settings2 for editing the multi-line list
 #Must not be saved with writehash !
 $dhcpsettings{'FIX_MAC'} = '';
@@ -593,6 +599,78 @@ print <<END
     <td width='40%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
 </tr>
 </table>
+END
+;
+&Header::closebox();
+
+# DHCP DNS update support (RFC2136)
+&Header::openbox('100%', 'left', $Lang::tr{'dhcp dns update'});
+
+my %checked = ();
+$checked{'DNS_UPDATE_ENABLED'}{'on'} = ( $dhcpsettings{'DNS_UPDATE_ENABLED'} ne 'on') ? '' : "checked='checked'";
+
+print <<END
+<table  width='100%'>
+	<tr>
+		<td width='25%' class='boldbase'>$Lang::tr{'dhcp dns enable update'}</td>
+		<td class='base'><input type='checkbox' name='DNS_UPDATE_ENABLED' $checked{'DNS_UPDATE_ENABLED'}{'on'}>
+		</td>
+	<tr>
+</table>
+
+<table width='100%'>
+END
+;
+	my @domains = ();
+
+	# Print options for each interface.
+	foreach my $itf (@ITFs) {
+		# Check if DHCP for this interface is enabled.
+		if ($dhcpsettings{"ENABLE_${itf}"} eq 'on') {
+			# Check for same domain name.
+			next if ($dhcpsettings{"DOMAIN_NAME_${itf}"} ~~ @domains);
+			my $lc_itf = lc($itf);
+
+			# Select previously configured update algorithm.
+			my %selected = ();
+			$selected{'DNS_UPDATE_ALGO_${inf}'}{$dhcpsettings{'DNS_UPDATE_ALGO_${inf}'}} = 'selected';
+
+print <<END
+	<tr>
+		<td colspan='6'>&nbsp;</td>
+	</tr>
+	<tr>
+		<td colspan='6' class='boldbase'><b>$dhcpsettings{"DOMAIN_NAME_${itf}"}</b></td>
+	</tr>
+	<tr>
+		<td width='10%' class='boldbase'>$Lang::tr{'dhcp dns key name'}:</td>
+		<td width='20%'><input type='text' name='DNS_UPDATE_KEY_NAME_${itf}' value='$dhcpsettings{"DNS_UPDATE_KEY_NAME_${itf}"}'></td>
+		<td width='10%' class='boldbase' align='right'>$Lang::tr{'dhcp dns update secret'}:&nbsp;&nbsp;</td>
+		<td width='20%'><input type='password' name='DNS_UPDATE_KEY_SECRET_${itf}' value='$dhcpsettings{"DNS_UPDATE_KEY_SECRET_${itf}"}'></td>
+		<td width='10%' class='boldbase' align='right'>$Lang::tr{'dhcp dns update algo'}:&nbsp;&nbsp;</td>
+		<td width='20%'>
+			<select name='DNS_UPDATE_KEY_ALGO_${itf}'>
+				<option value='hmac-sha1' $selected{'DNS_UPDATE_KEY_ALGO_${itf}'}{'hmac-sha1'}>HMAC-SHA1</option>
+				<option value='hmac-md5' $selected{'DNS_UPDATE_KEY_ALGO_${itf}'}{'hmac-md5'}>HMAC-MD5</option>
+			</select>
+		</td>
+	</tr>
+END
+;
+	}
+
+	# Store configured domain based on the interface
+	# in the temporary variable.
+	push(@domains, $dhcpsettings{"DOMAIN_NAME_${itf}"});
+}
+print <<END
+</table>
+<hr>
+<table width='100%'>
+	<tr>
+		<td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
+	</tr>
+</table>
 </form>
 END
 ;
@@ -1102,9 +1180,19 @@ sub buildconf {
     flock(FILE, 2);
 
     # Global settings
-    print FILE "ddns-update-style none;\n";
     print FILE "deny bootp;	#default\n";
     print FILE "authoritative;\n";
+
+    # DNS Update settings
+    if ($dhcpsettings{'DNS_UPDATE_ENABLED'} eq 'on') {
+        print FILE "ddns-updates           on;\n";
+        print FILE "ddns-update-style      interim;\n";
+        print FILE "ddns-ttl               60; # 1 min\n";
+        print FILE "ignore                 client-updates;\n";
+        print FILE "update-static-leases   on;\n";
+    } else {
+        print FILE "ddns-update-style none;\n";
+    }
     
     # Write first new option definition
     foreach my $line (@current1) {
@@ -1133,12 +1221,13 @@ sub buildconf {
 	    }
 	}# on    
     }# foreach line
+    print FILE "\n";
 
     #Subnet range definition
     foreach my $itf (@ITFs) {
 	my $lc_itf=lc($itf);
 	if ($dhcpsettings{"ENABLE_${itf}"} eq 'on' ){
-	    print FILE "\nsubnet " . $netsettings{"${itf}_NETADDRESS"} . " netmask ". $netsettings{"${itf}_NETMASK"} . " #$itf\n";
+	    print FILE "subnet " . $netsettings{"${itf}_NETADDRESS"} . " netmask ". $netsettings{"${itf}_NETMASK"} . " #$itf\n";
 	    print FILE "{\n";
 	    print FILE "\trange " . $dhcpsettings{"START_ADDR_${itf}"} . ' ' . $dhcpsettings{"END_ADDR_${itf}"}.";\n" if ($dhcpsettings{"START_ADDR_${itf}"});
 	    print FILE "\toption subnet-mask "   . $netsettings{"${itf}_NETMASK"} . ";\n";
@@ -1175,7 +1264,18 @@ sub buildconf {
 		    }
 		}# on    
 	    }# foreach line
-	    print FILE "} #$itf\n";
+	    print FILE "} #$itf\n\n";
+
+	    if (($dhcpsettings{"DNS_UPDATE_ENABLED"} eq "on") && ($dhcpsettings{"DNS_UPDATE_KEY_NAME_${itf}"} ne "")) {
+	        print FILE "key " . $dhcpsettings{"DNS_UPDATE_KEY_NAME_${itf}"} . " {\n";
+	        print FILE "\talgorithm " . $dhcpsettings{"DNS_UPDATE_KEY_ALGO_${itf}"} . ";\n";
+	        print FILE "\tsecret \"" . $dhcpsettings{"DNS_UPDATE_KEY_SECRET_${itf}"} . "\";\n";
+	        print FILE "};\n\n";
+
+	        print FILE "zone " . $dhcpsettings{"DOMAIN_NAME_${itf}"} . ". {\n";
+	        print FILE "\tkey " . $dhcpsettings{"DNS_UPDATE_KEY_NAME_${itf}"} . ";\n";
+		print FILE "}\n\n";
+	    }
 
 	    system ('/usr/bin/touch', "${General::swroot}/dhcp/enable_${lc_itf}");
 	    &General::log("DHCP on ${itf}: " . $Lang::tr{'dhcp server enabled'})
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index eb29b5fbf2..ea92d806cb 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -697,6 +697,11 @@
 'dhcp bootp pxe data' => 'Geben Sie optionale BOOTP PXE-Daten fÃ¼r diese feste Zuordnung ein',
 'dhcp configuration' => 'DHCP-Konfiguration',
 'dhcp create fixed leases' => 'Feste Zuordnungen erzeugen',
+'dhcp dns enable update' => 'DNS-Update (RFC2136) aktivieren:',
+'dhcp dns key name' => 'SchlÃ¼sselname:',
+'dhcp dns update' => 'DNS-Update',
+'dhcp dns update algo' => 'Algorithmus:',
+'dhcp dns update secret' => 'SchlÃ¼ssel:',
 'dhcp fixed lease err1' => 'FÃ¼r eine feste Zuordnung mÃ¼ssen entweder die Hardware Adresse (MAC-Adresse) oder der Hostname oder beide eingetragen werden.',
 'dhcp fixed lease help1' => 'IP Adressen kÃ¶nnen als FQDN angegeben werden.',
 'dhcp mode' => 'DHCP',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 8c049fffa9..c788866450 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -720,6 +720,11 @@
 'dhcp bootp pxe data' => 'Enter optional bootp pxe data for this fixed lease',
 'dhcp configuration' => 'DHCP configuration',
 'dhcp create fixed leases' => 'Create fixed leases',
+'dhcp dns enable update' => 'Enable DNS Update (RFC2136):',
+'dhcp dns key name' => 'Key Name:',
+'dhcp dns update' => 'DNS Update',
+'dhcp dns update algo' => 'Algorithm:',
+'dhcp dns update secret' => 'Secret:',
 'dhcp fixed lease err1' => 'For a fix lease you have to enter the MAC address or the hostname, or you enter both.',
 'dhcp fixed lease help1' => 'IP Addresses might be entered as FQDN',
 'dhcp mode' => 'DHCP',
diff --git a/src/initscripts/init.d/dnsmasq b/src/initscripts/init.d/dnsmasq
index 4e37925171..b033e2b4c8 100644
--- a/src/initscripts/init.d/dnsmasq
+++ b/src/initscripts/init.d/dnsmasq
@@ -54,6 +54,21 @@ function dns_forward_args() {
 	echo "${cmdline}"
 }
 
+function dns_leases_args() {
+	eval $(/usr/local/bin/readhash /var/ipfire/dhcp/settings)
+
+	# If the DHCP server is enabled and DNS Update (RFC2136) is
+	# enabled, too, we won't overlay the internal domain with
+	# the dynamic/static leases.
+
+	if ([ "${ENABLE_GREEN}" = "on" ] || [ "${ENABLE_BLUE}" = "on" ]) \
+			&& [ "${DNS_UPDATE_ENABLED}" = "on" ]; then
+		return
+	fi
+
+	echo "-l /var/state/dhcp/dhcpd.leases"
+}
+
 case "${1}" in
 	start)
 		# kill already running copy of dnsmasq...
@@ -64,7 +79,10 @@ case "${1}" in
 		eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
 		ARGS="$CUSTOM_ARGS"
 		[ "$DOMAIN_NAME_GREEN" != "" ] && ARGS="$ARGS -s $DOMAIN_NAME_GREEN"
-		
+
+		# DHCP configuration
+		ARGS="${ARGS} $(dns_leases_args)"
+
 		echo > /var/ipfire/red/resolv.conf # Clear it
 		if [ -e "/var/ipfire/red/dns1" ]; then
 		    DNS1=$(cat /var/ipfire/red/dns1 2>/dev/null)
@@ -94,7 +112,7 @@ case "${1}" in
 			ARGS="${ARGS} --cache-size=${CACHE_SIZE}"
 		fi
 
-		loadproc /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $ARGS
+		loadproc /usr/sbin/dnsmasq ${ARGS}
 		
 		if [ "${SHOW_SRV}" -eq 1 ] && [ "${DNS1}" != "" -o "${DNS2}" != "" ]; then
 		    boot_mesg "Using DNS server(s): ${DNS1} ${DNS2}"