X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fnetexternal.cgi;h=4393393e081f07326de37e0b7648c2c2d59683c4;hp=156ef2418c604f429f66390e9ef136aa267e1eaa;hb=297110d460e4b91cd15877cd5fe0fe64a27c6c33;hpb=f4e869ffb42c717167478fc75b993f9903298e15

diff --git a/html/cgi-bin/netexternal.cgi b/html/cgi-bin/netexternal.cgi
index 156ef2418c..4393393e08 100644
--- a/html/cgi-bin/netexternal.cgi
+++ b/html/cgi-bin/netexternal.cgi
@@ -25,9 +25,12 @@ use strict;
 #use warnings;
 #use CGI::Carp 'fatalsToBrowser';
 
+use IO::Socket;
+
 require '/var/ipfire/general-functions.pl';
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
+require "${General::swroot}/geoip-functions.pl";
 require "${General::swroot}/graphs.pl";
 
 my %color = ();
@@ -76,6 +79,108 @@ if ( $querry[0] ne~ ""){
 		&Header::closebox();
 	}
 
+	## DNSSEC
+	my @nameservers = ();
+	foreach my $f ("${General::swroot}/red/dns1", "${General::swroot}/red/dns2") {
+		open(DNS, "<$f");
+		my $nameserver = <DNS>;
+		close(DNS);
+
+		chomp($nameserver);
+		if ($nameserver) {
+			push(@nameservers, $nameserver);
+		}
+	}
+
+	&Header::openbox('100%', 'center', $Lang::tr{'dnssec information'});
+
+	print <<END;
+		<table class="tbl" width='66%'>
+			<thead>
+				<tr>
+					<th align="center">
+						<strong>$Lang::tr{'nameserver'}</strong>
+					</th>
+					<th align="center">
+						<strong>$Lang::tr{'country'}</strong>
+					</th>
+					<th align="center">
+						<strong>$Lang::tr{'rdns'}</strong>
+					</th>
+					<th align="center">
+						<strong>$Lang::tr{'status'}</strong>
+					</th>
+				</tr>
+			</thead>
+			<tbody>
+END
+
+	my $id = 0;
+	for my $nameserver (@nameservers) {
+		my $status = &check_dnssec($nameserver, "ping.ipfire.org");
+
+		my $colour = "";
+		my $bgcolour = "";
+		my $message = "";
+
+		# DNSSEC Not supported
+		if ($status == 0) {
+			$message = $Lang::tr{'dnssec not supported'};
+			$colour = "white";
+			$bgcolour = ${Header::colourred};
+
+		# DNSSEC Aware
+		} elsif ($status == 1) {
+			$message = $Lang::tr{'dnssec aware'};
+			$colour = "black";
+			$bgcolour = ${Header::colouryellow};
+
+		# DNSSEC Validating
+		} elsif ($status == 2) {
+			$message = $Lang::tr{'dnssec validating'};
+			$colour = "white";
+			$bgcolour = ${Header::colourgreen};
+
+		# Error
+		} else {
+			$colour = ${Header::colourred};
+		}
+
+		my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'};
+
+		# collect more information about name server (rDNS, GeoIP country code)
+		my $ccode = &GeoIP::lookup($nameserver);
+		my $flag_icon = &GeoIP::get_flag_icon($ccode);
+
+		my $iaddr = inet_aton($nameserver);
+		my $rdns = gethostbyaddr($iaddr, AF_INET);
+		if (!$rdns) { $rdns = $Lang::tr{'lookup failed'}; }
+
+		print <<END;
+			<tr bgcolor="$table_colour">
+				<td>
+					$nameserver
+				</td>
+				<td align="center">
+					<a href='country.cgi#$ccode'><img src="$flag_icon" border="0" alt="$ccode" title="$ccode" /></a>
+				</td>
+				<td align="center">
+					$rdns
+				</td>
+				<td bgcolor="$bgcolour" align="center">
+					<font color="$colour"><strong>$message</strong></font>
+				</td>
+			</tr>
+END
+	}
+
+	print <<END;
+			</tbody>
+		</table>
+END
+
+	&Header::closebox();
+
 	if ( $netsettings{'CONFIG_TYPE'} =~ /^(1|2|3|4)$/  && $netsettings{'RED_TYPE'} eq "DHCP"){
 
 		&Header::openbox('100%', 'left', "RED $Lang::tr{'dhcp configuration'}");
@@ -161,4 +266,33 @@ END
 
 	&Header::closebigbox();
 	&Header::closepage();
-}	
+}
+
+sub check_dnssec($$) {
+	my $nameserver = shift;
+	my $record = shift;
+
+	my @command = ("dig", "+dnssec", $record, "\@$nameserver");
+
+	my @output = qx(@command);
+	my $output = join("", @output);
+
+	my $status = 0;
+	if ($output =~ m/status: (\w+)/) {
+		$status = ($1 eq "NOERROR");
+
+		if (!$status) {
+			return -1;
+		}
+	}
+
+	my @flags = ();
+	if ($output =~ m/flags: (.*);/) {
+		@flags = split(/ /, $1);
+	}
+
+	my $aware = ($output =~ m/RRSIG/);
+	my $validating = ("ad" ~~ @flags);
+
+	return $aware + $validating;
+}