deblan/PowerDNS-Admin
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Automatically rectify DNSSEC enabled zones

Browse source 
For DNSSEC enabled zones to function correctly, they need to be rectified on update.

This changes the DNSSEC enable/disable code to set API-RECTIFY:

To `true` when activating DNSSEC on a domain
To `false` when deactivating DNSSEC on a domain

With this, PowerDNS promises to handle the needed rectifications.

(cherry picked from commit 5d15d8899cc03a4a7d433d33c2c4b1da09b5eb2d)
This commit is contained in:
Thomas M Steenholdt 2018-06-10 21:23:10 -02:00
parent ecdb9b9328
commit 0a670845fa
1 changed files with 34 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
app/models.py
View file

@ -842,19 +842,30 @@ class Domain(db.Model):
if domain:
headers = {}
headers['X-API-Key'] = PDNS_API_KEY
post_data = {
"keytype": "ksk",
"active": True
}
try:
# Enable API-RECTIFY for domain, BEFORE activating DNSSEC
post_data = {
"api_rectify": True
}
jdata = utils.fetch_json(urljoin(PDNS_STATS_URL, API_EXTENDED_URL + '/servers/localhost/zones/{0}'.format(domain.name)), headers=headers, method='PUT', data=post_data)
if 'error' in jdata:
return {'status': 'error', 'msg': 'API-RECTIFY could not be enabled for this domain', 'jdata' : jdata}
# Activate DNSSEC
post_data = {
"keytype": "ksk",
"active": True
}
jdata = utils.fetch_json(urljoin(PDNS_STATS_URL, API_EXTENDED_URL + '/servers/localhost/zones/{0}/cryptokeys'.format(domain.name)), headers=headers, method='POST',data=post_data)
if 'error' in jdata:
return {'status': 'error', 'msg': 'Cannot enable DNSSEC for this domain. Error: {0}'.format(jdata['error']), 'jdata' : jdata}
else:
return {'status': 'ok'}
return {'status': 'ok'}
except:
logging.error(traceback.print_exc())
return {'status': 'error', 'msg': 'There was something wrong, please contact administrator'}
else:
return {'status': 'error', 'msg': 'This domain does not exist'}
@ -866,16 +877,26 @@ class Domain(db.Model):
if domain:
headers = {}
headers['X-API-Key'] = PDNS_API_KEY
url = '/servers/localhost/zones/{0}/cryptokeys/{1}'.format(domain.name, key_id)
try:
jdata = utils.fetch_json(urljoin(PDNS_STATS_URL, API_EXTENDED_URL + url), headers=headers, method='DELETE')
if 'error' in jdata:
# Deactivate DNSSEC
jdata = utils.fetch_json(urljoin(PDNS_STATS_URL, API_EXTENDED_URL + '/servers/localhost/zones/{0}/cryptokeys/{1}'.format(domain.name, key_id)), headers=headers, method='DELETE')
if jdata != True:
return {'status': 'error', 'msg': 'Cannot disable DNSSEC for this domain. Error: {0}'.format(jdata['error']), 'jdata' : jdata}
else:
return {'status': 'ok'}
# Disable API-RECTIFY for domain, AFTER deactivating DNSSEC
post_data = {
"api_rectify": False
}
jdata = utils.fetch_json(urljoin(PDNS_STATS_URL, API_EXTENDED_URL + '/servers/localhost/zones/{0}'.format(domain.name)), headers=headers, method='PUT', data=post_data)
if 'error' in jdata:
return {'status': 'error', 'msg': 'API-RECTIFY could not be disabled for this domain', 'jdata' : jdata}
return {'status': 'ok'}
except:
return {'status': 'error', 'msg': 'There was something wrong, please contact administrator','id': key_id, 'url': url}
logging.error(traceback.print_exc())
return {'status': 'error', 'msg': 'There was something wrong, please contact administrator','domain': domain.name, 'id': key_id}
else:
return {'status': 'error', 'msg': 'This domain doesnot exist'}