WebSVN – ALCASAR – Blame – /scripts/alcasar-dns-local.sh

Rev	Author	Line No.	Line
2223	tom.houday	1	`#!/bin/bash`
		2	`# $Id: alcasar-dns-local.sh 2838 2020-06-21 22:15:26Z rexy $`
1607	franck	3
2688	lucas.echa	4	`# alcasar-dns-local.sh`
1607	franck	5	`# by Rexy - 3abtux`
		6	`# This script is distributed under the Gnu General Public License (GPL)`
		7
		8	`# active ou desactive la redirection du service DNS sur le réseau de consultation`
		9	`# enable or disable the redirector of internal DNS service on consultation LAN`
		10
		11	`SED="/bin/sed -i"`
		12
		13	`ALCASAR_CONF_FILE="/usr/local/etc/alcasar.conf"`
2688	lucas.echa	14	`LOCAL_DOMAIN_CONF_FILE="/etc/unbound/conf.d/common/local-forward/dns-redirector.conf"`
2559	rexy	15	`LOCAL_HOSTNAME_FILE="/etc/hosts"`
1607	franck	16
		17	`# define DNS parameters (LAN side)`
2831	rexy	18	INT_DNS_DOMAIN=`grep ^DOMAIN $ALCASAR_CONF_FILE\|cut -d"=" -f2`
		19	INT_DNS_HOST=`grep ^HOSTNAME $ALCASAR_CONF_FILE\|cut -d"=" -f2`
2833	rexy	20	INT_DNS_IP_MASK=`grep ^PRIVATE_IP $ALCASAR_CONF_FILE\|cut -d"=" -f2`
2831	rexy	21	INT_DNS_IP=`grep ^PRIVATE_IP $ALCASAR_CONF_FILE\|cut -d"=" -f2\|cut -d"/" -f1`
		22	INTIF=`grep ^INTIF $ALCASAR_CONF_FILE\|cut -d"=" -f2`
		23	INT_DNS_ACTIVE=`grep INT_DNS_ACTIVE $ALCASAR_CONF_FILE\|cut -d"=" -f2`
		24	`LOCAL_DNS_FILE="/etc/unbound/conf.d/common/local-dns/$INTIF.conf"`
2833	rexy	25	`LOCAL_DNS_BLACKHOLE_FILE="/etc/unbound/conf.d/blackhole/iface.$INTIF.conf"`
1607	franck	26
2688	lucas.echa	27	`usage="Usage: alcasar-dns-local.sh {--on \| -on} \| {--off \| -off} \| {--add \| -add} ip domain \| {--del \| -del} ip domain \| {--reload \| -reload}"`
1607	franck	28	`nb_args=$#`
		29	`args=$1`
		30	`if [ $nb_args -eq 0 ]`
		31	`then`
		32	`echo "$usage"`
		33	`exit 1`
		34	`fi`
2688	lucas.echa	35
2559	rexy	36	`function restart_dns(){`
2688	lucas.echa	37	`for dns in unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole`
2559	rexy	38	`do`
		39	`systemctl restart $dns`
		40	`done`
		41	`}`
		42
2833	rexy	43	`function hosts_to_unbound(){ # configure the unbound conf file with local host names resolution (forward + blackhole)`
2831	rexy	44	`cat << EOF > $LOCAL_DNS_FILE`
		45	`server:`
		46	`local-zone: "$INT_DNS_DOMAIN" static`
		47	`local-data: "$INT_DNS_HOST.$INT_DNS_DOMAIN A $INT_DNS_IP"`
		48	`local-data-ptr: "$INT_DNS_IP $INT_DNS_HOST.$INT_DNS_DOMAIN"`
		49	`EOF`
2833	rexy	50	`cat << EOF > $LOCAL_DNS_BLACKHOLE_FILE`
		51	`server:`
		52	`server:`
		53	`interface: ${INT_DNS_IP}@56`
		54	`access-control-view: $INT_DNS_IP_MASK $INTIF`
		55	`view:`
		56	`name: "$INTIF"`
		57	`local-zone: "." redirect`
		58	`local-data: ". A $INT_DNS_IP"`
		59	`local-zone: "$INT_DNS_DOMAIN" static`
		60	`local-data: "$INT_DNS_HOST.$INT_DNS_DOMAIN A $INT_DNS_IP"`
		61	`local-data-ptr: "$INT_DNS_IP $INT_DNS_HOST.$INT_DNS_DOMAIN"`
		62	`EOF`
2688	lucas.echa	63	`while read -r line`
		64	`do`
		65	`ip_address=$(echo $line \| awk '{ print $1 }')`
		66	`domain=$(echo $line \| awk '{ print $2 }')`
		67	`if ! echo $line \| grep -E -q "^([0-9\.\t ]+alcasar( \|$)\|127\.0\.0)"`
		68	`then`
2833	rexy	69	`echo -e "\tlocal-data: \"$domain.$INT_DNS_DOMAIN A $ip_address\"" >> $LOCAL_DNS_FILE`
2831	rexy	70	`echo -e "\tlocal-data-ptr: \"$ip_address $domain.$INT_DNS_DOMAIN\"" >> $LOCAL_DNS_FILE`
2833	rexy	71	`echo -e "\tlocal-data: \"$domain.$INT_DNS_DOMAIN A $ip_address\"" >> $LOCAL_DNS_BLACKHOLE_FILE`
		72	`echo -e "\tlocal-data-ptr: \"$ip_address $domain.$INT_DNS_DOMAIN\"" >> $LOCAL_DNS_BLACKHOLE_FILE`
2688	lucas.echa	73	`fi`
		74	`done < $LOCAL_HOSTNAME_FILE`
		75	`}`
		76
1607	franck	77	`case $args in`
		78	`-\? \| -h \| --h)`
		79	`echo "$usage"`
		80	`exit 0`
		81	`;;`
2559	rexy	82	`--add\|-add) # add a local host resolution`
		83	`if [ $nb_args -ne 3 ]`
		84	`then`
		85	`echo "$usage"`
		86	`exit 1`
		87	`else`
2688	lucas.echa	88	`# removing if already exists`
2838	rexy	89	`$SED "/^$2[ \t]*$3/d" $LOCAL_HOSTNAME_FILE`
2688	lucas.echa	90	`# adding to the hosts file`
2559	rexy	91	`echo -e "$2\t$3" >> $LOCAL_HOSTNAME_FILE`
2688	lucas.echa	92	`hosts_to_unbound`
2559	rexy	93	`restart_dns`
		94	`fi`
		95	`;;`
		96	`--del\|-del) # remove a local host resolution`
		97	`if [ $nb_args -ne 3 ]`
		98	`then`
		99	`echo "$usage"`
		100	`exit 1`
		101	`else`
2838	rexy	102	`$SED "/^$2[ \t]*$3/d" $LOCAL_HOSTNAME_FILE`
2688	lucas.echa	103	`hosts_to_unbound`
2559	rexy	104	`restart_dns`
		105	`fi`
		106	`;;`
2688	lucas.echa	107	`--reload\|-reload)`
		108	`hosts_to_unbound`
		109	`restart_dns`
		110	`;;`
2825	rexy	111	`--hosts_to_unbound\|-hosts_to_unbound)`
		112	`hosts_to_unbound`
		113	`;;`
1607	franck	114	`--off\|-off) # disable DNS redirector`
2688	lucas.echa	115	`#$SED "s?^#filterwin2k.*?filterwin2k?g" $DNSMASQ_CONF_FILE`
		116	`rm -f $LOCAL_DOMAIN_CONF_FILE`
1607	franck	117	`$SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=off?g" $ALCASAR_CONF_FILE`
2559	rexy	118	`restart_dns`
2688	lucas.echa	119
		120	`# Reload firewall`
		121	`/usr/local/bin/alcasar-iptables.sh`
1607	franck	122	`;;`
2688	lucas.echa	123	`--on\|-on) # enable DNS redirector`
		124	`#$SED "s?^filterwin2k.*?#filterwin2k?g" $DNSMASQ_CONF_FILE`
		125	`cat > $LOCAL_DOMAIN_CONF_FILE << EOF`
		126	`server:`
		127	`local-zone: "$INT_DNS_DOMAIN." transparent`
		128	`forward-zone:`
		129	`name: "$INT_DNS_DOMAIN."`
		130	`forward-addr: $INT_DNS_IP`
		131	`EOF`
1607	franck	132	`$SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=on?g" $ALCASAR_CONF_FILE`
2559	rexy	133	`restart_dns`
2688	lucas.echa	134	`# Reload firewall`
		135	`/usr/local/bin/alcasar-iptables.sh`
1607	franck	136	`;;`
		137	`*)`
2688	lucas.echa	138	`echo "Argument inconnu : $1";`
1607	franck	139	`echo "$usage"`
		140	`exit 1`
		141	`;;`
		142	`esac`

Subversion Repositories ALCASAR

(root)/scripts/alcasar-dns-local.sh – Rev 2838