1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-11-23 02:27:05 +00:00
mailinabox/scripts/dns_update.sh

127 lines
3.9 KiB
Bash
Raw Normal View History

# DNS: Creates DNS zone files
#############################
2013-08-21 20:53:22 +00:00
# Create nsd.conf and zone files, and updates the OpenDKIM signing tables.
# We set the administrative email address for every domain to domain_contact@[domain.com].
# You should probably create an alias to your email address.
# This script is safe to run on its own.
# Load $STORAGE_ROOT, $PUBLIC_IP, and $PRIMARY_HOSTNAME.
source /etc/mailinabox.conf
2013-08-21 20:53:22 +00:00
PUBLIC_IP=`cat $STORAGE_ROOT/dns/our_ip`
PRIMARY_HOSTNAME=`cat $STORAGE_ROOT/dns/primary_hostname`
# Ensure a zone file exists for every domain name in use by a mail user.
for mail_user in `tools/mail.py user`; do
domain=`echo $mail_user | sed s/.*@//`
if [ ! -f $STORAGE_ROOT/dns/$domain.txt ]; then
echo "" > $STORAGE_ROOT/dns/$domain.txt;
fi
done
2013-08-21 20:53:22 +00:00
# Create the top of nsd.conf.
cat > /etc/nsd3/nsd.conf << EOF;
server:
hide-version: yes
# identify the server (CH TXT ID.SERVER entry).
identity: ""
# The directory for zonefile: files.
zonesdir: "/etc/nsd3/zones"
# ZONES
EOF
# For every zone file in our dns directory, build a proper zone
# file and mention it in nsd.conf. And add information to the
# OpenDKIM signing tables.
mkdir -p /etc/nsd3/zones;
truncate --size 0 /etc/opendkim/KeyTable
truncate --size 0 /etc/opendkim/SigningTable
for fn in $STORAGE_ROOT/dns/*.txt; do
# $fn is the zone configuration file, which is just a placeholder now.
# For every file like mydomain.com.txt we'll create zone information
# for that domain. We don't actually read the file.
# $fn2 is the file without the directory.
# $zone is the domain name (just mydomain.com).
2013-08-21 20:53:22 +00:00
fn2=`basename $fn`
zone=`echo $fn2 | sed "s/.txt\$//"`
# If the zone file exists, get the existing zone serial number so we can increment it.
# TODO: This needs to be done better so that the existing serial number is persisted in the storage area.
2013-08-21 20:53:22 +00:00
serial=`date +"%Y%m%d00"`
if [ -f /etc/nsd3/zones/$fn2 ]; then
existing_serial=`grep "serial number" /etc/nsd3/zones/$fn2 | sed "s/; serial number//"`
if [ ! -z "$existing_serial" ]; then
serial=`echo $existing_serial + 1 | bc`
fi
fi
# Create the zone file.
2013-08-21 20:53:22 +00:00
cat > /etc/nsd3/zones/$fn2 << EOF;
\$ORIGIN $zone. ; default zone domain
\$TTL 86400 ; default time to live
@ IN SOA ns1.$zone. domain_contact.$zone. (
$serial ; serial number
28800 ; Refresh
7200 ; Retry
864000 ; Expire
86400 ; Min TTL
)
NS ns1.$zone.
2013-08-31 17:40:13 +00:00
NS ns2.$zone.
2013-08-21 20:53:22 +00:00
IN A $PUBLIC_IP
MX 10 mail.$zone.
300 TXT "v=spf1 mx -all"
2013-08-31 17:40:13 +00:00
ns1 IN A $PUBLIC_IP
ns2 IN A $PUBLIC_IP
2013-08-21 20:53:22 +00:00
mail IN A $PUBLIC_IP
2013-08-31 17:40:13 +00:00
www IN A $PUBLIC_IP
2013-08-21 20:53:22 +00:00
EOF
# If OpenDKIM is set up, append the suggested TXT record to the zone.
2013-08-21 20:53:22 +00:00
if [ -f "$STORAGE_ROOT/mail/dkim/mail.txt" ]; then
cat "$STORAGE_ROOT/mail/dkim/mail.txt" >> /etc/nsd3/zones/$fn2;
fi
# Add this zone file to the main nsd configuration file.
2013-08-21 20:53:22 +00:00
cat >> /etc/nsd3/nsd.conf << EOF;
zone:
name: $zone
zonefile: $fn2
EOF
# Append a record to OpenDKIM's KeyTable and SigningTable. The SigningTable maps
# email addresses to signing information. The KeyTable maps specify the hostname,
# the selector, and the path to the private key.
#
# Just in case we don't actually host the DNS for all domains of our mail users,
# we assume that DKIM is at least configured in the DNS of $PRIMARY_HOSTNAME and
# we use that host for all DKIM signatures.
#
# In SigningTable, we map every email address to a key record called $zone.
# Then we specify for the key record named $zone its domain, selector, and key.
echo "$zone $PRIMARY_HOSTNAME:mail:$STORAGE_ROOT/mail/dkim/mail.private" >> /etc/opendkim/KeyTable
2013-08-21 20:53:22 +00:00
echo "*@$zone $zone" >> /etc/opendkim/SigningTable
done
# Kick nsd.
service nsd3 rebuild
service nsd3 restart # ensure it is running
# Kick opendkim.
service opendkim restart