#!/bin/sh : ${pdns_port:='1053'} : ${pdns_distributor_threads:='3'} : ${pdns_receiver_threads:="$nproc"} : ${pdns_allow_axfr_ips:='127.0.0.1/8'} : ${pdns_cache_ttl:='30'} : ${pdns_query_cache_ttl:='20'} : ${pdns_negquery_cache_ttl:='60'} pdns_conf_dir=/usr/local/etc/pdns pdns_runtime_dir=/var/run/pdns pdns_soa_record="sOARecord: ${fqdn} root.${domain} 0 10800 3600 604800 3600" pdns_ns_records=$(printf "nSRecord: %s.${domain}\n" $idm_hostnames) pdns_user=pdns # Install PowerDNS. pkg install -y powerdns # Generate PowerDNS configuration. install_template -m 0644 "${pdns_conf_dir}/pdns.conf" # Enable PowerDNS and start it. sysrc -v pdns_enable=YES service pdns restart # Create initial IDM DNS records. if is_primary_server; then # ou=dns,dc=example,dc=com ldap_add "$dns_basedn" <<EOF objectClass: organizationalUnit ou: $(ldap_rdn_value "$dns_basedn") EOF # Forward DNS zone # dc=idm.example.com,ou=dns,dc=example,dc=com ldap_add "dc=${domain},${dns_basedn}" <<EOF objectClass: dNSDomain objectClass: domainRelatedObject dc: ${domain} ${pdns_soa_record} ${pdns_ns_records} $(echo "$idm_server_list" | awk '{print "aRecord: "$3}') associatedDomain: ${domain} EOF # Reverse DNS zone(s) # dc=0.168.192.in-addr.arpa,ou=dns,dc=example.com for zone in $reverse_dns_zones; do ldap_add "dc=${zone},${dns_basedn}" <<EOF objectClass: dNSDomain objectClass: domainRelatedObject ${pdns_soa_record} ${pdns_ns_records} associatedDomain: ${zone} EOF done # LDAP SRV record ldap_add "dc=_ldap._tcp,dc=${domain},${dns_basedn}" <<EOF objectClass: dNSDomain2 objectClass: domainRelatedObject associatedDomain: _ldap._tcp.${domain} $(printf "sRVRecord: 0 100 389 %s.${domain}\n" ${idm_hostnames}) EOF # LDAPS SRV record ldap_add "dc=_ldaps._tcp,dc=${domain},${dns_basedn}" <<EOF objectClass: dNSDomain2 objectClass: domainRelatedObject associatedDomain: _ldaps._tcp.${domain} $(printf "sRVRecord: 0 100 636 %s.${domain}\n" ${idm_hostnames}) EOF # Kerberos SRV record (UDP) ldap_add "dc=_kerberos._udp,dc=${domain},${dns_basedn}" <<EOF objectClass: dNSDomain2 objectClass: domainRelatedObject associatedDomain: _kerberos._udp.${domain} $(printf "sRVRecord: 0 100 88 %s.${domain}\n" ${idm_hostnames}) EOF # Kerberos SRV record (TCP) ldap_add "dc=_kerberos._tcp,dc=${domain},${dns_basedn}" <<EOF objectClass: dNSDomain2 objectClass: domainRelatedObject associatedDomain: _kerberos._tcp.${domain} $(printf "sRVRecord: 0 100 88 %s.${domain}\n" ${idm_hostnames}) EOF # Kadmin SRV record ldap_add "dc=_kerberos-adm._tcp,dc=${domain},${dns_basedn}" <<EOF objectClass: dNSDomain2 objectClass: domainRelatedObject associatedDomain: _kerberos-adm._tcp.${domain} $(printf "sRVRecord: 0 100 749 %s.${domain}\n" ${idm_hostnames}) EOF # Kpasswd SRV record ldap_add "dc=_kpasswd._udp,dc=${domain},${dns_basedn}" <<EOF objectClass: dNSDomain2 objectClass: domainRelatedObject associatedDomain: _kpasswd._udp.${domain} $(printf "sRVRecord: 0 100 464 %s.${domain}\n" ${idm_hostnames}) EOF # Kerberos realm TXT record ldap_add "dc=_kerberos,dc=${domain},${dns_basedn}" <<EOF objectClass: dNSDomain2 objectClass: domainRelatedObject associatedDomain: _kerberos.${domain} tXTRecord: ${realm} EOF fi