1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
#!/bin/sh
: ${pdns_port:='1053'}
: ${pdns_distributor_threads:='3'}
: ${pdns_receiver_threads:="$nproc"}
: ${pdns_allow_axfr_ips:='127.0.0.1/8'}
: ${pdns_cache_ttl:='30'}
: ${pdns_query_cache_ttl:='20'}
: ${pdns_negquery_cache_ttl:='60'}
pdns_conf_dir=/usr/local/etc/pdns
pdns_runtime_dir=/var/run/pdns
pdns_soa_record="sOARecord: ${fqdn} root.${domain} 0 10800 3600 604800 3600"
pdns_ns_records=$(printf "nSRecord: %s.${domain}\n" $idm_hostnames)
pdns_user=pdns
# Install PowerDNS.
pkg install -y powerdns
# Generate PowerDNS configuration.
install_template -m 0644 "${pdns_conf_dir}/pdns.conf"
# Enable PowerDNS and start it.
sysrc -v pdns_enable=YES
service pdns restart
# Create initial IDM DNS records.
if is_primary_server; then
# ou=dns,dc=example,dc=com
ldap_add "$dns_basedn" <<EOF
objectClass: organizationalUnit
ou: $(ldap_rdn_value "$dns_basedn")
EOF
# Forward DNS zone
# dc=idm.example.com,ou=dns,dc=example,dc=com
ldap_add "dc=${domain},${dns_basedn}" <<EOF
objectClass: dNSDomain
objectClass: domainRelatedObject
dc: ${domain}
${pdns_soa_record}
${pdns_ns_records}
$(echo "$idm_server_list" | awk '{print "aRecord: "$2}')
associatedDomain: ${domain}
EOF
# Reverse DNS zone(s)
# dc=0.168.192.in-addr.arpa,ou=dns,dc=example.com
for zone in $reverse_dns_zones; do
ldap_add "dc=${zone},${dns_basedn}" <<EOF
objectClass: dNSDomain
objectClass: domainRelatedObject
${pdns_soa_record}
${pdns_ns_records}
associatedDomain: ${zone}
EOF
done
# LDAP SRV record
ldap_add "dc=_ldap._tcp,dc=${domain},${dns_basedn}" <<EOF
objectClass: dNSDomain2
objectClass: domainRelatedObject
associatedDomain: _ldap._tcp.${domain}
$(printf "sRVRecord: 0 100 389 %s.${domain}\n" ${idm_hostnames})
EOF
# LDAPS SRV record
ldap_add "dc=_ldaps._tcp,dc=${domain},${dns_basedn}" <<EOF
objectClass: dNSDomain2
objectClass: domainRelatedObject
associatedDomain: _ldaps._tcp.${domain}
$(printf "sRVRecord: 0 100 636 %s.${domain}\n" ${idm_hostnames})
EOF
# Kerberos SRV record (UDP)
ldap_add "dc=_kerberos._udp,dc=${domain},${dns_basedn}" <<EOF
objectClass: dNSDomain2
objectClass: domainRelatedObject
associatedDomain: _kerberos._udp.${domain}
$(printf "sRVRecord: 0 100 88 %s.${domain}\n" ${idm_hostnames})
EOF
# Kerberos SRV record (TCP)
ldap_add "dc=_kerberos._tcp,dc=${domain},${dns_basedn}" <<EOF
objectClass: dNSDomain2
objectClass: domainRelatedObject
associatedDomain: _kerberos._tcp.${domain}
$(printf "sRVRecord: 0 100 88 %s.${domain}\n" ${idm_hostnames})
EOF
# Kadmin SRV record
ldap_add "dc=_kerberos-adm._tcp,dc=${domain},${dns_basedn}" <<EOF
objectClass: dNSDomain2
objectClass: domainRelatedObject
associatedDomain: _kerberos-adm._tcp.${domain}
$(printf "sRVRecord: 0 100 749 %s.${domain}\n" ${idm_hostnames})
EOF
# Kpasswd SRV record
ldap_add "dc=_kpasswd._udp,dc=${domain},${dns_basedn}" <<EOF
objectClass: dNSDomain2
objectClass: domainRelatedObject
associatedDomain: _kpasswd._udp.${domain}
$(printf "sRVRecord: 0 100 464 %s.${domain}\n" ${idm_hostnames})
EOF
# Kerberos realm TXT record
ldap_add "dc=_kerberos,dc=${domain},${dns_basedn}" <<EOF
objectClass: dNSDomain2
objectClass: domainRelatedObject
associatedDomain: _kerberos.${domain}
tXTRecord: ${realm}
EOF
fi
|
