Commit bee73f22 authored by Leigh Stoller's avatar Leigh Stoller

Add reverse DNS lookup for the jail network.

The GPO wants this for the protogeni racks. We now build reverse
map files for the 172.16 subnet, although we do it on a /16 boundry
to avoid a zillion zone files.

I am not planning to write an update script for this, since it would
require scripting changes to named.conf, which I am loath to do. So I
will do it by hand in Utah, and new sites (racks) will get it. If a
site wants it:

	boss> cd obj/named

Copy all of the 172 files to /etc/named/reverse
Copy all of the 172 zone entries from named.conf to /etc/named/named.conf

	boss> named_setup
parent 563df69f
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2006 University of Utah and the Flux Group.
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
# All rights reserved.
#
......@@ -60,7 +60,8 @@ $(REVFILES): reverse.head named_makerev
# This is not a safe install target after initial install!
install:
echo "Are you sure you want to reinstall the namedb files!"
@echo "Are you sure you want to reinstall the namedb files!"
@echo "Use the install-real target if you are sure"
install-real: resolv.conf \
$(NAMEDB_DIR)/named.conf \
......@@ -70,6 +71,9 @@ install-real: resolv.conf \
$(addprefix $(NAMEDB_DIR)/reverse/, $(wildcard *.db.head))
$(INSTALL_DATA) resolv.conf $(ETCDIR)/resolv.conf
install-reverse: \
$(addprefix $(NAMEDB_DIR)/reverse/, $(wildcard *.db.head))
clean:
rm -f $(NAMED_FILES)
......
......@@ -2,7 +2,7 @@
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2004, 2006, 2007 University of Utah and the Flux Group.
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
# All rights reserved.
#
use Getopt::Std;
......@@ -95,11 +95,15 @@ my ($ia, $ib, $ic, $id) =
($TESTBED_NETWORK =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/);
my ($ea, $eb, $ec, $ed) =
($EXTERNAL_TESTBED_NETWORK =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/);
my ($ja, $jb, $jc, $jd) =
($VIRTNODE_NETWORK =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/);
my ($ima, $imb, $imc, $imd) =
($TESTBED_NETMASK =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/);
my ($ema, $emb, $emc, $emd) =
($EXTERNAL_TESTBED_NETMASK =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/);
my ($jma, $jmb, $jmc, $kmd) =
($VIRTNODE_NETMASK =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/);
$infile = shift @ARGV || exit &usage;
......@@ -148,6 +152,15 @@ while (<IF>) {
print $1 . "\tfile \"reverse/${dotted}.db\";\n";
print $1 . "};\n";
}
for (my $i = $jb; $i <= $jb + (255 - $jmb); $i++) {
my $dotted = "${ja}.${i}";
my $dotted_reverse = "${i}.${ja}";
print $1 . "zone \"${dotted_reverse}.in-addr.arpa\" in {\n";
print $1 . "\ttype master;\n";
print $1 . "\tfile \"reverse/${dotted}.db\";\n";
print $1 . "};\n";
}
}
elsif ($2 eq "external_network_reverse_zones") {
for (my $i = $ec; $i <= $ec + (255 - $emc); $i++) {
......
......@@ -2,7 +2,7 @@
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2007, 2011 University of Utah and the Flux Group.
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
# All rights reserved.
#
use Getopt::Std;
......@@ -42,6 +42,8 @@ my $PUBLIC_NETWORK = "@PUBLIC_NETWORK@";
my $PUBLIC_ROUTER = "@PUBLIC_ROUTER@";
my $PUBLIC_NETMASK = "@PUBLIC_NETMASK@";
my $NAMED_FORWARDERS = "@NAMED_FORWARDERS@";
my $VIRTNODE_NETWORK = "@VIRTNODE_NETWORK@";
my $VIRTNODE_NETMASK = "@VIRTNODE_NETMASK@";
# Testbed libraries.
use lib "@prefix@/lib";
......@@ -57,15 +59,29 @@ my ($ia, $ib, $ic, $id) =
($TESTBED_NETWORK =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/);
my ($ea, $eb, $ec, $ed) =
($EXTERNAL_TESTBED_NETWORK =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/);
my ($ja, $jb, $jc, $jd) =
($VIRTNODE_NETWORK =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/);
my ($ima, $imb, $imc, $imd) =
($TESTBED_NETMASK =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/);
my ($ema, $emb, $emc, $emd) =
($EXTERNAL_TESTBED_NETMASK =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/);
my ($jma, $jmb, $jmc, $kmd) =
($VIRTNODE_NETMASK =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/);
$infile = shift @ARGV || exit &usage;
#
# Generate maps for the jail network.
#
for (my $i = $jb; $i <= $jb + (255 - $jmb); $i++) {
my $internal_revfile = "${ja}.${i}.db.head";
print "Generating internal reverse lookup file ...\n";
system("cp -f reverse.head $internal_revfile") == 0 or
die("Unable to copy $infile to $internal_revfile\n");
}
#
# Generate a set of maps for all indicies in the 3rd octet.
#
......
......@@ -23,6 +23,7 @@ use strict;
sub assemble_zonefile($);
sub make_forward_zonefile($$$);
sub isroutable($);
sub IsJailIP($);
sub process_nodes($);
#
......@@ -33,9 +34,11 @@ my $TBOPS = "@TBOPSEMAIL@";
my $USERS = "@USERNODE@";
my $DISABLED = "@DISABLE_NAMED_SETUP@";
my $OURDOMAIN = "@OURDOMAIN@";
my $VIRTNODE_NETWORK = "@VIRTNODE_NETWORK@";
my $VIRTNODE_NETMASK = "@VIRTNODE_NETMASK@";
my $mapdir = "/etc/namedb";
my $mapfile = "$mapdir/${OURDOMAIN}.db";
my $mapfile = "${mapdir}/${OURDOMAIN}.db";
my $mapfiletail = "$mapfile.tail";
my $mapfile_internal = "$mapdir/${OURDOMAIN}.internal.db";
my $mapfile_internal_head = "$mapfile_internal.head";
......@@ -237,7 +240,8 @@ if (-e $mapfile_internal_head) {
#
opendir(DIR,$reversedir) or fatal("Unable to open directory $reversedir\n");
while (my $dirent = readdir(DIR)) {
if ($dirent !~ /((\d+\.\d+\.\d+).*\.db)\.head/) {
if (! (($dirent =~ /((\d+\.\d+\.\d+).*\.db)\.head/) ||
($dirent =~ /((\d+\.\d+).*\.db)\.head/))) {
next;
}
my $subnet = $2;
......@@ -245,11 +249,24 @@ while (my $dirent = readdir(DIR)) {
my $filename = "$reversedir/$basename.tail";
open MAP, ">$filename" || fatal("Couldn't open $filename: $!\n");
if ($reverse{$subnet}) {
foreach my $aref (sort {$$a[0] <=> $$b[0]} @{$reverse{$subnet}}) {
my ($host, $name) = @$aref;
printf MAP "$host\tIN\tPTR\t$name.$OURDOMAIN.\n";
}
if (exists($reverse{$subnet})) {
if ($subnet =~ /^(\d+)\.(\d+)$/) {
my $classb = $reverse{$subnet};
foreach my $classc (keys(%{$reverse{$subnet}})) {
print MAP "\$ORIGIN ${classc}.${2}.${1}.in-addr.arpa.\n";
foreach my $aref (@{$reverse{$subnet}->{$classc}}) {
my ($host, $name) = @$aref;
printf MAP "$host\tIN\tPTR\t$name.$OURDOMAIN.\n";
}
print MAP "\n";
}
}
else {
foreach my $aref (sort {$$a[0] <=> $$b[0]} @{$reverse{$subnet}}) {
my ($host, $name) = @$aref;
printf MAP "$host\tIN\tPTR\t$name.$OURDOMAIN.\n";
}
}
}
close MAP;
......@@ -337,12 +354,29 @@ sub process_nodes($) {
#
# Put it into a map so we can generate the reverse zone file later
#
$IP =~ /(\d+\.\d+\.\d+)\.(\d+)/;
if ($1 && $2) {
# We use a Class C for the jail network, which complicates the
# reverse zone generation.
#
if (IsJailIP($IP)) {
$IP =~ /(\d+\.\d+)\.(\d+)\.(\d+)/;
my $classb = $1;
my $subnet = $2;
my $host = $3;
if (!exists($reverse{"$classb"})) {
$reverse{"$classb"} = {};
}
if (!exists($reverse{"$classb"}->{$subnet})) {
$reverse{"$classb"}->{$subnet} = [];
}
push(@{$reverse{"$classb"}->{$subnet}}, [$host, $node_id]);
}
elsif ($IP =~ /(\d+\.\d+\.\d+)\.(\d+)/) {
my $subnet = $1;
my $host = $2;
push @{$reverse{$subnet}}, [$host, $node_id];
} else {
}
else {
warn "Poorly formed IP address $IP\n";
}
}
......@@ -548,3 +582,18 @@ sub isroutable($)
return 1;
}
#
# IsJailIP()
#
sub IsJailIP($)
{
my ($IP) = @_;
return 1
if (inet_ntoa((inet_aton($IP) & inet_aton($VIRTNODE_NETMASK))) eq
$VIRTNODE_NETWORK);
return 0;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment