From: Ralf Jung Date: Fri, 9 Jan 2015 09:51:48 +0000 (+0100) Subject: add a way to pass "-k" to nsupdate, and document all options in the sample config... X-Git-Url: https://git.ralfj.de/dyn-nsupdate.git/commitdiff_plain/fcd24705050317176a383d8a9ba10270512133c0?ds=inline;hp=d61aa3e46d25f8800d3a3db887e756f9b3a744dc add a way to pass "-k" to nsupdate, and document all options in the sample config file --- diff --git a/dyn-nsupdate.conf.dist b/dyn-nsupdate.conf.dist index d56bc78..2b2112f 100644 --- a/dyn-nsupdate.conf.dist +++ b/dyn-nsupdate.conf.dist @@ -1,5 +1,12 @@ +# Full path to nsupdate binary nsupdate = /usr/bin/nsupdate -key = keyname:passwd +# You can change the port that will be used to talk to BIND (nsupdate "-p" option). +#port = 53 +# If you need a key to authenticate updates, give its filename here (nsupdate "-k" option). +#keyfile = /var/lib/bind/keys/zone.key +# Alternatively, you can specify the name and secret of the key here (nsupdate "-y" option). Note that this is *discouraged* (see nsupdate man page for details). +#key = keyname:passwd +# Add one section per zone that can be updated, containing only the relevant password. [test.dyn.example.com] password = some_secure_password diff --git a/nsupd-wrapper/dyn-nsupdate.cpp b/nsupd-wrapper/dyn-nsupdate.cpp index 27db031..7424a36 100644 --- a/nsupd-wrapper/dyn-nsupdate.cpp +++ b/nsupd-wrapper/dyn-nsupdate.cpp @@ -102,7 +102,14 @@ int main(int argc, const char ** argv) pt::ini_parser::read_ini(CONFIG_FILE, config); std::string nsupdate = config.get("nsupdate"); unsigned server_port = config.get("port", 53); - std::string key = config.get("key",""); + std::string keyfile = config.get("keyfile", ""); + std::string key = config.get("key", ""); + + /* check for some invalid configurations */ + if (keyfile.size() > 0 && key.size() > 0) { + std::cerr << "You can only have either a keyfile or a key set. Please fix your configuration." << std::endl; + exit(1); + } /* Given the domain, check whether the password matches */ optional correct_password = config.get_optional(pt::ptree::path_type(domain+"/password", '/')); @@ -133,9 +140,13 @@ int main(int argc, const char ** argv) exit(1); } /* exec nsupdate */ - if (key.size() > 0) { + if (keyfile.size() > 0) { + execl(nsupdate.c_str(), nsupdate.c_str(), "-k", keyfile.c_str(), "-p", std::to_string(server_port).c_str(), "-l", (char *)NULL); + } + else if (key.size() > 0) { execl(nsupdate.c_str(), nsupdate.c_str(), "-y", key.c_str(), "-p", std::to_string(server_port).c_str(), "-l", (char *)NULL); - } else { + } + else { execl(nsupdate.c_str(), nsupdate.c_str(), "-p", std::to_string(server_port).c_str(), "-l", (char *)NULL); } /* There was an error */