From 4a4119ac9ebaada4f88028bbcb17a0239196f74a Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sat, 26 Mar 2022 12:09:49 +0530 Subject: [PATCH] DnsWebService: Added API support for flushing Allowed and Blocked zones. Removed `updateDnsKeyRollover` API and added `updatePrivateKey` API. Updated LoadConfigFile() to create forwarder zone for ntp.org when enabling DNSSEC by default. --- DnsServerCore/DnsWebService.cs | 35 ++++++++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/DnsServerCore/DnsWebService.cs b/DnsServerCore/DnsWebService.cs index 35c677af..2f01a1c7 100644 --- a/DnsServerCore/DnsWebService.cs +++ b/DnsServerCore/DnsWebService.cs @@ -461,6 +461,10 @@ namespace DnsServerCore _otherZonesApi.DeleteAllowedZone(request); break; + case "/api/flushAllowedZone": + _otherZonesApi.FlushAllowedZone(request); + break; + case "/api/allowZone": _otherZonesApi.AllowZone(request); break; @@ -481,6 +485,10 @@ namespace DnsServerCore _otherZonesApi.DeleteBlockedZone(request); break; + case "/api/flushBlockedZone": + _otherZonesApi.FlushBlockedZone(request); + break; + case "/api/blockZone": _otherZonesApi.BlockZone(request); break; @@ -523,14 +531,14 @@ namespace DnsServerCore _zonesApi.UpdatePrimaryZoneDnssecDnsKeyTtl(request); break; - case "/api/zone/dnssec/updateDnsKeyRollover": - _zonesApi.UpdatePrimaryZoneDnssecDnsKeyRollover(request); - break; - case "/api/zone/dnssec/generatePrivateKey": _zonesApi.GenerateAndAddPrimaryZoneDnssecPrivateKey(request); break; + case "/api/zone/dnssec/updatePrivateKey": + _zonesApi.UpdatePrimaryZoneDnssecPrivateKey(request); + break; + case "/api/zone/dnssec/deletePrivateKey": _zonesApi.DeletePrimaryZoneDnssecPrivateKey(request); break; @@ -3925,6 +3933,7 @@ namespace DnsServerCore else { _dnsServer.DnssecValidation = true; + CreateForwarderZoneToDisableDnssecForNTP(); _dnsServer.ResolverRetries = 3; _dnsServer.ResolverTimeout = 2000; @@ -4074,6 +4083,9 @@ namespace DnsServerCore _dnsServer.QnameMinimization = true; //default true to enable privacy feature _dnsServer.NsRevalidation = false; //default false since some badly configured websites fail to load + _dnsServer.DnssecValidation = true; + CreateForwarderZoneToDisableDnssecForNTP(); + SaveConfigFile(); } catch (Exception ex) @@ -4084,6 +4096,21 @@ namespace DnsServerCore } } + private void CreateForwarderZoneToDisableDnssecForNTP() + { + if (Environment.OSVersion.Platform == PlatformID.Unix) + { + //adding a conditional forwarder zone for disabling DNSSEC validation for ntp.org so that systems with no real-time clock can sync time + string ntpDomain = "ntp.org"; + string fwdRecordComments = "This forwarder zone was automatically created to disable DNSSEC validation for ntp.org to allow systems with no real-time clock (e.g. Raspberry Pi) to sync time via NTP when booting."; + if (_dnsServer.AuthZoneManager.CreateForwarderZone(ntpDomain, DnsTransportProtocol.Udp, "this-server", false, NetProxyType.None, null, 0, null, null, fwdRecordComments) is not null) + { + Directory.CreateDirectory(Path.Combine(_dnsServer.ConfigFolder, "zones")); + _dnsServer.AuthZoneManager.SaveZoneFile(ntpDomain); + } + } + } + private void SaveConfigFile() { string configFile = Path.Combine(_configFolder, "dns.config");