From 4fc451ba11446480b1ded9f0b3a33e0d4cefb3f4 Mon Sep 17 00:00:00 2001 From: Keith Irwin Date: Fri, 14 Jan 2022 21:49:31 -0700 Subject: [PATCH] Added rDNS --- app/add.js | 32 +++++++++++++++++++++++-- app/del.js | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 95 insertions(+), 7 deletions(-) diff --git a/app/add.js b/app/add.js index b884b5d..71a9a69 100644 --- a/app/add.js +++ b/app/add.js @@ -153,7 +153,9 @@ AllowedIPs = ${allowed_ips} // Update nameserver if (env.ENV!=='prod') console.log(`Skipping nameserver updates because env.ENV != 'prod'`) else { - console.log(`Sending nsupdate to ${env.DNS_MASTER}...`) + console.log(`Sending nsupdates to ${env.DNS_MASTER}...`) + + // Forward DNS try { await helper.nsUpdate(dns_key, env.DNS_MASTER, `update add ${domain}. ${env.DNS_TTL} A ${ipv4_addr} @@ -164,7 +166,33 @@ update add *.${domain}. ${env.DNS_TTL} CNAME ${domain}.`) console.error(`ERROR! Failed to add ns record.`) if (err) console.error(err) } - console.log(`Added ${domain} to nameserver.`) + console.log(`Added ${domain} fDNS to nameserver.`) + + // IPv4 rDNS + const ptr_ipv4 = `${host}.${user.subnet}.in-addr.arpa.` + try { + await helper.nsUpdate(dns_key, env.DNS_MASTER, + `update add ${ptr_ipv4} PTR ${domain}.`) + } + catch (err) { + console.error(`ERROR! Failed to add IPv4 rDNS record.`) + if (err) console.error(err) + } + console.log(`Added ${domain} IPv4 rDNS to nameserver.`) + + // IPv6 rDNS + const padded_ipv6 = `${user.subnet.padStart(4,'0')}${host.padStart(4,'0')}` + const ptr_ipv6 = `${padded_ipv6.split('').reverse().join('.')}.ip6.arpa.` + try { + await helper.nsUpdate(dns_key, env.DNS_MASTER, + `update add ${ptr_ipv6} PTR ${domain}.`) + } + catch (err) { + console.error(`ERROR! Failed to add IPv6 rDNS record.`) + if (err) console.error(err) + } + console.log(`Added ${domain} IPv6 rDNS to nameserver.`) + } // Create new SSL cert diff --git a/app/del.js b/app/del.js index 8ac0d10..3bece26 100644 --- a/app/del.js +++ b/app/del.js @@ -108,12 +108,40 @@ module.exports = async (req, res) => { const peer_ips = peer_lines .filter( (line) => line.includes('AllowedIPs = '))[0] .split(' = ')[1].split(', ') + let ipv4, ipv6 + for (const ip of peer_ips) { + if (ip.indexOf(env.IPV4_NET)!==-1) ipv4 = ip + else if (ip.indexOf(env.IPV6_NET)!==-1) ipv6 = ip + else console.error(`ERROR! Unable to parse this IP: ${ip}`) + } + const ipv4_split = ipv4.split('.') + const ipv4_user = ipv4_split[2] + const ipv4_device = ipv4_split[3] + const ipv6_split = ipv6.split(':') + const ipv6_user = ipv6_split[ipv6_split.length-2] + const ipv6_device = ipv6_split[ipv6_split.length-1] if (peer_pubkey===undefined) { peer_pubkey = peer_lines .filter( (line) => line.includes('PublicKey = ') )[0] .split(' = ')[1] } + // Make sure this checks out... + if (ipv4 && ipv6) { + if (!ipv4_user===ipv6_user) { + console.error(`HEY! ipv4_user!==ipv6_user + ${ipv4_user}!==${ipv6_user}`) + return res.setHeader('content-type', 'text/plain') + .status(500).send('There was an error on the server! Please report this to Keith . ') + } + if (!ipv4_device===ipv6_device) { + console.error(`HEY! ipv4_device!==ipv6_device + ${ipv4_user}!==${ipv6_user}`) + return res.setHeader('content-type', 'text/plain') + .status(500).send('There was an error on the server! Please report this to Keith . ') + } + } + // Make sure requester can't delete self if (peer_ips.includes(req.requester)) { console.log(`Refused to let ${req.requester} delete self: ${peer_name}`) @@ -152,11 +180,13 @@ module.exports = async (req, res) => { console.log(`Informed ${server.host} to delete ${peer_name}.`) } } - + // Delete domains from nameserver if (env.ENV!=='prod') console.log(`Skipping nameserver updates because env.ENV != 'prod'`) else { - console.log(`Sending nsupdate to ${env.DNS_MASTER}...`) + console.log(`Sending nsupdates to ${env.DNS_MASTER}...`) + + // Forward DNS try { await helper.nsUpdate(dns_key, env.DNS_MASTER, `update delete ${peer_name}. A @@ -164,12 +194,42 @@ update delete ${peer_name}. AAAA update delete *.${peer_name}. CNAME`) } catch (err) { - console.error(`ERROR! Failed to delete ns record`) + console.error(`ERROR! Failed to delete fDNS record`) if (err) console.error(err) return res.setHeader('content-type', 'text/plain') - .status(500).send('Peer was added to all servers, but nameservers were not updated. You can use your peer but need to set its domain name by hand.') + .status(500).send('Peer was added to all servers, but nameservers and SSL were not updated. You can use your peer by its IP addresses. Please report this to Keith . ') } - console.log(`Updated nameserver to delete ${peer_name}.`) + console.log(`Updated nameserver to delete ${peer_name} fDNS.`) + + // IPv4 reverse DNS + const ptr_ipv4 = `${ipv4_device}.${ipv4_user}.in-addr.arpa.` + try { + await helper.nsUpdate(dns_key, env.DNS_MASTER, + `update delete ${ptr_ipv4} PTR`) + } + catch (err) { + console.error(`ERROR! Failed to delete ipv4 rDNS record`) + if (err) console.error(err) + return res.setHeader('content-type', 'text/plain') + .status(500).send('Peer was added to all servers, but nameservers and SSL were not updated. You can use your peer by its IP addresses. Please report this to Keith . ') + } + console.log(`Updated nameserver to delete ${peer_name} IPv4 rDNS.`) + + // IPv6 reverse DNS + const padded_ipv6 = `${ipv6_user.padStart(4,'0')}${ipv6_device.padStart(4,'0')}` + const ptr_ipv6 = `${padded_ipv6.split('').reverse().join('.')}.ip6.arpa.` + try { + await helper.nsUpdate(dns_key, env.DNS_MASTER, + `update delete ${ptr_ipv6} PTR`) + } + catch (err) { + console.error(`ERROR! Failed to delete ipv6 rDNS record`) + if (err) console.error(err) + return res.setHeader('content-type', 'text/plain') + .status(500).send('Peer was added to all servers, but nameservers and SSL were not updated. You can use your peer by its IP addresses. Please report this to Keith . ') + } + console.log(`Updated nameserver to delete ${peer_name} IPv6 rDNS.`) + } // Delete SSL cert