42 lines
1.3 KiB
PHP
42 lines
1.3 KiB
PHP
<?php
|
|
require __DIR__ . '/../init.php';
|
|
|
|
foreach (query('select', 'ns-syncs') as $sync) {
|
|
$zone_raw = file_get_contents(CONF['ns']['knot_zones_path'] . '/' . $sync['destination'] . 'zone');
|
|
if ($zone_raw === false)
|
|
output(403, 'Unable to read zone file.');
|
|
|
|
foreach (['AAAA', 'A', 'CAA'] as $type) {
|
|
// Get source/distant records
|
|
try {
|
|
$results = kdig(name: $sync['source'], type: $type);
|
|
} catch (KdigException) {
|
|
fwrite(STDERR, $sync['source'] . ' resolution failed.' . LF);
|
|
break;
|
|
}
|
|
if ($results['AD'] !== 1) {
|
|
fwrite(STDERR, $sync['source'] . ' skipped: not signed using DNSSEC.' . LF);
|
|
continue;
|
|
}
|
|
$source_records = array_column($results['answerRRs'] ?? [], 'rdata' . $type);
|
|
|
|
// Get destination/local records
|
|
$dest_records = array_column(parseZoneFile($zone_raw, [$type], $sync['destination'], false), 3);
|
|
|
|
// Add source records that are not yet in destination
|
|
foreach (array_diff($source_records, $dest_records) as $value_to_add)
|
|
knotcZoneExec($sync['destination'], [
|
|
$sync['destination'],
|
|
SYNC_TTL,
|
|
$type,
|
|
$value_to_add,
|
|
], 'add');
|
|
// Delete destination records that are not part of source anymore
|
|
foreach (array_diff($dest_records, $source_records) as $value_to_delete)
|
|
knotcZoneExec($sync['destination'], [
|
|
$sync['destination'],
|
|
$type,
|
|
$value_to_delete,
|
|
], 'delete');
|
|
}
|
|
}
|