Re: Proof of concept: Bridge rewrite of unbound-dhcp-leases-bridge

[jon <jon.murphy@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 1809 bytes --]

The first script did not place A & PTR records into the unbound cache and this version does!

Once again I am looking for your feedback, thoughts and comments!


Jon

===============================================================================

NOTE: Do not place this into a Production environment - only for Test environment.


Description of Proof of Concept
———————————————————————————————

Transfers DHCP lease information to unbound DNS

• Enable DHCP On Commit/Release/Expire via dhcpd.conf (or dhcpd.conf.local)
• A new (or changed or removed) dynamic/fixed lease causes Script to run
• Script adds A & PTR records on Commit:
    • to unbound dhcp-leases.conf file
    • to unbound cache via "unbound-control load-data"
• Script removes A & PTR records on Release or Expiry of lease


The Script
———————————

• Handles dynamic and fixed leases
• Static hosts checked for duplicates
• Re-enabled unbound-control local_data
    • unbound reloads not needed
• A & PTR records survive IPFire reboot, unbound restart
    • no delays from difficult dhcp-leases parsing

Not completed (yet):
• Static hosts still need to be parsed into unbound hosts.conf file
• Properly handle hostnames with spaces
    • non-legit need to change to dashes or be removed (or completely dropped)
• to be checked with large amount of clients
    • I’ve tested with 6 devices on test system and ~40 devices on production









NOTE: Do not place this into a Production environment.  Only for Test environment.

• If placed into Test environment this current script will terminate "unbound-dhcp-leases-bridge".
• Do not run the `dhcpEvent.sh` script and "unbound-dhcp-leases-bridge" in parallel.



[-- Attachment #2: dhcpEvent_v15.sh.txt --]
[-- Type: text/plain, Size: 4381 bytes --]

#!/bin/bash
#set -e
#set -x

#	DHCP commit/release/expiry status drives this process

####################	following 11 lines just for testing  ####################
/usr/bin/logger --tag dhcp1 "testing --> $0 (v15)"
#	Kill the unbound-dhcp-leases-bridge process
pgrep -f unbound-dhcp-leases-bridge &&
	kill -s SIGTERM $(pgrep -d',' -f unbound-dhcp-leases-bridge) &&
	/usr/bin/logger --tag dhcp1 "terminated unbound-dhcp-leases-bridge"

#	if no dhcpLeases then create file
#[[ -f "${unboundDHCPleases}" ]] || touch "${unboundDHCPleases}"

#	chmod -v 744 /root/dhcpdconf/dhcpEvent_vN.sh
#	ln -vsf /root/dhcpdconf/dhcpEvent_vN.sh /root/dhcpdconf/dhcpEvent.sh
#-------------------------------------------------------------------------------


#	need DOMAINNAME value
eval $(/usr/local/bin/readhash /var/ipfire/main/settings)

dhcpCREstatus=$1
clientIP=$2
clientName=$3

unboundDHCPleases="/etc/unbound/dhcp-leases.conf"				#	output to unbound
unboundStaticHosts="/etc/unbound/hosts.conf"

TTL="60"														#	time to live (seconds)

#	add domain name to client name
clientFQDN=$( echo "${clientName}.${DOMAINNAME}"  )		#	 | tr '[:upper:]' '[:lower:]'

#	reverse IP
reverseIP=$( echo "${clientIP}" | awk -F. '{print $4"."$3"."$2"."$1}' )
arpaName=$( echo "${reverseIP}.in-addr.arpa" )

#	create "A" record and "PTR" record for unbound
#	made "absolute address" by adding a "." at the end of names
#	this is done for consistency with the unbound cache
aRecord="${clientFQDN}. ${TTL} IN A ${clientIP}"
ptrRecord="${arpaName}. ${TTL} IN PTR ${clientFQDN}."

#	create local data line using above Records
aRecordLD="local-data: \"${aRecord}"\"
ptrRecordLD="local-data: \"${ptrRecord}"\"

case "${dhcpCREstatus}" in
	commit)
		#	if client name is blank then exit
		[[ -z "${clientName}" ]] &&
			{ /usr/bin/logger --tag dhcp1 "${dhcpCREstatus}: no clientName - exit" ; exit ; }

		#	if client exists in static hosts then exit
		if grep --word-regexp --quiet -e "${clientIP}" -e "${clientName}" "${unboundStaticHosts}" ; then
			/usr/bin/logger --tag dhcp1 "${dhcpCREstatus}: ${clientName} or ${clientIP} found in static hosts - exit"
			exit
		fi

		#	does A record and PTR record already exist? if no, then add
		if ! grep --word-regexp --quiet -e "${clientIP}" -e "${reverseIP}" "${unboundDHCPleases}" ; then
			#	add A record and PTR record to unbound
			echo -e "${aRecordLD}\n${ptrRecordLD}" >> "${unboundDHCPleases}"
			echo -e "${aRecord}\n${ptrRecord}" | /usr/sbin/unbound-control local_datas

			/usr/bin/logger --tag dhcp1 "${dhcpCREstatus}: Record A and PTR added to unbound"
		else
			/usr/bin/logger --tag dhcp1 "${dhcpCREstatus}: Record A and PTR already exist"
		fi
		;;

	release|expiry)
		#	"expiry" and "release" are the same since I don't understand the difference    :-(

		#	does IP addr or Reverse IP appear in unbound dhcp-leases file?  if yes, delete line
		if grep --word-regexp --quiet -e "${clientIP}" -e "${reverseIP}" "${unboundDHCPleases}" ; then
			#	Since expiry does not return names, we must use the IP addr to find two FQDNs.
			#	get FQDN by searching for IP address
			uc_FQDN=$( unbound-control list_local_data | grep --word-regexp "${clientIP}" | awk '{ print $1 }' )
			[[ -z "${uc_FQDN}" ]] &&
				{ /usr/bin/logger --tag dhcp1 "${dhcpCREstatus}: Oops - no uc_FQDN - exit" ; exit ; }
				
			#	remove FQDNs from unbound dhcp-leases file (two lines in file)
			/bin/sed --in-place "/${uc_FQDN}/d" "${unboundDHCPleases}"
			/usr/bin/logger --tag dhcp1 "${dhcpCREstatus}: ${uc_FQDN} removed from ub dhcp leases"

			#	Since "local_data_remove" uses only names to delete (Client Name and arpa Name),
			#		we must get both names by searching for FQDN (returns two lines).
			#		e.g., "iMac3.localdomain."  AND  "100.6.168.192.in-addr.arpa."
			uc_Names=$( unbound-control list_local_data | awk "/${uc_FQDN}/" | awk '{ print $1 }' )

			#	for unbound cache, MUST be deleted by name for A record and arpa name for PTR record!
			echo -e "${uc_Names}" | /usr/sbin/unbound-control local_datas_remove

			/usr/bin/logger --tag dhcp1 "${dhcpCREstatus}: ${uc_Names} removed from unbound-control"
		else
			/usr/bin/logger --tag dhcp1 "${dhcpCREstatus}: ${clientIP} or ${reverseIP} not found"
		fi
		;;

	*)
		/usr/bin/logger --tag dhcp1 "CRE script: case = no status"
		echo "Usage:  dhcpEvent <status> <ip_address> <client_hostname>"
		exit
		;;
esac

exit

[-- Attachment #3: dhcpd.conf.local --]
[-- Type: application/octet-stream, Size: 1360 bytes --]

#	Do NOT delete this file!
#		it can be modified but this file cannot be deleted

#
#	commit
#
on commit {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);

#set NoName = concat("dhcp-", binary-to-ascii(10, 8, "-", leased-address));
#	if preferred, NoName can be changed to blank. and then ignored in execute script
set NoName = "";
set ClientName = pick-first-value(option host-name, config-option-host-name, client-name, NoName);

#	a MAC address can easily be added for other uses.  MAC is not needed for DNS

log(concat("CRE-Commit:  ClientIP: ", ClientIP, "  Name: ", ClientName));

execute("/root/dhcpdconf/dhcpEvent.sh", "commit", ClientIP, ClientName);
}


#
#	release
#
on release {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);

#set NoName = concat("dhcp-", binary-to-ascii(10, 8, "-", leased-address));
set NoName = "";
set ClientName = pick-first-value(option host-name, config-option-host-name, client-name, NoName);

log(concat("CRE-Release:  ClientIP: ", ClientIP, "  Name: ", ClientName));

execute("/root/dhcpdconf/dhcpEvent.sh", "release", ClientIP, ClientName);
}


#
#	expiry
#
on expiry {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientName = "";

log(concat("CRE-Expiry:  ClientIP: ", ClientIP, "  Name: ", ClientName));

execute("/root/dhcpdconf/dhcpEvent.sh", "expiry", ClientIP, "");
}