Check upstream NS for ns/ and AAAA/A for ht/

2022-08-30 22:34:09 +02:00 · 2022-08-30 22:34:09 +02:00 · 7a35ebccc5
parent 6a547808e6
commit 7a35ebccc5
2 changed files with 14 additions and 0 deletions
--- a/public/ht/add-http-dns.php
+++ b/public/ht/add-http-dns.php
@ -44,6 +44,14 @@ if ($dirsStatuses[$_POST['dir']] !== false)
 if (query('select', 'sites', ['domain' => $_POST['domain']], 'domain') !== [])
 	userError("Ce domaine existe déjà sur ce service.");

+$remoteAaaaRecords = array_column(dns_get_record($_POST['domain'], DNS_AAAA), 'ipv6');
+if (array_merge(array_diff($remoteAaaaRecords, [CONF['ht']['ipv6_address']]), array_diff([CONF['ht']['ipv6_address']], $remoteAaaaRecords)) !== [])
+	userError("Ce domaine doit avoir pour enregistrement AAAA <code>" . CONF['ht']['ipv6_address'] . "</code>.");
+
+$remoteARecords = array_column(dns_get_record($_POST['domain'], DNS_A), 'ip');
+if (array_merge(array_diff($remoteARecords, [CONF['ht']['ipv4_address']]), array_diff([CONF['ht']['ipv4_address']], $remoteARecords)) !== [])
+	userError("Ce domaine doit avoir pour enregistrement A <code>" . CONF['ht']['ipv4_address'] . "</code>.");
+
 addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http");

 $nginxConf = 'server {
--- a/public/ns/zone-add.php
+++ b/public/ns/zone-add.php
@ -15,6 +15,12 @@ $_POST['domain'] = formatAbsoluteDomain($_POST['domain']);
 if (query('select', 'zones', ['zone' => $_POST['domain']], 'zone') !== [])
 	userError("Cette zone existe déjà sur ce service.");

+$remoteNsRecords = array_column(dns_get_record($_POST['domain'], DNS_NS), 'target');
+foreach ($remoteNsRecords as $i => $remoteNsRecord)
+	$remoteNsRecords[$i] = formatAbsoluteDomain($remoteNsRecord);
+if (array_merge(array_diff($remoteNsRecords, CONF['ns']['servers']), array_diff(CONF['ns']['servers'], $remoteNsRecords)) !== [])
+	userError("Ce domaine n'a pas les bons enregistrements NS.");
+
 $db = new PDO('sqlite:' . DB_PATH);
 $stmt = $db->prepare("INSERT INTO zones(zone, username) VALUES(:zone, :username)");