config.cfg

@@ -18,12 +18,6 @@ records = [
     # specify that auth.example.org will resolve any *.auth.example.org records
     "auth.example.org. NS auth.example.org.",
 ]
-# path to cache SOA serial
-serialpath = "soa-serial.save"
-# slaves to notify on update and allowed to request AXFR
-slaves = [
-    # "10.5.1.1"
-]
 # debug messages from CORS etc
 debug = false
 

pkg/acmedns/interfaces.go

@@ -10,7 +10,6 @@ type AcmednsDB interface {
 	Register(cidrslice Cidrslice) (ACMETxt, error)
 	GetByUsername(uuid.UUID) (ACMETxt, error)
 	GetTXTForDomain(string) ([]string, error)
-	GetTXTForAllDomains() ([]TXTRecord, error)
 	Update(ACMETxtPost) error
 	GetBackend() *sql.DB
 	SetBackend(*sql.DB)
@@ -22,10 +21,4 @@ type AcmednsNS interface {
 	SetOwnAuthKey(key string)
 	SetNotifyStartedFunc(func())
 	ParseRecords()
-	BumpSerial() error
-}
-
-type TXTRecord struct {
-	Subdomain string
-	Value     string
 }

pkg/acmedns/types.go

@@ -25,8 +25,6 @@ type general struct {
 	Nsadmin       string
 	Debug         bool
 	StaticRecords []string `toml:"records"`
-	Serialpath    string
-	SlaveHosts    []string `toml:"slaves"`
 }
 
 type dbsettings struct {

pkg/api/api.go

@@ -15,11 +15,10 @@ import (
 )
 
 type AcmednsAPI struct {
-	Config     *acmedns.AcmeDnsConfig
+	Config  *acmedns.AcmeDnsConfig
-	DB         acmedns.AcmednsDB
+	DB      acmedns.AcmednsDB
-	Logger     *zap.SugaredLogger
+	Logger  *zap.SugaredLogger
-	errChan    chan error
+	errChan chan error
-	dnsServers []acmedns.AcmednsNS
 }
 
 func Init(config *acmedns.AcmeDnsConfig, db acmedns.AcmednsDB, logger *zap.SugaredLogger, errChan chan error) AcmednsAPI {
@@ -28,8 +27,6 @@ func Init(config *acmedns.AcmeDnsConfig, db acmedns.AcmednsDB, logger *zap.Sugar
 }
 
 func (a *AcmednsAPI) Start(dnsservers []acmedns.AcmednsNS) {
-	//we need the dnsservers later to bump serial
-	a.dnsServers = dnsservers
 	var err error
 	//TODO: do we want to debug log the HTTP server?
 	stderrorlog, err := zap.NewStdLogAt(a.Logger.Desugar(), zap.ErrorLevel)

pkg/api/update.go

@@ -49,10 +49,6 @@ func (a *AcmednsAPI) webUpdatePost(w http.ResponseWriter, r *http.Request, _ htt
 			upd = []byte("{\"txt\": \"" + atxt.Value + "\"}")
 		}
 	}
-	for _, s := range a.dnsServers {
-		//bump SOA serial on update (and notify slaves if configured)
-		s.BumpSerial()
-	}
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(updStatus)
 	_, _ = w.Write(upd)

pkg/database/db.go

@@ -263,50 +263,6 @@ func (d *acmednsdb) GetByUsername(u uuid.UUID) (acmedns.ACMETxt, error) {
 	return acmedns.ACMETxt{}, fmt.Errorf("user not found: %s", u.String())
 }
 
-func (d *acmednsdb) GetTXTForAllDomains() ([]acmedns.TXTRecord, error) {
-	d.Mutex.Lock()
-	defer d.Mutex.Unlock()
-
-	var txts []acmedns.TXTRecord
-
-	getSQL := `
-        SELECT Subdomain, Value FROM txt
-    `
-	if d.Config.Database.Engine == "sqlite" {
-		getSQL = getSQLiteStmt(getSQL)
-	}
-
-	sm, err := d.DB.Prepare(getSQL)
-	if err != nil {
-		return txts, err
-	}
-	defer sm.Close()
-
-	rows, err := sm.Query()
-	if err != nil {
-		return txts, err
-	}
-	defer rows.Close()
-
-	for rows.Next() {
-		var subdomain string
-		var value string
-
-		err = rows.Scan(&subdomain, &value)
-		if err != nil {
-			return txts, err
-		}
-
-		d.Logger.Debugw("GetTXTForAllDomains() TXT Record:", subdomain, value)
-		txts = append(txts, acmedns.TXTRecord{
-			Subdomain: subdomain,
-			Value:     value,
-		})
-	}
-
-	return txts, nil
-}
-
 func (d *acmednsdb) GetTXTForDomain(domain string) ([]string, error) {
 	d.Mutex.Lock()
 	defer d.Mutex.Unlock()

pkg/nameserver/handler.go

@@ -2,48 +2,12 @@ package nameserver
 
 import (
 	"fmt"
-	"net"
 	"strings"
 
 	"github.com/miekg/dns"
 )
 
 func (n *Nameserver) handleRequest(w dns.ResponseWriter, r *dns.Msg) {
-
-	if len(r.Question) == 1 {
-		q := r.Question[0]
-		if q.Qtype == dns.TypeAXFR || q.Qtype == dns.TypeIXFR { // Get remote IP
-			remoteIP, _, err := net.SplitHostPort(w.RemoteAddr().String())
-			if err != nil {
-				n.Logger.Errorw("Failed to parse remote address", "err", err)
-				m := new(dns.Msg)
-				m.SetReply(r)
-				m.Rcode = dns.RcodeRefused
-				_ = w.WriteMsg(m)
-				return
-			}
-
-			// Check if remote IP is in slave list
-			allowed := false
-			for _, slave := range n.Config.General.SlaveHosts {
-				if remoteIP == slave {
-					allowed = true
-					break
-				}
-			}
-
-			if !allowed {
-				n.Logger.Warnw("AXFR/IXFR request denied", "remote", remoteIP)
-				m := new(dns.Msg)
-				m.SetReply(r)
-				m.Rcode = dns.RcodeRefused
-				_ = w.WriteMsg(m)
-				return
-			}
-			n.handleAXFR(w, r)
-			return
-		}
-	}
 	m := new(dns.Msg)
 	m.SetReply(r)
 	// handle edns0
@@ -107,9 +71,6 @@ func (n *Nameserver) answer(q dns.Question) ([]dns.RR, int, bool, error) {
 			r = append(r, txtRRs...)
 		}
 	}
-	if q.Qtype == dns.TypeSOA {
-		r = append(r, n.SOA)
-	}
 	if len(r) > 0 {
 		// Make sure that we return NOERROR if there were dynamic records for the domain
 		rcode = dns.RcodeSuccess
@@ -197,77 +158,3 @@ func (n *Nameserver) getRecord(name string, qtype uint16) ([]dns.RR, error) {
 	}
 	return rr, nil
 }
-
-func (n *Nameserver) handleAXFR(w dns.ResponseWriter, r *dns.Msg) {
-
-	if len(r.Question) == 0 {
-		return
-	}
-
-	zone := dns.Fqdn(r.Question[0].Name)
-
-	records, ok := n.Domains[zone]
-	if !ok {
-		m := new(dns.Msg)
-		m.SetRcode(r, dns.RcodeNameError)
-		_ = w.WriteMsg(m)
-		return
-	}
-
-	// AXFR muss über Transfer laufen
-	tr := new(dns.Transfer)
-
-	c := make(chan *dns.Envelope)
-
-	go func() {
-		defer close(c)
-
-		var rr []dns.RR
-
-		// Start SOA
-		rr = append(rr, n.SOA)
-
-		// NS
-		rr = append(rr, records.NS...)
-
-		// Andere Records
-		// rr = append(rr, filterSOA(records.Records)...)
-		rr = append(rr, records.Records...)
-
-		// TXT Records nur für diese Zone!
-		txtRecords, err := n.DB.GetTXTForAllDomains()
-		if err == nil {
-			for _, rec := range txtRecords {
-				if rec.Value == "" {
-					continue
-				}
-
-				fqdn := dns.Fqdn(rec.Subdomain + "." + zone)
-
-				txtRR := &dns.TXT{
-					Hdr: dns.RR_Header{
-						Name:   fqdn,
-						Rrtype: dns.TypeTXT,
-						Class:  dns.ClassINET,
-						Ttl:    1,
-					},
-					Txt: []string{rec.Value},
-				}
-
-				rr = append(rr, txtRR)
-
-				n.Logger.Debugw("handleAXFR TXT Record", "subdomain", rec.Subdomain, "value", rec.Value, "fqdn", fqdn)
-				rr = append(rr, txtRR)
-			}
-		} else {
-			n.Logger.Errorw("Failed to get TXT records for AXFR", "error", err)
-		}
-
-		// End SOA
-		rr = append(rr, n.SOA)
-
-		c <- &dns.Envelope{RR: rr}
-	}()
-
-	_ = tr.Out(w, r, c)
-}

pkg/nameserver/initialize.go

@@ -14,7 +14,6 @@ import (
 // Records is a slice of ResourceRecords
 type Records struct {
 	Records []dns.RR
-	NS      []dns.RR
 }
 
 type Nameserver struct {
@@ -24,7 +23,7 @@ type Nameserver struct {
 	Server            *dns.Server
 	OwnDomain         string
 	NotifyStartedFunc func()
-	SOA               *dns.SOA
+	SOA               dns.RR
 	mu                sync.RWMutex
 	personalAuthKey   string
 	Domains           map[string]Records

pkg/nameserver/parseconfig.go

@@ -2,64 +2,12 @@ package nameserver
 
 import (
 	"fmt"
-	"os"
-	"strconv"
 	"strings"
 	"time"
 
 	"github.com/miekg/dns"
 )
 
-func loadSerial(path string) (uint32, error) {
-	data, err := os.ReadFile(path)
-	if err != nil {
-		if os.IsNotExist(err) {
-			return 0, nil // first start
-		}
-		return 0, err
-	}
-
-	s := strings.TrimSpace(string(data))
-	val, err := strconv.ParseUint(s, 10, 32)
-	if err != nil {
-		return 0, err
-	}
-
-	return uint32(val), nil
-}
-
-func saveSerial(path string, serial uint32) error {
-	tmp := path + ".tmp"
-
-	data := []byte(fmt.Sprintf("%d\n", serial))
-
-	// write temp file
-	if err := os.WriteFile(tmp, data, 0644); err != nil {
-		return err
-	}
-
-	// atomic replace
-	return os.Rename(tmp, path)
-}
-
-func nextSerial(old uint32) uint32 {
-	today := time.Now().Format("20060102")
-
-	oldStr := fmt.Sprintf("%d", old)
-
-	if strings.HasPrefix(oldStr, today) {
-		return old + 1
-	}
-
-	newSerial, _ := strconv.Atoi(today + "00")
-
-	if uint32(newSerial) <= old {
-		return old + 1
-	}
-
-	return uint32(newSerial)
-}
-
 // ParseRecords parses a slice of DNS record string
 func (n *Nameserver) ParseRecords() {
 	for _, v := range n.Config.General.StaticRecords {
@@ -74,72 +22,25 @@ func (n *Nameserver) ParseRecords() {
 		n.appendRR(rr)
 	}
 	// Create serial
-	serial, err := loadSerial(n.Config.General.Serialpath)
+	serial := time.Now().Format("2006010215")
-
-	if err != nil {
-		n.Logger.Errorw("Could not load temp serial",
-			"error", err.Error())
-	}
-	if serial == 0 {
-		serial = uint32(time.Now().Unix())
-	}
 	// Add SOA
-	//Refresh = 30s → Slaves fragen alle 30s nach Änderungen
+	SOAstring := fmt.Sprintf("%s. SOA %s. %s. %s 28800 7200 604800 86400", strings.ToLower(n.Config.General.Domain), strings.ToLower(n.Config.General.Nsname), strings.ToLower(n.Config.General.Nsadmin), serial)
-	//Retry = 10s → Wenn Master nicht erreichbar, probiert der Slave alle 10s erneut
+	soarr, err := dns.NewRR(SOAstring)
-	//Expire = 604800s (1w) → Wie lange der Slave die Zone noch behält, falls Master ausfällt
+	if err != nil {
-	//Minimum TTL = 20s → Resolver cachen die TXT-Einträge nur kurz
+		n.Logger.Errorw("Error while adding SOA record",
-	//SOAstring := fmt.Sprintf("%s. SOA %s. %s. %s 5 10 604800 20", strings.ToLower(n.Config.General.Domain), strings.ToLower(n.Config.General.Nsname), strings.ToLower(n.Config.General.Nsadmin), serial)
+			"error", err.Error(),
-	n.SOA = &dns.SOA{
+			"soa", SOAstring)
-		Hdr: dns.RR_Header{
+	} else {
-			Name:   dns.Fqdn(n.Config.General.Domain),
+		n.appendRR(soarr)
-			Rrtype: dns.TypeSOA,
+		n.SOA = soarr
-			Class:  dns.ClassINET,
-			Ttl:    5,
-		},
-		Ns:      dns.Fqdn(n.Config.General.Nsname),
-		Mbox:    dns.Fqdn(n.Config.General.Nsadmin),
-		Serial:  serial,
-		Refresh: 5,
-		Retry:   10,
-		Expire:  604800,
-		Minttl:  1,
 	}
 }
 
-func sendNotify(zone string, slaveAddr string) error {
-	m := new(dns.Msg)
-	m.SetNotify(dns.Fqdn(zone)) // Set opcode to NOTIFY
-	m.Authoritative = true      // Must be authoritative
-
-	c := new(dns.Client)
-	_, _, err := c.Exchange(m, slaveAddr)
-	return err
-}
-
-func (n *Nameserver) BumpSerial() error {
-	n.mu.Lock()
-	defer n.mu.Unlock()
-	n.SOA.Serial = nextSerial(n.SOA.Serial)
-
-	for _, slave := range n.Config.General.SlaveHosts {
-		slave := slave + ":53"
-		if err := sendNotify(n.SOA.Hdr.Name, slave); err != nil {
-			n.Logger.Errorw("Failed to notify slave", "slave", slave, "err", err)
-		} else {
-			n.Logger.Debugw("Notify send to slave", "slave", slave)
-		}
-	}
-	return saveSerial(n.Config.General.Serialpath, n.SOA.Serial)
-}
-
 func (n *Nameserver) appendRR(rr dns.RR) {
 	addDomain := rr.Header().Name
 	_, ok := n.Domains[addDomain]
 	if !ok {
-		n.Domains[addDomain] = Records{
+		n.Domains[addDomain] = Records{[]dns.RR{rr}}
-			Records: []dns.RR{rr}, // initialisiere Records
-			NS:      []dns.RR{},   // leeres NS-Slice, sonst Fehler
-		}
 	} else {
 		drecs := n.Domains[addDomain]
 		drecs.Records = append(drecs.Records, rr)