use namserver IP's for axfr/pdns-config, also add placeholder AXFRSERVERS for axfr-servers setting; fixes #1691

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

admin_configfiles.php

@@ -30,6 +30,19 @@ if ($userinfo['change_serversettings'] == '1') {
 		$customer_tmpdir = Settings::Get('phpfpm.tmpdir');
 	}
 
+	// try to convert namserver hosts to ip's
+	$ns_ips = "";
+	if (Settings::Get('system.nameservers') != '') {
+		$nameservers = explode(',', Settings::Get('system.nameservers'));
+		foreach ($nameservers as $nameserver) {
+			$nameserver = trim($nameserver);
+			$nameserver_ips = gethostbynamel($nameserver);
+			if (is_array($nameserver_ips) && count($nameserver_ips) > 0) {
+				$ns_ips .= implode(",", $nameserver_ips);
+			}
+		}
+	}
+
 	$replace_arr = Array(
 		'<SQL_UNPRIVILEGED_USER>' => $sql['user'],
 		'<SQL_UNPRIVILEGED_PASSWORD>' => 'MYSQL_PASSWORD',
@@ -39,6 +52,8 @@ if ($userinfo['change_serversettings'] == '1') {
 		'<SERVERNAME>' => Settings::Get('system.hostname'),
 		'<SERVERIP>' => Settings::Get('system.ipaddress'),
 		'<NAMESERVERS>' => Settings::Get('system.nameservers'),
+		'<NAMESERVERS_IP>' => $ns_ips,
+		'<AXFRSERVERS>' => Settings::Get('system.axfrservers'),
 		'<VIRTUAL_MAILBOX_BASE>' => Settings::Get('system.vmail_homedir'),
 		'<VIRTUAL_UID_MAPS>' => Settings::Get('system.vmail_uid'),
 		'<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),

lib/configfiles/gentoo.xml

@@ -396,7 +396,8 @@ mail	IN		A	<SERVERIP>
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -938,7 +939,8 @@ gmysql-password=
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.

lib/configfiles/jessie.xml

@@ -380,7 +380,8 @@ exit "$RETVAL"
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -921,7 +922,8 @@ gmysql-password=
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-# allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+# allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.

lib/configfiles/precise.xml

@@ -346,7 +346,8 @@ exit "$RETVAL"
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
 					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 allow-recursion=127.0.0.1
 config-dir=/etc/powerdns
 daemon=yes
@@ -407,7 +408,8 @@ include-dir=/etc/powerdns/froxlor/
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
 						chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 #local-ipv6=YOUR_IPv6_(if_any)
 bind-config=<BIND_CONFIG_PATH>named.conf
 bind-check-interval=180

lib/configfiles/trusty.xml

@@ -379,7 +379,8 @@ exit "$RETVAL"
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
 					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 allow-recursion=127.0.0.1
 config-dir=/etc/powerdns
 daemon=yes
@@ -417,7 +418,8 @@ gmysql-password=
 					<install><![CDATA[apt-get install pdns-server]]></install>
 					<file name="/etc/powerdns/pdns.conf" backup="true">
 						<content><![CDATA[
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 allow-recursion=127.0.0.1
 config-dir=/etc/powerdns
 daemon=yes
@@ -441,7 +443,8 @@ include-dir=/etc/powerdns/froxlor/
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
 						chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 #local-ipv6=YOUR_IPv6_(if_any)
 bind-config=<BIND_CONFIG_PATH>named.conf
 bind-check-interval=180

lib/configfiles/wheezy.xml

@@ -424,7 +424,8 @@ exit "$RETVAL"
 # allow-axfr-ips    If enabled, restrict zonetransfers to originate from these
 #                   IP addresses
 #
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-recursion	List of netmasks that are allowed to recurse
@@ -763,7 +764,8 @@ gmysql-password=
 # allow-axfr-ips    If enabled, restrict zonetransfers to originate from these
 #                   IP addresses
 #
-allow-axfr-ips=<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-recursion	List of netmasks that are allowed to recurse