os-bind: Improve RNDC Key functionality and fix out of sync journals

[Jeremy-Boyle]

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
• I have searched the existing issues, open and closed, and I'm convinced that mine is new.
• When the request is meant for an existing plugin, I've added its name to the title.

Is your feature request related to a problem? Please describe.

1. Currently there is no way to assign / create more keys within the ui, there is only a single key which you can edit. Suggestion is a new page where keys can be created and individually selected within domain.

2. Currently with the added functionality in dns/bind: Add option to allow the rndc-key for zone transfers #4177 , if this is turned on it bind will create a .jnl file, this causes issues when a user edits / updates a new record in the UI. This causes two issues, one, the zone will no longer load, and two, transfers will not work until the effected .jnl file is deleted manually and bind is restarted.

3. Additionally when reloading bind, all transfers are lost, and the main db file is overwritten.

Describe the solution you'd like

1. Creation of a new keys tab that will work similar to how ACLs work, and can be selected for the domain.
2. Fix the issue with the out of sync journals
3. Populate Transfers into the UI, that way they aren't lost when the configuration resets.

Describe alternatives you've considered

1. Manually maintaining, and creating keys with a override target.
2. Cron job that properly freezes rndc and thaws the zone at a interval.

Additional context
Small discussion had in #4177

[Jeremy-Boyle]

For fixing the journal out of sync it can be done with the following:

How to fix BIND's journal out of sync error

If you are running a BIND name server with an dynamic zone updating from from DHCP or similar, you'll find that if the zone is manually updated the zone will no longer load correctly, giving the following error:

zone example.com/IN: journal rollforward failed: journal out of sync with zone
zone example.com/IN: not loaded due to errors.

The error can be clearing seen by running BIND from command line as follows:

named -g

To resolve this stop BIND, then remove the journal file for problem zone, these exist in the same directory as the zone files but end in ".jnl". Once the file has been deleted BIND can be restarted and all will be back to normal.

If you have dynamic zones it is best to "freeze" them first before editing and "thaw" them after to avoid this problem in the first place. The commands for this are:

rndc freeze example.com

rndc reload example.com
rndc thaw sxample.com

[cpw]

I just bumped into a related problem. I migrated my BIND from a different system onto OPNsense, using this plugin to rebuild a (mostly) static public dns master. Unfortunately, occasionally, some exposed IPs do update, and I've been using the RFC2136 plugin to push those updates to BIND. This triggered the "sync" problem because the config and the db file are out of sync. It'd be useful to be able to re-import those records that are dynamic.

[cpw]

As an addendum - the BIND plugin overwrote the TXT records used by ACME due to a refresh, this is pretty bad. It looks like it's really kind of essential that the BIND model should attempt some sort of parsing of the journal and/or db file - otherwise you can end up with some pretty nasty issues occurring, if for example, you do a DNS nsupdate using this BIND plugin.

[Jeremy-Boyle]

Hello, i haven't had any time to test this further.

However, I would like to see if it would be possible like you mentioned to instead of update the db file manually there is a way we can instead do that another way without causing the file to overwrite.