-
Notifications
You must be signed in to change notification settings - Fork 0
/
CertbotTLSAgen.DNSupdate.nsupdate
executable file
·62 lines (51 loc) · 2.63 KB
/
CertbotTLSAgen.DNSupdate.nsupdate
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/bin/bash
# -*- mode: sh; -*-
# CerbotTLSAgen.DNSupdate.nsupdate is part of the CertbotTLSAgen package. Designed to run nsupdate
# Copyright (c) 2017, 2018 John L. Allen
# This program is free software: you can redistribute it and/or modify it under the terms of the
# GNU General Public License as published by the Free Software Foundation, either version 3 of
# the License, or (at your option) any later version.
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
# without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# See the GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# If you wish to contact me please email me at [email protected]
#----------------------------------------------------------------------------------------------------
#
# Last modified:
# 2018-09-25 08:45 remove debugging commands
#
#----------------------------------------------------------------------------------------------------
if [[ "${SHELL##*/}" != bash || "${BASH_VERSINFO[0]:0:1}" -lt 4 ]]; then
echo "error: script must run in bash version 4.0 or later"
false
exit
fi
shopt -s extglob
# Certbot TLSAgen DNS update function for ISC Bind (9) uses nsupdate
# there are four input paramaeters for this script:
# 1 the action to be performed - add or delete
# 2 the file containing the records to be added to or deleted from the DNS zone
# 3 **NOT used in this unit** the delay between running the TLSA generator
# and removing old tlsa records. Usually their TTL or a multiple thereof
# 4 logfile to be used
#
exec >>"$4" 2>&1 # redirect stdout & stderr to the logfile
inputRecords=0 # initialize the input count
outputRecords=0 # initialize the output count
failedRecords=0 # initialize the fail count
if [[ -s "$2" ]]; then # check to see if the input file contains any records, if yes proceed else exit.
while read -r tlsaRecord; do
(( inputRecords += 1 ))
printf -- 'server 127.0.0.1\n%s %s\nsend\nquit\n' "${1,,}" "$tlsaRecord" | nsupdate -v -k /var/run/named/session.key
if [[ $? -ne 0 ]]; then
printf -- '%s %s - *** ERROR *** \"%s\" from \"%s\" failed\n' "$(date "+%Y-%m-%d %H:%M:%S.%6N")" "${0##*/}" "$1" "$2"
(( failedRecords += 1 ))
else
(( outputRecords += 1 ))
fi
done < "$2"
printf -- '%s %s - *** \"%s\" - %d records from \"%s\" using nsupdate. output %d failed %d \n' "$(date "+%Y-%m-%d %H:%M:%S.%6N")" "${0##*/}" "$1" "$inputRecords" "$2" "$outputRecords" "$failedRecords"
fi
exit