1a77490969
Some DNS servers for which dns_nsupdate.sh is applicable (such as dyn.com's 'Standard DNS' TSIG update mechanism), require that the zone be set during the nsupdate transaction. Therefore we add a new environment variable NSUPDATE_ZONE which is used to set the zone for the DNS TSIG transaction. Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
85 lines
2.5 KiB
Bash
Executable File
85 lines
2.5 KiB
Bash
Executable File
#!/usr/bin/env sh
|
|
|
|
######## Public functions #####################
|
|
|
|
#Usage: dns_nsupdate_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
|
dns_nsupdate_add() {
|
|
fulldomain=$1
|
|
txtvalue=$2
|
|
_checkKeyFile || return 1
|
|
[ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
|
|
[ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53
|
|
# save the dns server and key to the account conf file.
|
|
_saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}"
|
|
_saveaccountconf NSUPDATE_SERVER_PORT "${NSUPDATE_SERVER_PORT}"
|
|
_saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}"
|
|
_saveaccountconf NSUPDATE_ZONE "${NSUPDATE_ZONE}"
|
|
_info "adding ${fulldomain}. 60 in txt \"${txtvalue}\""
|
|
[ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_1" ] && nsdebug="-d"
|
|
[ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_2" ] && nsdebug="-D"
|
|
if [ -z "${NSUPDATE_ZONE}" ]; then
|
|
nsupdate -k "${NSUPDATE_KEY}" $nsdebug <<EOF
|
|
server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}
|
|
update add ${fulldomain}. 60 in txt "${txtvalue}"
|
|
send
|
|
EOF
|
|
else
|
|
nsupdate -k "${NSUPDATE_KEY}" $nsdebug <<EOF
|
|
server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}
|
|
zone ${NSUPDATE_ZONE}.
|
|
update add ${fulldomain}. 60 in txt "${txtvalue}"
|
|
send
|
|
EOF
|
|
fi
|
|
if [ $? -ne 0 ]; then
|
|
_err "error updating domain"
|
|
return 1
|
|
fi
|
|
|
|
return 0
|
|
}
|
|
|
|
#Usage: dns_nsupdate_rm _acme-challenge.www.domain.com
|
|
dns_nsupdate_rm() {
|
|
fulldomain=$1
|
|
_checkKeyFile || return 1
|
|
[ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
|
|
[ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53
|
|
_info "removing ${fulldomain}. txt"
|
|
[ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_1" ] && nsdebug="-d"
|
|
[ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_2" ] && nsdebug="-D"
|
|
if [ -z "${NSUPDATE_ZONE}" ]; then
|
|
nsupdate -k "${NSUPDATE_KEY}" $nsdebug <<EOF
|
|
server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}
|
|
update delete ${fulldomain}. txt
|
|
send
|
|
EOF
|
|
else
|
|
nsupdate -k "${NSUPDATE_KEY}" $nsdebug <<EOF
|
|
server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}
|
|
zone ${NSUPDATE_ZONE}.
|
|
update delete ${fulldomain}. txt
|
|
send
|
|
EOF
|
|
fi
|
|
if [ $? -ne 0 ]; then
|
|
_err "error updating domain"
|
|
return 1
|
|
fi
|
|
|
|
return 0
|
|
}
|
|
|
|
#################### Private functions below ##################################
|
|
|
|
_checkKeyFile() {
|
|
if [ -z "${NSUPDATE_KEY}" ]; then
|
|
_err "you must specify a path to the nsupdate key file"
|
|
return 1
|
|
fi
|
|
if [ ! -r "${NSUPDATE_KEY}" ]; then
|
|
_err "key ${NSUPDATE_KEY} is unreadable"
|
|
return 1
|
|
fi
|
|
}
|