script/bind
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- bind_set_new_serial.sh, bind_set_renew_tlsa.sh: redesign code, add configuration file support

Browse Source 
- Add 'script bind_rndc_sync_clean.sh'.
- bind_get_domain_by_hostname.sh: minor changes at code order.
- Adjust sample configuration file 'bind.conf.sample'.
This commit is contained in:
Christoph 2017-08-03 23:39:28 +02:00
parent 3b0b759850
commit 5057d983bf
5 changed files with 817 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
bind_get_domain_by_hostname.sh
View File

@ -5,6 +5,15 @@ conf_file="${working_dir}/conf/bind.conf"
log_file="$(mktemp)" log_file="$(mktemp)"
#---------------------------------------
#-----------------------------
# Setting Defaults
#-----------------------------
#---------------------------------------
DEFAULT_CONF_FILE_DIR="/etc/bind"
#--------------------------------------- #---------------------------------------
#----------------------------- #-----------------------------
# Base Function(s) # Base Function(s)
@ -138,15 +147,6 @@ if [[ -z "$hostname" ]] ; then
fi fi
#---------------------------------------
#-----------------------------
# Setting Defaults
#-----------------------------
#---------------------------------------
DEFAULT_CONF_FILE_DIR="/etc/bind"
#--------------------------------------- #---------------------------------------
#----------------------------- #-----------------------------

356
bind_rndc_sync_clean.sh Executable file
View File

@ -0,0 +1,356 @@
#!/usr/bin/env bash
# -
# - Syncing changes in the journal file for a given zone, or a zone related to
# - a given hostname
# -
# - Return (Exit) Codes:
# - success:
# - 0: Zone is synced, journalfile ist removed.
# - error:
# - 10: Invalid Hostname/Domain given
# - 11: No zonefile found
# - 12: Hostname/Domain not supported
# - 13: Syncing zonefile with jounal file failed
# - 99: Fatal error
# -
# - Usage: ./bind_rndc_sync_clean.sh <hostname|domain>
# -
# - Example: ./bind_rndc_sync_clean.sh a.mx.oopen.de
#---------------------------------------
#-----------------------------
# Setting Defaults
#-----------------------------
#---------------------------------------
DEFAULT_CONF_FILE_DIR="/etc/bind"
DEFAULT_BIND_USER="bind"
DEFAULT_BIND_GROUP="bind"
#***************************************
#-----------------------------
# Don't make changes after this
#-----------------------------
#***************************************
working_dir="$(dirname $(realpath $0))"
conf_file="${working_dir}/conf/bind.conf"
log_file="$(mktemp)"
#---------------------------------------
#-----------------------------
# Base Function(s)
#-----------------------------
#---------------------------------------
usage() {
echo
[ -n "$1" ] && echo -e "Error: $1\n"
cat<<EOF
Usage: $(basename $0) <hostname|domain> | <check>
Script syncs changes in the journal file for a given zone, or a zone related to
a given hostname
Return (Exit) Codes:
success:
0: Zone is synced, journalfile ist removed.
error:
10: Invalid Hostname/Domain given
11: No zonefile found
12: Hostname/Domain not supported
13: Syncing zonefile with jounal file failed
99: Fatal error
Options:
-h
Prints this help.
-q
Rund in silent mode.
Example: $(basename $0) oopen.de
EOF
clean_up 99
}
clean_up() {
# Perform program exit housekeeping
rm $log_file
exit $1
}
echononl(){
if $verbose ; then
echo X\\c > /tmp/shprompt$$
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
echo -e -n "$*\\c" 1>&2
else
echo -e -n "$*" 1>&2
fi
rm /tmp/shprompt$$
fi
}
fatal(){
echo ""
echo -e "[ \033[31m\033[1mError\033[m ]: $*"
echo ""
echo -e "\t\033[31m\033[1mScript is canceled\033[m\033[m"
echo ""
clean_up 99
}
warn (){
if $verbose ; then
echo ""
echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
echo ""
fi
}
info (){
if $verbose ; then
echo ""
echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
echo ""
fi
}
ok (){
if $verbose ; then
echo ""
echo -e "\t[ \033[36m\033[1mOk\033[m ]: $*"
echo ""
fi
}
error(){
if $verbose ; then
echo ""
echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
echo ""
fi
}
echo_ok() {
if $verbose ; then
echo -e "\033[75G[ \033[32mok\033[m ]"
fi
}
echo_failed(){
if $verbose ; then
echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
fi
}
echo_skipped() {
if $verbose ; then
echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]"
fi
}
containsElement () {
local e
for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
return 1
}
trap clean_up SIGHUP SIGINT SIGTERM
# - Test whether stdout (file descriptor 1) is a terminal or not (e.g. cron
# - or if you pipe the output to some other program)
#
if [[ -t 1 ]] ; then
verbose=true
else
verbose=false
fi
while getopts hq opt ; do
case $opt in
q) verbose=false
;;
h) usage
;;
*)
;;
esac
done
shift $(expr $OPTIND - 1)
if [[ $# -ne 1 ]] ; then
if $verbose ; then
usage "wrong number of arguments"
else
clean_up 99
fi
fi
# - Parameter "check" can be used, to test whether this script
# - is accessable (e.g. from a script on a remote host)
# -
if [[ "$1" = "check" ]]; then
info "Script \033[1m$(basename $0)\033[m was successfully invoked, but its only a test."
clean_up 0
fi
host_name=$1
$verbose && echo ""
if [[ -z "$host_name" ]] ; then
fatal "No hostname/domain given!"
fi
#---------------------------------------
#-----------------------------
# Load default values from bind.conf
#
# Overwrites the settings above
#
#-----------------------------
#---------------------------------------
if $verbose ; then
clear
echo ""
echo -e "\033[32mRunning script \033[1m"$(basename $0)"\033[m .."
echo ""
fi
info "Given hostname/domain: \033[1m${host_name}\033[m"
echononl "\t Loading default Configuration values from $(basename ${conf_file}).."
if [[ ! -f "$conf_file" ]]; then
echo_skipped
else
source "${conf_file}" > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
fatal "$(cat $log_file)"
fi
fi
[[ -n "$CONF_FILE_DIR" ]] || CONF_FILE_DIR="$DEFAULT_CONF_FILE_DIR"
[[ -n "$ZONES_DECLARATION_FILE" ]] || ZONES_DECLARATION_FILE="${CONF_FILE_DIR}/named.conf.local"
[[ -n "$BIND_USER" ]] || BIND_USER="$DEFAULT_BIND_USER"
[[ -n "$BIND_GROUP" ]] || BIND_GROUP="$DEFAULT_BIND_GROUP"
$verbose && echo ""
# - Validate Syntax of given domain
# -
valid_domain_regex="^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$"
echononl "\tValidate syntax of given domain.."
if [[ $host_name =~ $valid_domain_regex ]]; then
if [[ ! $host_name =~ \. ]]; then
echo_failed
error "Invalid hostname/domain \"$1\" given!"
clean_up 10
else
echo_ok
fi
else
echo_failed
error "Invalid hostname/domain ($1) given!"
clean_up 10
fi
# - Determin zone (domain)
# -
_failed=false
_host_name=$host_name
_tmp_host_name=$(echo ${_host_name//\./\\.})
while ! grep -e "$_tmp_host_name" $ZONES_DECLARATION_FILE > /dev/null 2>&1 ; do
_host_name=${_host_name#*.}
_tmp_host_name=$(echo ${_host_name//\./\\.})
if [[ ! $_tmp_host_name =~ \. ]]; then
_failed=true
break
fi
done
if $_failed ; then
error "Given hostname/domain \"$1\" not supported by this nameserver!"
clean_up 11
else
domain=$_host_name
fi
# - Determine zonefile (by reading bind configuration)
# -
_found=false
declare -i _number=0
regex_zone="^[[:space:]]*zone[[:space:]]+\"$_tmp_host_name\""
regex_file="^[[:space:]]*file"
while IFS='' read -r line || [[ -n "$line" ]] ; do
if [[ $line =~ $regex_zone ]]; then
_found=true
fi
if $_found ; then
if [[ $line =~ $regex_file ]]; then
zone_file=`echo $line | awk '{print$2}'`
shopt -s extglob
if [[ $zone_file =~ \; ]]; then
zone_file=${zone_file%%*(\;)}
fi
if [[ $zone_file =~ ^\" ]]; then
zone_file=${zone_file##*(\")}
zone_file=${zone_file%%*(\")}
fi
shopt -u extglob
let number++
break
fi
fi
done < $ZONES_DECLARATION_FILE
if [[ $number -eq 0 ]] ; then
error "No Zonefile (master) found for domain \"$domain\" ."
clean_up 12
fi
# - Reload Zone
# -
echononl "\tSyncing changes in the journal file for zone \"$domain\".."
#rndc sync -clean $domain > /dev/null 2>&1
rndc sync $domain > /dev/null 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
info "Zone was synced ($domain)"
clean_up 0
else
echo_failed
error "Syncing Zone ($domain) failed!"
clean_up 13
fi
$verbose && echo ""
clean_up 99

295
bind_set_new_serial.sh
View File

@ -1,5 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# -
# - Sets new serial and reloads zone # - Sets new serial and reloads zone
# - # -
# - Return (Exit) Codes: # - Return (Exit) Codes:
@ -18,78 +18,155 @@
# - # -
# - example: ./nd_set_new_serial.sh a.mx.open.de # - example: ./nd_set_new_serial.sh a.mx.open.de
# -
## -- Variable definitions #---------------------------------------
## -- #-----------------------------
# Setting Defaults
#-----------------------------
#---------------------------------------
# - Bind configuration file containing zone definitions DEFAULT_CONF_FILE_DIR="/etc/bind"
# - DEFAULT_BIND_USER="bind"
ZONE_CONF_FILE=/etc/bind/named.conf.local DEFAULT_BIND_GROUP="bind"
BIND_USER=bind
BIND_GROUP=bind
## -- #***************************************
## -- End: Variable definitions #-----------------------------
# Don't make changes after this
#-----------------------------
#***************************************
## ***
## *** Don't make changes after this line ***
## ***
## --- some functions working_dir="$(dirname $(realpath $0))"
## --- conf_file="${working_dir}/conf/bind.conf"
log_file="$(mktemp)"
#---------------------------------------
#-----------------------------
# Base Function(s)
#-----------------------------
#---------------------------------------
usage() {
echo
[ -n "$1" ] && echo -e "Error: $1\n"
cat<<EOF
Usage: $(basename $0) <hostname|domain> | <check>
Script increases the serial for a given domain or a given hostname concerning domain.
Parameter "check" can be used, to test whether this script is accessable (e.g. from a
further script on a remote host). Nothing will be done, scripts returns '0'.
Return (Exit) Codes:
success:
0: Serial is replaced and Zone is reloaded
error:
10: Invalid Hostname/Domain given
15: Hostname/Domain not supported
11: No zonefile found
12: Determin new Serial failed
13: Increasing Serial failed
14: Reloading Zone failed
99: Fatal error
Options:
-h
Prints this help.
-q
Rund in silent mode.
Example: $(basename $0) oopen.de
EOF
clean_up 1
}
clean_up() {
# Perform program exit housekeeping
rm $log_file
exit $1
}
echononl(){ echononl(){
echo X\\c > /tmp/shprompt$$ if $verbose ; then
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then echo X\\c > /tmp/shprompt$$
echo -e -n "$*\\c" 1>&2 if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
else echo -e -n "$*\\c" 1>&2
echo -e -n "$*" 1>&2 else
echo -e -n "$*" 1>&2
fi
rm /tmp/shprompt$$
fi fi
rm /tmp/shprompt$$
} }
fatal(){ fatal(){
echo "" if $verbose ; then
echo -e "[ \033[31m\033[1mError\033[m ]: $*" echo ""
echo "" echo -e "[ \033[31m\033[1mError\033[m ]: $*"
echo -e "\t\033[31m\033[1mScript is canceled\033[m\033[m" echo ""
echo "" echo -e "\t\033[31m\033[1mScript is canceled\033[m\033[m"
exit 1 echo ""
clean_up 99
fi
} }
warn (){ warn (){
echo "" if $verbose ; then
echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" echo ""
echo "" echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
echo ""
fi
} }
info (){ info (){
echo "" if $verbose ; then
echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*" echo ""
echo "" echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
echo ""
fi
} }
ok (){ ok (){
echo "" if $verbose ; then
echo -e "\t[ \033[36m\033[1mOk\033[m ]: $*" echo ""
echo "" echo -e "\t[ \033[36m\033[1mOk\033[m ]: $*"
echo ""
fi
} }
error(){ error(){
echo "" if $verbose ; then
echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*" echo ""
echo "" echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
echo ""
fi
} }
echo_ok() { echo_ok() {
echo -e "\033[75G[ \033[32mok\033[m ]" if $verbose ; then
echo -e "\033[75G[ \033[32mok\033[m ]"
fi
} }
echo_failed(){ echo_failed(){
echo -e "\033[75G[ \033[1;31mfailed\033[m ]" if $verbose ; then
echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
fi
} }
echo_skipped() { echo_skipped() {
echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]" if $verbose ; then
echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]"
fi
} }
containsElement () { containsElement () {
@ -98,21 +175,99 @@ containsElement () {
return 1 return 1
} }
## ---
## --- END: functions trap clean_up SIGHUP SIGINT SIGTERM
# - Test whether stdout (file descriptor 1) is a terminal or not (e.g. cron
# - or if you pipe the output to some other program)
#
if [[ -t 1 ]] ; then
verbose=true
else
verbose=false
fi
while getopts hq opt ; do
case $opt in
q) verbose=false
;;
h) usage
;;
*)
;;
esac
done
shift $(expr $OPTIND - 1)
if [[ $# -ne 1 ]] ; then
if $verbose ; then
usage "wrong number of arguments"
else
clean_up 99
fi
fi
# - Parameter "check" can be used, to test whether this script # - Parameter "check" can be used, to test whether this script
# - is accessable (e.g. from a script on a remote host) # - is accessable (e.g. from a script on a remote host)
# - # -
if [[ "$1" = "check" ]]; then if [[ "$1" = "check" ]]; then
echo "\$1: $1" info "Script \033[1m$(basename $0)\033[m was successfully invoked, but its only a test."
exit 0 clean_up 0
fi fi
host_name=$1 host_name=$1
echo "" $verbose && echo ""
if [[ -z "$host_name" ]] ; then
fatal "No hostname/domain given!"
fi
#---------------------------------------
#-----------------------------
# Load default values from bind.conf
#
# Overwrites the settings above
#
#-----------------------------
#---------------------------------------
if $verbose ; then
clear
echo ""
echo -e "\033[32mRunning script \033[1m"$(basename $0)"\033[m .."
echo ""
fi
info "Given hostname: \033[1m${host_name}\033[m"
echononl "\t Loading default Configuration values from $(basename ${conf_file}).."
if [[ ! -f "$conf_file" ]]; then
echo_skipped
else
source "${conf_file}" > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
fatal "$(cat $log_file)"
fi
fi
[[ -n "$CONF_FILE_DIR" ]] || CONF_FILE_DIR="$DEFAULT_CONF_FILE_DIR"
[[ -n "$ZONES_DECLARATION_FILE" ]] || ZONES_DECLARATION_FILE="${CONF_FILE_DIR}/named.conf.local"
[[ -n "$BIND_USER" ]] || BIND_USER="$DEFAULT_BIND_USER"
[[ -n "$BIND_GROUP" ]] || BIND_GROUP="$DEFAULT_BIND_GROUP"
$verbose && echo ""
# - Validate Syntax of given domain # - Validate Syntax of given domain
@ -122,15 +277,15 @@ echononl "\tValidate syntax of given domain.."
if [[ $host_name =~ $valid_domain_regex ]]; then if [[ $host_name =~ $valid_domain_regex ]]; then
if [[ ! $host_name =~ \. ]]; then if [[ ! $host_name =~ \. ]]; then
echo_failed echo_failed
error "Invalid hostname/domain \"$1\" given!" error "Invalid hostname/domain \"$host_name\" given!"
exit 10 clean_up 10
else else
echo_ok echo_ok
fi fi
else else
echo_failed echo_failed
error "Invalid hostname/domain ($1) given!" error "Invalid hostname/domain \"$host_name\" given!"
exit 10 clean_up 10
fi fi
@ -139,7 +294,7 @@ fi
_failed=false _failed=false
_host_name=$host_name _host_name=$host_name
_tmp_host_name=$(echo ${_host_name//\./\\.}) _tmp_host_name=$(echo ${_host_name//\./\\.})
while ! grep -e "$_tmp_host_name" $ZONE_CONF_FILE > /dev/null 2>&1 ; do while ! grep -e "$_tmp_host_name" $ZONES_DECLARATION_FILE > /dev/null 2>&1 ; do
_host_name=${_host_name#*.} _host_name=${_host_name#*.}
_tmp_host_name=$(echo ${_host_name//\./\\.}) _tmp_host_name=$(echo ${_host_name//\./\\.})
if [[ ! $_tmp_host_name =~ \. ]]; then if [[ ! $_tmp_host_name =~ \. ]]; then
@ -149,7 +304,7 @@ while ! grep -e "$_tmp_host_name" $ZONE_CONF_FILE > /dev/null 2>&1 ; do
done done
if $_failed ; then if $_failed ; then
error "Given hostname/domain \"$1\" not supported by this nameserver!" error "Given hostname/domain \"${_host_name}\" not supported by this nameserver!"
else else
domain=$_host_name domain=$_host_name
fi fi
@ -181,15 +336,15 @@ while IFS='' read -r line || [[ -n "$line" ]] ; do
break break
fi fi
fi fi
done < $ZONE_CONF_FILE done < $ZONES_DECLARATION_FILE
zone_file_dir=`dirname $zone_file`
if [[ $number -eq 0 ]] ; then if [[ $number -eq 0 ]] ; then
error "No Zonefile (master) found for domain \"$domain\" ." error "No Zonefile (master) found for domain \"$domain\" ."
exit 11 clean_up 11
fi fi
zone_file_dir=`dirname $zone_file`
echononl "\tBackup existing directory containg zonefiles.." echononl "\tBackup existing directory containg zonefiles.."
if [[ -d "$zone_file_dir" ]] ; then if [[ -d "$zone_file_dir" ]] ; then
@ -198,13 +353,13 @@ if [[ -d "$zone_file_dir" ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
echo "" error "Backup directory 'zone_file_dir' containg zonefiles failed!"
exit 99 clean_up 99
fi fi
else else
echo_failed echo_failed
error "Zonefile directory not found for domain \"$domain\" ." error "Zonefile directory not found for domain \"$domain\" ."
exit 99 clean_up 99
fi fi
@ -226,7 +381,7 @@ fi
if $_failed ; then if $_failed ; then
echo_failed echo_failed
error "Determin Serial failed!" error "Determin Serial failed!"
exit 12 clean_up 12
else else
echo_ok echo_ok
fi fi
@ -241,17 +396,17 @@ if [[ $? -eq 0 ]]; then
else else
echo_failed echo_failed
error "Increasing Serial failed!" error "Increasing Serial failed!"
exit 13 clean_up 13
fi fi
echo "" $verbose && echo ""
echononl "\tCorrect Owner for $zone_file .." echononl "\tCorrect Owner for $zone_file .."
chown $BIND_USER:$BIND_GROUP $zone_file chown $BIND_USER:$BIND_GROUP $zone_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
exit 99 clean_up 99
fi fi
echononl "\tCorrect permissions on $zone_file .." echononl "\tCorrect permissions on $zone_file .."
chmod 644 $zone_file chmod 644 $zone_file
@ -259,7 +414,7 @@ if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
exit 99 clean_up 99
fi fi
@ -270,12 +425,12 @@ rndc reload $domain > /dev/null 2>&1
if [[ $? -eq 0 ]]; then if [[ $? -eq 0 ]]; then
echo_ok echo_ok
info "Serial increased and zone reloaded ($domain)" info "Serial increased and zone reloaded ($domain)"
exit 0 clean_up 0
else else
echo_failed echo_failed
error "Increasing Serial failed!" error "Increasing Serial failed!"
exit 13 clean_up 13
fi fi
echo $verbose && echo ""
exit 99 clean_up 99

272
bind_set_renew_tlsa.sh
View File

@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# -
# - Replaces a TLSA Record # - Adds/Replaces a TLSA Record
# - # -
# - Return (Exit) Codes: # - Return (Exit) Codes:
# - success: # - success:
@ -15,67 +15,140 @@
# 21: Adding Record failed # 21: Adding Record failed
# - 99: Fatal error # - 99: Fatal error
# - # -
# - example: # - Example:
# - ./replace_dns_tlsa.sh _25._tcp.mail.initiativenserver.de. IN TLSA 3 1 1 aab3a46b387dd543ed8d... # - bind_set_renew_tlsa.sh _25._tcp.mail.initiativenserver.de. IN TLSA 3 1 1 aab3a46b387dd543ed8d...
## -- Variable definitions #---------------------------------------
## -- #-----------------------------
# Setting Defaults
#-----------------------------
#---------------------------------------
# - Bind configuration file containing zone definitions DEFAULT_CONF_FILE_DIR="/etc/bind"
# - DEFAULT_BIND_USER="bind"
ZONE_CONF_FILE=/etc/bind/named.conf.local DEFAULT_BIND_GROUP="bind"
BIND_USER=bind
BIND_GROUP=bind
## --
## -- End: Variable definitions
## *** #***************************************
## *** Don't make changes after this line *** #-----------------------------
## *** # Don't make changes after this
#-----------------------------
#***************************************
## --- some functions working_dir="$(dirname $(realpath $0))"
## --- conf_file="${working_dir}/conf/bind.conf"
log_file="$(mktemp)"
#---------------------------------------
#-----------------------------
# Base Function(s)
#-----------------------------
#---------------------------------------
usage() {
echo
[ -n "$1" ] && echo -e "Error: $1\n"
cat<<EOF
Usage: $(basename $0) <Full-Bind-TLSA-Record> | <check>
Script adds a new or updates an existing TLSA Record
Parameter "check" can be used, to test whether this script is accessable (e.g. from a
further script on a remote host). Nothing will be done, scripts returns '0'.
Return (Exit) Codes:
success:
0: TLSA record is up to date
1: TLSA record replaced
2: New TLSA record written
error:
10: Invalid TLSA record given
11: No zonefile for TLSA record found
15: Hostname/Domain not supported
20: Replacing record failed
21: Adding Record failed
99: Fatal error
Options:
-h
Prints this help.
-q
Rund in silent mode.
Example:
$(basename $0) _25._tcp.mail.initiativenserver.de. IN TLSA 3 1 1 aab3a46b387dd543ed8d...
EOF
clean_up 1
}
clean_up() {
# Perform program exit housekeeping
rm $log_file
exit $1
}
echononl(){ echononl(){
echo X\\c > /tmp/shprompt$$ if $verbose ; then
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then echo X\\c > /tmp/shprompt$$
echo -e -n "$*\\c" 1>&2 if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
else echo -e -n "$*\\c" 1>&2
echo -e -n "$*" 1>&2 else
echo -e -n "$*" 1>&2
fi
rm /tmp/shprompt$$
fi fi
rm /tmp/shprompt$$
} }
warn (){ warn (){
echo "" if $verbose ; then
echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" echo ""
echo "" echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
echo ""
fi
} }
info (){ info (){
echo "" if $verbose ; then
echo -e "\t[ \033[33m\033[1mInfo\033[m ]: $*" echo ""
echo "" echo -e "\t[ \033[33m\033[1mInfo\033[m ]: $*"
echo ""
fi
} }
error(){ error(){
echo "" if $verbose ; then
echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*" echo ""
echo "" echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
echo ""
fi
} }
echo_ok() { echo_ok() {
echo -e "\033[75G[ \033[32mok\033[m ]" if $verbose ; then
echo -e "\033[75G[ \033[32mok\033[m ]"
fi
} }
echo_failed(){ echo_failed(){
echo -e "\033[75G[ \033[1;31mfailed\033[m ]" if $verbose ; then
echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
fi
} }
echo_skipped() { echo_skipped() {
echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]" if $verbose ; then
echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]"
fi
} }
backup_dir () { backup_dir () {
@ -87,29 +160,101 @@ backup_dir () {
echo_ok echo_ok
else else
echo_failed echo_failed
echo "" error "Backup directory \"$dir_to_backup\" failed!"
exit 99 clean_up 99
fi fi
else else
echo_failed echo_failed
error "Directory \"$dir_to_backup\" not found. No Backup written!" error "Directory \"$dir_to_backup\" not found. No Backup written!"
exit 99 clean_up 99
fi fi
} }
## --- trap clean_up SIGHUP SIGINT SIGTERM
## --- END: functions
# - Test whether stdout (file descriptor 1) is a terminal or not (e.g. cron
# - or if you pipe the output to some other program)
#
if [[ -t 1 ]] ; then
verbose=true
else
verbose=false
fi
while getopts hq opt ; do
case $opt in
q) verbose=false
;;
h) usage
;;
*)
;;
esac
done
shift $(expr $OPTIND - 1)
#if [[ $# -ne 1 ]] ; then
# if $verbose ; then
# usage "wrong number of arguments"
# else
# clean_up 99
# fi
#fi
# - Parameter "check" can be used, to test whether this script # - Parameter "check" can be used, to test whether this script
# - is accessable (e.g. from a script on a remote host) # - is accessable (e.g. from a script on a remote host)
# - # -
if [[ "$1" = "check" ]]; then if [[ "$1" = "check" ]]; then
echo "\$1: $1" info "Script \033[1m$(basename $0)\033[m was successfully invoked, but its only a test."
exit 0 clean_up 0
fi fi
#---------------------------------------
#-----------------------------
# Load default values from bind.conf
#
# Overwrites the settings above
#
#-----------------------------
#---------------------------------------
if $verbose ; then
clear
echo ""
echo -e "\033[32mRunning script \033[1m"$(basename $0)"\033[m .."
echo ""
fi
info "Given TLSA Record: \n\t\033[1m$@\033[m"
echononl "\t Loading default Configuration values from $(basename ${conf_file}).."
if [[ ! -f "$conf_file" ]]; then
echo_skipped
else
source "${conf_file}" > $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
fatal "$(cat $log_file)"
fi
fi
[[ -n "$CONF_FILE_DIR" ]] || CONF_FILE_DIR="$DEFAULT_CONF_FILE_DIR"
[[ -n "$ZONES_DECLARATION_FILE" ]] || ZONES_DECLARATION_FILE="${CONF_FILE_DIR}/named.conf.local"
[[ -n "$BIND_USER" ]] || BIND_USER="$DEFAULT_BIND_USER"
[[ -n "$BIND_GROUP" ]] || BIND_GROUP="$DEFAULT_BIND_GROUP"
$verbose && echo ""
# - Split given Record into an array # - Split given Record into an array
# - # -
declare -a record_arr=($@); declare -a record_arr=($@);
@ -130,7 +275,7 @@ elif [[ ${#record_arr[@]} -eq 8 ]]; then
else else
error "Invalid TLSA record given!" error "Invalid TLSA record given!"
exit 10 clean_up 10
fi fi
@ -160,7 +305,7 @@ done
_failed=false _failed=false
_hostname=$hostname _hostname=$hostname
_tmp_hostname=$(echo ${_hostname//\./\\.}) _tmp_hostname=$(echo ${_hostname//\./\\.})
while ! grep -e "$_tmp_hostname" $ZONE_CONF_FILE > /dev/null 2>&1 ; do while ! grep -e "$_tmp_hostname" $ZONES_DECLARATION_FILE > /dev/null 2>&1 ; do
_hostname=${_hostname#*.} _hostname=${_hostname#*.}
_tmp_hostname=$(echo ${_hostname//\./\\.}) _tmp_hostname=$(echo ${_hostname//\./\\.})
if [[ ! $_tmp_hostname =~ \. ]]; then if [[ ! $_tmp_hostname =~ \. ]]; then
@ -203,14 +348,14 @@ while IFS='' read -r line || [[ -n "$line" ]] ; do
break break
fi fi
fi fi
done < $ZONE_CONF_FILE done < $ZONES_DECLARATION_FILE
if [[ $number -eq 0 ]] ; then if [[ $number -eq 0 ]] ; then
error "No Zonefile (master) found for domain \"$domain\" ." error "No Zonefile (master) found for domain \"$domain\" ."
exit 11 clean_up 11
fi fi
zone_file_dir=`dirname $zone_file` zone_file_dir="$(dirname $zone_file)"
# - Backup existing zone file directory # - Backup existing zone file directory
# - # -
@ -226,8 +371,7 @@ if grep -E "^$record_name.+$record_type" $zone_file > /dev/null 2>&1 ; then
fi fi
if grep -E "$search_string" $zone_file | grep $record_hash > /dev/null 2>&1 ; then if grep -E "$search_string" $zone_file | grep $record_hash > /dev/null 2>&1 ; then
info "TLSA record is already up to date.." info "TLSA record is already up to date.."
echo "" clean_up 0
exit 0
else else
_replac_string=${record_arr[@]} _replac_string=${record_arr[@]}
# - Backup Zone directory # - Backup Zone directory
@ -238,16 +382,16 @@ if grep -E "^$record_name.+$record_type" $zone_file > /dev/null 2>&1 ; then
perl -i -n -p -e "s#^${record_name}.+${record_type}.*#$_replac_string#" $zone_file perl -i -n -p -e "s#^${record_name}.+${record_type}.*#$_replac_string#" $zone_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
echo "" $verbose && echo ""
exit 1 clean_up 1
else else
echo_failed echo_failed
echo "" error "Replacing TLSA Record failed!"
exit 20 exit 20
fi fi
fi fi
else else
warn "No Record for replacing fount in zonefile \"`basename $zone_file`\"!" warn "No Record for replacing fount in zonefile \"$(basename $zone_file)\"!"
declare -i _count declare -i _count
@ -277,7 +421,7 @@ else
_count=`grep -Eo "$search_string" $zone_file | wc -l` _count=`grep -Eo "$search_string" $zone_file | wc -l`
if [[ $_count -eq 0 ]]; then if [[ $_count -eq 0 ]]; then
error "No place for adding a new TLSA record found. Check manually!" error "No place for adding a new TLSA record found. Check manually!"
exit 99 clean_up 99
fi fi
fi fi
fi fi
@ -332,7 +476,8 @@ else
echo_ok echo_ok
else else
echo_failed echo_failed
exit 99 error "Setting ownership for '$zone_file' failed!"
clean_up 99
fi fi
echononl "\tCorrect permissions on $zone_file .." echononl "\tCorrect permissions on $zone_file .."
chmod 644 $zone_file chmod 644 $zone_file
@ -340,12 +485,13 @@ else
echo_ok echo_ok
else else
echo_failed echo_failed
exit 99 error "Correct permissions on '$zone_file' failed!"
clean_up 99
fi fi
echo "" $verbose && echo ""
exit 2 clean_up 2
fi fi
echo $verbose && echo ""
exit 99 clean_up 99

18
conf/bind.conf.sample
View File

@ -4,6 +4,24 @@
# --- # ---
# ---------------------------------------------------- # ----------------------------------------------------
# - BIND_USER
# -
# - The user under which the nameservice is running
# -
# - Defaults to 'bind'
# -
#BIND_USER=bind
# - BIND_GROUP
# -
# - The group under which the nameservice is running
# -
# - Defaults to 'bind'
# -
#BIND_GROUP=bind
# - CONF_FILE_DIR # - CONF_FILE_DIR
# - # -
# - Directory containing bind configuration files # - Directory containing bind configuration files