From b1ca260660e7502aaa088f79afb6af89d4bfb775 Mon Sep 17 00:00:00 2001 From: Christoph Date: Wed, 5 Nov 2025 22:12:32 +0100 Subject: [PATCH] create_opendkim_key.sh: adding DKIM key even if zone is not yet official responsible. --- create_opendkim_key.sh | 191 ++++++++++++++++++++++++++--------------- 1 file changed, 121 insertions(+), 70 deletions(-) diff --git a/create_opendkim_key.sh b/create_opendkim_key.sh index c6e19c4..630c4fd 100755 --- a/create_opendkim_key.sh +++ b/create_opendkim_key.sh @@ -18,6 +18,8 @@ log_file="${LOCK_DIR}/${script_name%%.*}.log" LOGGING=false BATCH_MODE=false +CONTINUE_WITHOUT_RESPONSIBLE_ZONE=false + DEFAULT_dns_dkim_zone_master_server="b.ns.oopen.de" DEFAULT_key_algo="hmac-sha256" DEFAULT_key_name="update-dkim" @@ -691,69 +693,105 @@ if $found ; then info "Found responsible zone for '${dkim_domain}': \033[37m\033[1m${zone}\033[m" else echo_failed - fatal "No responsible zone for '${dkim_domain}' found!" + + if [[ -n "${dns_main_zone_master_server}" ]] ; then + + blank_line + warn "No responsible zone for '${dkim_domain}' found!" + + echo " Continue with the following settings:" + echo -e " DNS master for Domain ${dkim_domain}: \033[70G\033[33m${dns_main_zone_master_server}\033[m" + echo -e " DNS slave for Domain ${dkim_domain}: \033[70G\033[33m${dns_dkim_zone_master_server}\033[m" + echo -e " DNS master for Domain ${update_zone}: \033[70G\033[33m${dns_dkim_zone_master_server}\033[m" + echo "" + echo -n " Type upper case 'YES' to start: " + read OK + if [[ "$OK" != "YES" ]] ; then + fatal "Abort by user request - Answer was not 'YES'" + fi + blank_line + + + CONTINUE_WITHOUT_RESPONSIBLE_ZONE=true + + dns_dkim_zone_slave_server_arr+=("${dns_main_zone_master_server}") + _dns_master="${dns_main_zone_master_server}" + _dns_slave="${dns_dkim_zone_master_server}" + + if [[ -z "$(dig @${_dns_master} +short ${update_zone}. NS)" ]] ; then + _create_delegation=true + else + _create_delegation=false + fi + + + else + fatal "No responsible zone for '${dkim_domain}' found!" + fi fi -for _server in $(dig +short ${zone} NS) ; do - # - Eliminate trailing '.' character(s) - # - - _server="${_server%"${_server##*[!\.]}"}" +if ! ${CONTINUE_WITHOUT_RESPONSIBLE_ZONE} ; then + for _server in $(dig +short ${zone} NS) ; do + # - Eliminate trailing '.' character(s) + # - + _server="${_server%"${_server##*[!\.]}"}" - [[ "$_server" = "$dns_dkim_zone_master_server" ]] && continue - dns_dkim_zone_slave_server_arr+=("$_server") -done + [[ "$_server" = "$dns_dkim_zone_master_server" ]] && continue + dns_dkim_zone_slave_server_arr+=("$_server") + done -_wait=false -if $update_dns && [[ "$dkim_domain" != "$update_zone" ]] ; then - if [[ -z "$(dig +short ${update_zone}. NS)" ]] ; then + _wait=false + if $update_dns && [[ "$dkim_domain" != "$update_zone" ]] ; then + if [[ -z "$(dig +short ${update_zone}. NS)" ]] ; then - warn "No Subdomain delegation for zone '$update_zone' found!" - - if ! $BATCH_MODE ; then + warn "No Subdomain delegation for zone '$update_zone' found!" + + if ! $BATCH_MODE ; then - echo "" - echo -e "\033[32m--\033[m" - echo "" - echononl "Create Subdomain delegation for zone '$update_zone'? (yes/no) [yes]: " - read _create_delegation - if [[ -z "$(trim $_create_delegation)" ]] ; then - _create_delegation=true - elif [[ "${_create_delegation,,}" = "yes" ]] || [[ "${_create_delegation,,}" = "true" ]] ; then - _create_delegation=true + echo "" + echo -e "\033[32m--\033[m" + echo "" + echononl "Create Subdomain delegation for zone '$update_zone'? (yes/no) [yes]: " + read _create_delegation + if [[ -z "$(trim $_create_delegation)" ]] ; then + _create_delegation=true + elif [[ "${_create_delegation,,}" = "yes" ]] || [[ "${_create_delegation,,}" = "true" ]] ; then + _create_delegation=true + else + _create_delegation=false + fi + + if ! $_create_delegation ; then + _tmp_string="; ----- Delegation DKIM Keys ${dkim_domain}" + for _server in $(dig +short ${dkim_domain} NS) ; do + + + # - Eliminate trailing '.' character(s) + # - + _server="${_server%"${_server##*[!\.]}"}" + + _tmp_string="$_tmp_string\n${update_zone}. IN NS ${_server}." + done + + + blank_line + todo "Create a delegation for zone \033[1m${update_zone}.\033[m\n\n$_tmp_string" + _wait=true + + echo "" + echo -e " After adjusting your nameserver continue with this script" + echo "" + echo -en " \033[33mType to continue or +C to abort:\033[m " + read OK + echo + fi else - _create_delegation=false + _create_delegation=true fi - - if ! $_create_delegation ; then - _tmp_string="; ----- Delegation DKIM Keys ${dkim_domain}" - for _server in $(dig +short ${dkim_domain} NS) ; do - - - # - Eliminate trailing '.' character(s) - # - - _server="${_server%"${_server##*[!\.]}"}" - - _tmp_string="$_tmp_string\n${update_zone}. IN NS ${_server}." - done - - - blank_line - todo "Create a delegation for zone \033[1m${update_zone}.\033[m\n\n$_tmp_string" - _wait=true - - echo "" - echo -e " After adjusting your nameserver continue with this script" - echo "" - echo -en " \033[33mType to continue or +C to abort:\033[m " - read OK - echo - fi - else - _create_delegation=true + else + _create_delegation=false fi - else - _create_delegation=false fi fi @@ -769,18 +807,22 @@ if $_create_delegation ; then fi echononl "Determin DNS master of '${zone}'.." - _dns_master="$(dig +short ${zone} SOA 2>/dev/null | awk '{print$1}' | sed 's/\.$//')" - if [[ -z "$_dns_master" ]]; then - echo_failed - if $terminal ; then - fatal "Determin DNS master of '${zone}' failed!" - else - echo -e " [ Fatal ] Found responsible zone for '${dkim_domain}' (${zone}), but" - echo -e " cannot determin master dns server for '${zone}'!" - clean_up 1 - fi + if [[ -n "${_dns_master}" ]] ; then + echo_skipped else - echo_ok + _dns_master="$(dig +short ${zone} SOA 2>/dev/null | awk '{print$1}' | sed 's/\.$//')" + if [[ -z "$_dns_master" ]]; then + echo_failed + if $terminal ; then + fatal "Determin DNS master of '${zone}' failed!" + else + echo -e " [ Fatal ] Found responsible zone for '${dkim_domain}' (${zone}), but" + echo -e " cannot determin master dns server for '${zone}'!" + clean_up 1 + fi + else + echo_ok + fi fi @@ -1009,12 +1051,21 @@ if $_create_dkim_zone ; then fi echononl "Create zone '${update_zone}' at dns master '${dns_dkim_zone_master_server}'.." echo_wait - ssh -q -p $dns_ssh_port \ - -o BatchMode=yes \ - -o StrictHostKeyChecking=no \ - -i $dns_ssh_key \ - $dns_ssh_user@$dns_dkim_zone_master_server "sudo $add_dkim_zone_master_script $dkim_domain" > /dev/null 2>&1 - ret_val=$? + if ${CONTINUE_WITHOUT_RESPONSIBLE_ZONE} ; then + ssh -q -p $dns_ssh_port \ + -o BatchMode=yes \ + -o StrictHostKeyChecking=no \ + -i $dns_ssh_key \ + $dns_ssh_user@$dns_dkim_zone_master_server "sudo $add_dkim_zone_master_script $dkim_domain -m $_dns_master -s $_dns_slave" > /dev/null 2>&1 + ret_val=$? + else + ssh -q -p $dns_ssh_port \ + -o BatchMode=yes \ + -o StrictHostKeyChecking=no \ + -i $dns_ssh_key \ + $dns_ssh_user@$dns_dkim_zone_master_server "sudo $add_dkim_zone_master_script $dkim_domain" > /dev/null 2>&1 + ret_val=$? + fi case $ret_val in 0) $terminal && echo_ok if $terminal ; then