From d285b19ab64b7d5c244018d89dad95b7564c316c Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Sat, 23 Aug 2025 12:45:34 +0200
Subject: [PATCH] Add script 'add_cname_for_dkim_entry.sh'..

---
 add_cname_for_dkim_entry.sh               | 619 ++++++++++++++++++++++
 conf/add_cname_for_dkim_entry.conf.sample |  71 +++
 2 files changed, 690 insertions(+)
 create mode 100755 add_cname_for_dkim_entry.sh
 create mode 100644 conf/add_cname_for_dkim_entry.conf.sample

diff --git a/add_cname_for_dkim_entry.sh b/add_cname_for_dkim_entry.sh
new file mode 100755
index 0000000..414a01a
--- /dev/null
+++ b/add_cname_for_dkim_entry.sh
@@ -0,0 +1,619 @@
+#!/usr/bin/env bash
+
+
+script_name="$(basename $(realpath $0))"
+working_dir="$(dirname $(realpath $0))"
+
+conf_file="${working_dir}/conf/${script_name%%.*}.conf"
+
+LOCK_DIR="/tmp/$(basename $0).$$.LOCK"
+log_file="${LOCK_DIR}/${script_name%%.*}.log"
+
+
+# ----------
+# Base Function(s)
+# ----------
+
+usage() {
+
+
+   [[ -n  "$1" ]] && error "$1"
+
+
+   [[ $terminal ]] && echo -e "
+\033[1mUsage:\033[m
+
+   $(basename $0) [OPTION [OPTION ..
+
+\033[1mDescription\033[m
+
+   <Some Description>
+
+\033[1mOptions\033[m
+
+   <List Options>
+
+\033[1mFiles\033[m
+
+   $conf_file: Configuration file
+
+\033[1mExample:\033[m
+
+   <description example>
+
+      $(basename $0) .. <comand example>
+
+   <description another example>
+
+      $(basename $0) .. <command another example>
+
+"
+
+   clean_up 1
+
+}
+
+clean_up() {
+
+   # Perform program exit housekeeping
+   rm -rf "$LOCK_DIR"
+   blank_line
+   exit $1
+}
+
+echononl(){
+   if $terminal ; then
+      echo X\\c > /tmp/shprompt$$
+      if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+         echo -e -n "   $*\\c" 1>&2
+      else
+         echo -e -n "   $*" 1>&2
+      fi
+      rm /tmp/shprompt$$
+   fi
+}
+
+fatal(){
+   echo ""
+   if $terminal ; then
+      echo -e "   [ \033[31m\033[1mFatal\033[m ]: $*"
+      echo ""
+      echo -e "              \033[31m\033[1mScript was interupted\033[m!"
+   else
+      echo "   [ Fatal ]: $*"
+      echo ""
+      echo "              Script was terminated...."
+   fi
+   echo ""
+   clean_up 1
+}
+
+error (){
+   echo ""
+   if $terminal ; then
+      echo -e "   [ \033[31m\033[1mError\033[m ]: $*"
+   else
+      echo "   [ Error ]: $*"
+   fi
+   echo ""
+}
+
+warn (){
+   if $terminal ; then
+      echo ""
+      echo -e "   [ \033[33m\033[1mWarning\033[m ]: $*"
+      echo ""
+   fi
+}
+
+info (){
+   if $terminal ; then
+      echo ""
+      echo -e "   [ \033[32m\033[1mInfo\033[m ]: $*"
+      echo ""
+   fi
+}
+
+ok (){
+   if $terminal ; then
+      echo ""
+      echo -e "   [ \033[32m\033[1mOk\033[m ]    $*"
+      echo ""
+   fi
+}
+
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[95G[ \033[32mdone\033[m ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[95G[ \033[32mok\033[m ]"
+   fi
+}
+echo_warn() {
+   if $terminal ; then
+      echo -e "\033[95G[ \033[33mwarn\033[m ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[95G[ \033[1;31mfailed\033[m ]"
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[95G[ \033[90m\033[1mskipped\033[m ]"
+   fi
+}
+echo_wait(){
+   if $terminal ; then
+      echo -en "\033[95G[ \033[5m\033[1m...\033[m ]"
+   fi
+}
+
+trim() {
+    local var="$*"
+    var="${var#"${var%%[![:space:]]*}"}"   # remove leading whitespace characters
+    var="${var%"${var##*[![:space:]]}"}"   # remove trailing whitespace characters
+    echo -n "$var"
+}
+
+blank_line() {
+   if $terminal ; then
+      echo ""
+   fi
+}
+
+
+
+# ----------
+# - Jobhandling
+# ----------
+
+# - Run 'clean_up' for signals SIGHUP SIGINT SIGTERM
+# -
+trap clean_up SIGHUP SIGINT SIGTERM
+
+# - Create lock directory '$LOCK_DIR"
+#
+mkdir "$LOCK_DIR"
+
+
+
+# ----------
+# - Some checks ..
+# ----------
+
+# - Running in a terminal?
+# -
+if [[ -t 1 ]] ; then
+   terminal=true
+else
+   terminal=false
+fi
+
+
+
+# -------------
+# - Default values
+# -------------
+
+# - Give your default values here
+# -
+DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER="b.ns.oopen.de"
+DEFAULT_TTL="3600"
+DEFAULT_KEY_ALGO="hmac-sha256"
+DEFAULT_KEY_NAME="update-dkim"
+DEFAULT_DKIM_TYPE="DKIM1"
+DEFAULT_KEY_TYPE="rsa"
+
+DEFAULT_SERVICE_TYPE="email"
+
+DEFAULT_DKIM_SELECTOR=""
+
+
+
+if [[ -f "$conf_file" ]]; then
+   source "$conf_file"
+else
+   warn "No configuration file '$conf_file' present.\n
+             Loading default values.."
+fi
+
+
+if [[ -n "$(trim "$DNS_DKIM_ZONE_MASTER_SERVER")" ]] ; then
+   DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER="${DNS_DKIM_ZONE_MASTER_SERVER}"
+   DNS_DKIM_ZONE_MASTER_SERVER=""
+fi
+
+if [[ -n "$(trim "$KEY_ALGO")" ]] ; then
+   DEFAULT_KEY_ALGO="${KEY_ALGO}"
+   KEY_ALGO=""
+fi
+
+if [[ -n "$(trim "$KEY_NAME")" ]] ; then
+   DEFAULT_KEY_NAME="${KEY_NAME}"
+   KEY_NAME=""
+fi
+
+if [[ -n "$(trim "$KEY_SECRET")" ]] ; then
+   DEFAULT_KEY_SECRET="${KEY_SECRET}"
+   KEY_SECRET=""
+fi
+
+
+if $terminal ; then
+
+   echo ""
+   echo -e "\033[32m--\033[m"
+   echo ""
+   echo "   Insert the domain name for which DKIM CNAME entry should be configured."
+   echo ""
+   echo ""
+   echononl "   DKIM domain: "
+   read DKIM_DOMAIN
+   while [ "X$DKIM_DOMAIN" = "X" ] ; do
+      echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
+      echononl "   DKIM domain: "
+      read DKIM_DOMAIN
+   done
+
+
+   DEFAULT_DKIM_UPDATE_ZONE="_domainkey.${DKIM_DOMAIN}"
+
+   echo -e "\033[32m--\033[m"
+   echo ""
+   echo "   Insert zone which should be updated with the new DKIM CNAME."
+   echo ""
+   echo ""
+   echononl "   DKIM Zone [${DEFAULT_DKIM_UPDATE_ZONE}]: "
+   read DKIM_UPDATE_ZONE
+   if [[ "X$DKIM_UPDATE_ZONE" = "X" ]] ; then
+      DKIM_UPDATE_ZONE="${DEFAULT_DKIM_UPDATE_ZONE}"
+   fi
+
+
+   echo ""
+   echo -e "\033[32m--\033[m"
+   echo ""
+   echo "   Insert Hostname of CNAME Reccord"
+   echo ""
+   echo "  Note: "
+   echo ""
+   echo -e "     \033[33mOnly a hostname of Zone '${DKIM_UPDATE_ZONE}' is possible.\033[m"
+   echo ""
+   echo -e "    If FQN of Entry is \033[1mbrevo1.${DKIM_UPDATE_ZONE}\033[m then enter"
+   echo ""
+   echo -e "       Hostname: \033[1mbrevo1\033[m"""
+   echo ""
+   echononl "   Hostname: "
+   read HOSTNAME
+   while [ "X$HOSTNAME" = "X" ] ; do
+      echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
+      echononl "   :Hostname "
+      read Hostname
+   done
+
+
+
+   echo ""
+   echo -e "\033[32m--\033[m"
+   echo ""
+   echo "   Insert FQN of CNAME entry"
+   echo ""
+   echo ""
+   echononl "   CNAME: "
+   read CNAME
+   while [ "X$CNAME" = "X" ] ; do
+      echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
+      echononl "   CNAME: "
+      read CNAME
+   done
+
+   if [[ ${CNAME} != *"." ]]; then
+      CNAME="${CNAME}."
+   fi
+
+
+   echo ""
+   echo -e "\033[32m--\033[m"
+   echo ""
+   echo "   Insert Key name"
+   echo ""
+   echo ""
+   echononl "   Key name [${DEFAULT_KEY_NAME}]: "
+   read KEY_NAME
+   if [[ "X$KEY_NAME" = "X" ]] ; then
+      KEY_NAME="${DEFAULT_KEY_NAME}"
+   fi
+
+
+   echo ""
+   echo -e "\033[32m--\033[m"
+   echo ""
+   echo "   Insert Key secret"
+   echo ""
+   echo ""
+
+   if [[ -n "${DEFAULT_KEY_SECRET}" ]] ; then
+      echononl "   Key secret [${DEFAULT_KEY_SECRET}]: "
+      read KEY_SECRET
+      if [[ "X$KEY_SECRET" = "X" ]] ; then
+         KEY_SECRET="${DEFAULT_KEY_SECRET}"
+      fi
+   else
+      echononl "   Key secret: "
+      read KEY_SECRET
+      while [[ "X$KEY_SECRET" = "X" ]] ; do
+         echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
+         echononl "   Key secret: "
+         read KEY_SECRET
+      done
+   fi
+
+
+   echo ""
+   echo -e "\033[32m--\033[m"
+   echo ""
+   echo -e "   Insert DNS master server for domain \033[1m$DKIM_UPDATE_ZONE\033[m"
+   echo ""
+   echo ""
+
+   if [[ -n "${DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER}" ]] ; then
+      echononl "   DNS master server [${DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER}]: "
+      read DNS_DKIM_ZONE_MASTER_SERVER
+      if [[ "X$DNS_DKIM_ZONE_MASTER_SERVER" = "X" ]] ; then
+         DNS_DKIM_ZONE_MASTER_SERVER="${DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER}"
+      fi
+   else
+      echononl "   DNS master server: "
+      read DNS_DKIM_ZONE_MASTER_SERVER
+      while [[ "X$DNS_DKIM_ZONE_MASTER_SERVER" = "X" ]] ; do
+         echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
+         echononl "   DNS master server: "
+         read KEY_SECRET
+      done
+   fi
+
+
+   echo ""
+   echo -e "\033[32m--\033[m"
+   echo ""
+   echo "   Specifies the algorithm to use for the TSIG key."
+   echo ""
+   if [[ "hmac-md5" = "${DEFAULT_KEY_ALGO}" ]] ; then
+      echo -e "   [1] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
+   else
+      echo "   [1] hmac-md5"
+   fi
+   if [[ "hmac-sha1" = "${DEFAULT_KEY_ALGO}" ]] ; then
+      echo -e "   [2] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
+   else
+      echo "   [2] hmac-sha1"
+   fi
+   if [[ "hmac-sha224" = "${DEFAULT_KEY_ALGO}" ]] ; then
+      echo -e "   [3] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
+   else
+      echo "   [3] hmac-sha224"
+   fi
+   if [[ "hmac-sha256" = "${DEFAULT_KEY_ALGO}" ]] ; then
+      echo -e "   [4] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
+   else
+      echo "   [4] hmac-sha256"
+   fi
+   if [[ "hmac-sha384" = "${DEFAULT_KEY_ALGO}" ]] ; then
+      echo -e "   [5] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
+   else
+      echo "   [5] hmac-sha384"
+   fi
+   if [[ "hmac-sha512" = "${DEFAULT_KEY_ALGO}" ]] ; then
+      echo -e "   [6] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
+   else
+      echo "   [6] hmac-sha512"
+   fi
+
+   echo ""
+   echo "   Type a number or press <RETURN> to choose highlighted value"
+   echo ""
+   echononl "   Key algorithm [${DEFAULT_KEY_ALGO}]: "
+
+   while [[ "$KEY_ALGO" != "hmac-md5" ]] \
+         &&  [[ "$KEY_ALGO" != "hmac-sha1" ]] \
+         &&  [[ "$KEY_ALGO" != "hmac-sha224" ]] \
+         &&  [[ "$KEY_ALGO" != "hmac-sha256" ]] \
+         &&  [[ "$KEY_ALGO" != "hmac-sha384" ]] \
+         &&  [[ "$KEY_ALGO" != "hmac-sha512" ]] ; do
+      read OPTION
+      case $OPTION in
+         1)    KEY_ALGO="hmac-md5" ;;
+         2)    KEY_ALGO="hmac-sha1" ;;
+         3)    KEY_ALGO="hmac-sha224" ;;
+         4)    KEY_ALGO="hmac-sha256" ;;
+         5)    KEY_ALGO="hmac-sha384" ;;
+         6)    KEY_ALGO="hmac-sha512" ;;
+         '')   KEY_ALGO="${DEFAULT_KEY_ALGO}" ;;
+         *) echo ""
+            echo -e "      \033[33m\033[1mFalsche Eingabe ! [ 1 = hmac-md5 | 2 = hmac-sha1 | .. ]\033[m"
+            echo ""
+            echononl "   Key algorithm [hmac-sha256]:"
+            ;;
+      esac
+   done
+
+
+   echo ""
+   echo -e "\033[32m--\033[m"
+   echo ""
+   echo "   Insert TTL for dns entry"
+   echo ""
+   echo ""
+   echononl "   TTL [${DEFAULT_TTL}]: "
+   read TTL
+   if [[ "X$TTL" = "X" ]] ; then
+      TTL="${DEFAULT_TTL}"
+   fi
+fi
+
+
+
+if [[ -z "$(trim "${DKIM_DOMAIN}")" ]]; then
+   fatal "Variable \033[1mDKIM_DOMAIN\033[m not set!"
+fi
+
+if [[ -z "$(trim "${DKIM_UPDATE_ZONE}")" ]]; then
+   fatal "Variable \033[1mDKIM_UPDATE_ZONE\033[m not set!"
+fi
+
+if [[ -z "$(trim "${KEY_SECRET}")" ]]; then
+   fatal "Variable \033[1mKEY_SECRET\033[m not set!"
+fi
+
+
+blank_line
+blank_line
+
+declare -i length_dkim_key=${#DKIM_KEY}
+
+if [[ "${SERVICE_TYPE,,}" = "none" ]] ; then
+   _intro="v=${DKIM_TYPE}; k=${KEY_TYPE};"
+else
+   _intro="v=${DKIM_TYPE}; k=${KEY_TYPE}; s=${SERVICE_TYPE};"
+fi
+declare -i length_intro=${#_intro}
+
+declare -i total_length=$((length_intro + length_dkim_key))
+
+
+echononl "Create (splitted) 'p' value of DNS record.."
+if [[ ${total_length} -gt 255 ]] ; then
+
+   TMP_DKIM_KEY="$DKIM_KEY"
+
+   p_val=""
+
+   _length=64
+   declare -i index=1
+
+   while [ -n "$TMP_DKIM_KEY" ]; do
+      if [[ index -eq 1 ]]; then
+         p_val="\"${TMP_DKIM_KEY:0:$_length}\""
+      else
+         p_val+=" \"${TMP_DKIM_KEY:0:$_length}\""
+      fi
+
+      TMP_DKIM_KEY="${TMP_DKIM_KEY:$_length}"
+
+      (( ++index ))
+
+   done
+   echo_done
+
+   # Note:
+   #     !! closing quotation marks are already included !!
+   #
+   txt_val="\"${_intro} p=\" ${p_val}"
+
+else
+   echo_skipped
+   p_val="${DKIM_KEY}"
+   txt_val="\"${_intro} p=${p_val}\""
+fi
+
+
+
+
+if $terminal ; then
+   echo ""
+   echo ""
+   echo -e "   \033[1m----------\033[m"
+   echo "   DKIM Domain......................: $DKIM_DOMAIN"
+   echo ""
+   echo "   Name of the CNAME Record.........: $HOSTNAME"
+   echo "   Target of the CNAMER Record......: $CNAME"
+   echo ""
+   echo "   Domain used for DKIM TXT record..: $DKIM_UPDATE_ZONE"
+   echo "   Secret for the update key........: $KEY_SECRET"
+   echo "   Algorithm used for the TSIG key..: $KEY_ALGO"
+   echo "   Name of the TSIG key.............: $KEY_NAME"
+   echo ""
+   echo "   DNS Master Server................: $DNS_DKIM_ZONE_MASTER_SERVER"
+   if [[ -z "$TTL" ]] || [[ "${TTL,,}" = "none" ]] ; then
+      echo -e "   TTL for the CNAME TXT Record.....: \033[33m- Not set -\033[m"
+   else
+      echo "   TTL for the CNAMR TXT Record.....: $TTL"
+   fi
+   echo ""
+   echo -e "   \033[1m----------\033[m"
+   echo ""
+   echo -e "   DNS Record to add:\n\n\033[33m${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}. ${TTL} IN TXT ${txt_val}\033[m"
+   echo ""
+   echo -e "\n\n   The following 'nsupdate'command will be used:"
+   cat <<END
+
+cat <<EOF | nsupdate -v -L3
+server $DNS_DKIM_ZONE_MASTER_SERVER
+zone $DKIM_UPDATE_ZONE
+key ${KEY_ALGO}:$KEY_NAME $KEY_SECRET
+update delete ${HOSTNAME}.${DKIM_UPDATE_ZONE}.
+update add ${HOSTNAME}.${DKIM_UPDATE_ZONE}. $TTL IN CNAME ${CNAME}
+send
+EOF
+
+END
+
+   echo ""
+   echo -n "   Type upper case 'YES' to start: "
+   read OK
+   if [[ "$OK" != "YES" ]] ; then
+      fatal "Abort by user request - Answer iwas not 'YES'"
+   fi
+   echo ""
+fi
+
+if $terminal ; then
+   echo ""
+   echo -e  "   \033[32mUpdate Zone \033[37m\033[1m${DKIM_UPDATE_ZONE}\033[m\033[32m DNS Server \033[37m\033[1m${DNS_DKIM_ZONE_MASTER_SERVER}\033[m"
+   echo ""
+fi
+
+
+echononl "   Add CNAME entry for \033[1m${CNAME}\033[m .."
+cat <<EOF | nsupdate -v -L3 > $log_file 2>&1
+zone $DKIM_UPDATE_ZONE
+key ${KEY_ALGO}:$KEY_NAME $KEY_SECRET
+update delete ${HOSTNAME}.${DKIM_UPDATE_ZONE}.
+update add ${HOSTNAME}.${DKIM_UPDATE_ZONE}. $TTL IN CNAME ${CNAME}
+send
+EOF
+if [[ $? -eq 0 ]] ; then
+   echo_ok
+else
+   echo_failed
+
+   cat <<END
+
+Command was:
+
+cat <<EOF | nsupdate -v -L3
+cat <<EOF | nsupdate -v -L3 > $log_file 2>&1
+zone $DKIM_UPDATE_ZONE
+key ${KEY_ALGO}:$KEY_NAME $KEY_SECRET
+update delete ${HOSTNAME}.${DKIM_UPDATE_ZONE}.
+update add ${HOSTNAME}.${DKIM_UPDATE_ZONE}. $TTL IN CNAME ${CNAME}
+send
+EOF
+END
+
+   error "$(cat $log_file)"
+fi
+
+
+info "Flush update data from .jnl files of domain \033[1m${DKIM_UPDATE_ZONE}\033[m back to the zone file:
+
+             rndc freeze <zone>  -  \033[1mrndc freeze ${DKIM_UPDATE_ZONE}\033[m
+             rndc thaw <zone     -  \033[1mrndc thaw ${DKIM_UPDATE_ZONE}\033[m"
+
+
+clean_up 0
diff --git a/conf/add_cname_for_dkim_entry.conf.sample b/conf/add_cname_for_dkim_entry.conf.sample
new file mode 100644
index 0000000..ef0b3b6
--- /dev/null
+++ b/conf/add_cname_for_dkim_entry.conf.sample
@@ -0,0 +1,71 @@
+# --------------------------------------------------------------
+# - Parameter Settings for script 'add_cname_for_dkim_entry.sh'.
+# --------------------------------------------------------------
+ 
+ 
+# ---------- 
+# DNS Server 
+# ---------- 
+ 
+# - DNS_DKIM_ZONE_MASTER_SERVER
+# - 
+# - The DNS Server who is serving the update zone and is used 
+# - for the dynamic updates (nsupdate) 
+# -
+# - Example:
+# -
+# -    DNS_DKIM_ZONE_MASTER_SERVER="b.ns.oopen.de"
+# -    DNS_DKIM_ZONE_MASTER_SERVER="dns0.warenform.de"
+#
+#DNS_DKIM_ZONE_MASTER_SERVER=""
+
+
+# - TTL
+# -
+# - TTL for the DKIM TXT Record.
+# -
+# - Defaults to "3600" if update_dns=true
+# -
+#TTL=3600
+
+
+# ----------
+# TSIG Key
+# ----------
+
+# - KEY_SECRET
+# -
+# - Sectret Key used by 'nsupdate' to create/update the
+# - DKIM TXT record.
+# -
+# - Example:
+# -
+# -    # Key b.ns.oopen.de
+# -    KEY_SECRET="4woPu0jqf9Jp1IX+gduJ3BVW/1ZMeyCPTQMqEsMXLFw="
+# -
+# -    # Key dns0.warenform.de
+# -    KEY_SECRET="qG9e/gOucCXcwVUTU+uewU0Yth1iJh2JHgnogrHvh2A="
+# -
+#KEY_SECRET=""
+
+# - KEY_ALGO
+# -
+# - The key algorithm used for key creation. Available choices are: hmac-md5, 
+# - hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512. The 
+# - default is hmac-sha256. Options are case-insensitive.
+# -
+# - Example:
+# -    KEY_ALGO="hmac-md5"
+# -
+# - Defaults to 'hmac-sha256'
+# -
+#KEY_ALGO="hmac-sha256"
+
+# - KEY_NAME
+# -
+# - Name of the Key
+# -
+# - Defaults to "$update_zone"
+# -
+#KEY_NAME="update-dkim"
+