summaryrefslogtreecommitdiffstats
path: root/dehydrated
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2022-06-09 14:16:04 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2022-06-09 14:16:04 +0000
commitf06ab858f1faa68dbe5dd3e149cf108ae3910509 (patch)
treef87945ed94a8d526a83a2bff2dc538e899bbad3a /dehydrated
parentReleasing debian version 20220525-1. (diff)
downloadopen-infrastructure-service-tools-f06ab858f1faa68dbe5dd3e149cf108ae3910509.tar.xz
open-infrastructure-service-tools-f06ab858f1faa68dbe5dd3e149cf108ae3910509.zip
Merging upstream version 20220609.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dehydrated')
-rwxr-xr-xdehydrated/bin/dehydrated-nsupdate35
-rw-r--r--dehydrated/share/man/dehydrated-nsupdate.1.rst3
2 files changed, 35 insertions, 3 deletions
diff --git a/dehydrated/bin/dehydrated-nsupdate b/dehydrated/bin/dehydrated-nsupdate
index fa421ea..96c95eb 100755
--- a/dehydrated/bin/dehydrated-nsupdate
+++ b/dehydrated/bin/dehydrated-nsupdate
@@ -88,9 +88,9 @@ else
TXT_RECORD="_acme-challenge.${DOMAIN}"
fi
-# find nameservers to update
ZONE="${TXT_RECORD}"
+# find all nameservers to update
while true
do
NAMESERVERS="$(${DIG} +nocomments +noquestion NS "${ZONE}" 2>&1 | grep -v '^;' | awk '/NS/ { print $5 }')"
@@ -104,12 +104,43 @@ do
fi
done
+NAMESERVERS_IPV6=""
+NAMESERVERS_IPV4=""
+
+for NAMESERVER in ${NAMESERVERS}
+do
+ if [ -n "$(${DIG} +nocomments +noquestion +short AAAA ${NAMESERVER})" ]
+ then
+ NAMESERVERS_IPV6="${NAMESERVERS_IPV6} ${NAMESERVER}"
+ fi
+
+ if [ -n "$(${DIG} +nocomments +noquestion +short A ${NAMESERVER})" ]
+ then
+ NAMESERVERS_IPV4="${NAMESERVERS_IPV4} ${NAMESERVER}"
+ fi
+done
+
+# filter nameservers by available IP protocol
+NAMESERVERS=""
+
+if hostname -I | grep -qs ':'
+then
+ NAMESERVERS="${NAMESERVERS} ${NAMESERVERS_IPV6}"
+fi
+
+if hostname -I | grep -qs '\.'
+then
+ NAMESERVERS="${NAMESERVERS} ${NAMESERVERS_IPV4}"
+fi
+
+NAMESERVERS="$(echo ${NAMESERVERS} | sed -e 's| |\n|g' | sort -u -V)"
+
+# update nameservers
if [ -n "${TSIG_KEYFILE}" ] && [ -e "${TSIG_KEYFILE}" ]
then
NSUPDATE_OPTIONS="-k ${TSIG_KEYFILE}"
fi
-# update nameservers
for NAMESERVER in ${NAMESERVERS}
do
echo -n " + sending '${HOOK_ACTION}' for ${TXT_RECORD} to ${NAMESERVER}..."
diff --git a/dehydrated/share/man/dehydrated-nsupdate.1.rst b/dehydrated/share/man/dehydrated-nsupdate.1.rst
index 058785f..db58d5c 100644
--- a/dehydrated/share/man/dehydrated-nsupdate.1.rst
+++ b/dehydrated/share/man/dehydrated-nsupdate.1.rst
@@ -54,7 +54,8 @@ Features
| **automatic nameserver detection**
| **dehydrated-nsupdate** automatically finds and updates all authoritative
-| nameservers for a given record by looking up the records in the DNS by itself.
+| nameservers for a given record by looking up the records in the DNS by itself,
+| supporting IPv6-only, IPv4-only, and dual-stacked environments.
| **proper CNAME support**
| **dehydrated-nsupdate** follows CNAMEs delegating the TXT record creation to