summaryrefslogtreecommitdiffstats
path: root/dehydrated/bin/dehydrated-nsupdate
diff options
context:
space:
mode:
Diffstat (limited to 'dehydrated/bin/dehydrated-nsupdate')
-rwxr-xr-xdehydrated/bin/dehydrated-nsupdate44
1 files changed, 36 insertions, 8 deletions
diff --git a/dehydrated/bin/dehydrated-nsupdate b/dehydrated/bin/dehydrated-nsupdate
index 96c95eb..05027ab 100755
--- a/dehydrated/bin/dehydrated-nsupdate
+++ b/dehydrated/bin/dehydrated-nsupdate
@@ -109,12 +109,12 @@ NAMESERVERS_IPV4=""
for NAMESERVER in ${NAMESERVERS}
do
- if [ -n "$(${DIG} +nocomments +noquestion +short AAAA ${NAMESERVER})" ]
+ if [ -n "$(${DIG} +nocomments +noquestion +short AAAA "${NAMESERVER}")" ]
then
NAMESERVERS_IPV6="${NAMESERVERS_IPV6} ${NAMESERVER}"
fi
- if [ -n "$(${DIG} +nocomments +noquestion +short A ${NAMESERVER})" ]
+ if [ -n "$(${DIG} +nocomments +noquestion +short A "${NAMESERVER}")" ]
then
NAMESERVERS_IPV4="${NAMESERVERS_IPV4} ${NAMESERVER}"
fi
@@ -133,16 +133,44 @@ then
NAMESERVERS="${NAMESERVERS} ${NAMESERVERS_IPV4}"
fi
-NAMESERVERS="$(echo ${NAMESERVERS} | sed -e 's| |\n|g' | sort -u -V)"
+NAMESERVERS="$(echo "${NAMESERVERS}" | sed -e 's| |\n|g' | sort -u -V)"
# update nameservers
-if [ -n "${TSIG_KEYFILE}" ] && [ -e "${TSIG_KEYFILE}" ]
-then
- NSUPDATE_OPTIONS="-k ${TSIG_KEYFILE}"
-fi
-
for NAMESERVER in ${NAMESERVERS}
do
+ if [ -e "/etc/dehydrated/tsig/$(basename "${TXT_RECORD}" .).key" ]
+ then
+ # specific key per record
+ KEY="/etc/dehydrated/tsig/$(basename "${TXT_RECORD}" .).key"
+ elif [ -e "/etc/dehydrated/tsig/$(basename "${ZONE}" .).key" ]
+ then
+ # specific key per zone
+ KEY="/etc/dehydrated/tsig/$(basename "${ZONE}" .).key"
+ elif [ -e "/etc/dehydrated/tsig/$(basename "${NAMESERVER}" .).key" ]
+ then
+ # specific key per nameserver
+ KEY="/etc/dehydrated/tsig/$(basename "${NAMESERVER}" .).key"
+ elif [ -e "/etc/dehydrated/tsig.key" ]
+ then
+ # global key (filesystem)
+ KEY="/etc/dehydrated/tsig.key"
+ elif [ -n "${TSIG_KEYFILE}" ] && [ -e "${TSIG_KEYFILE}" ]
+ then
+ # global key (conffile)
+ KEY="${TSIG_KEYFILE}"
+ else
+ # no key
+ KEY=""
+ fi
+
+ # ignoring comments to allow empty keyfiles to disable TSIG individually
+ TSIG="$(grep -sv '^#' "${KEY}" || true)"
+
+ if [ -n "${KEY}" ] && [ -n "${TSIG}" ]
+ then
+ NSUPDATE_OPTIONS="-k ${KEY}"
+ fi
+
echo -n " + sending '${HOOK_ACTION}' for ${TXT_RECORD} to ${NAMESERVER}..."
# shellcheck disable=SC2086