diff options
Diffstat (limited to 'dehydrated/bin/dehydrated-nsupdate')
-rwxr-xr-x | dehydrated/bin/dehydrated-nsupdate | 44 |
1 files changed, 36 insertions, 8 deletions
diff --git a/dehydrated/bin/dehydrated-nsupdate b/dehydrated/bin/dehydrated-nsupdate index 96c95eb..05027ab 100755 --- a/dehydrated/bin/dehydrated-nsupdate +++ b/dehydrated/bin/dehydrated-nsupdate @@ -109,12 +109,12 @@ NAMESERVERS_IPV4="" for NAMESERVER in ${NAMESERVERS} do - if [ -n "$(${DIG} +nocomments +noquestion +short AAAA ${NAMESERVER})" ] + if [ -n "$(${DIG} +nocomments +noquestion +short AAAA "${NAMESERVER}")" ] then NAMESERVERS_IPV6="${NAMESERVERS_IPV6} ${NAMESERVER}" fi - if [ -n "$(${DIG} +nocomments +noquestion +short A ${NAMESERVER})" ] + if [ -n "$(${DIG} +nocomments +noquestion +short A "${NAMESERVER}")" ] then NAMESERVERS_IPV4="${NAMESERVERS_IPV4} ${NAMESERVER}" fi @@ -133,16 +133,44 @@ then NAMESERVERS="${NAMESERVERS} ${NAMESERVERS_IPV4}" fi -NAMESERVERS="$(echo ${NAMESERVERS} | sed -e 's| |\n|g' | sort -u -V)" +NAMESERVERS="$(echo "${NAMESERVERS}" | sed -e 's| |\n|g' | sort -u -V)" # update nameservers -if [ -n "${TSIG_KEYFILE}" ] && [ -e "${TSIG_KEYFILE}" ] -then - NSUPDATE_OPTIONS="-k ${TSIG_KEYFILE}" -fi - for NAMESERVER in ${NAMESERVERS} do + if [ -e "/etc/dehydrated/tsig/$(basename "${TXT_RECORD}" .).key" ] + then + # specific key per record + KEY="/etc/dehydrated/tsig/$(basename "${TXT_RECORD}" .).key" + elif [ -e "/etc/dehydrated/tsig/$(basename "${ZONE}" .).key" ] + then + # specific key per zone + KEY="/etc/dehydrated/tsig/$(basename "${ZONE}" .).key" + elif [ -e "/etc/dehydrated/tsig/$(basename "${NAMESERVER}" .).key" ] + then + # specific key per nameserver + KEY="/etc/dehydrated/tsig/$(basename "${NAMESERVER}" .).key" + elif [ -e "/etc/dehydrated/tsig.key" ] + then + # global key (filesystem) + KEY="/etc/dehydrated/tsig.key" + elif [ -n "${TSIG_KEYFILE}" ] && [ -e "${TSIG_KEYFILE}" ] + then + # global key (conffile) + KEY="${TSIG_KEYFILE}" + else + # no key + KEY="" + fi + + # ignoring comments to allow empty keyfiles to disable TSIG individually + TSIG="$(grep -sv '^#' "${KEY}" || true)" + + if [ -n "${KEY}" ] && [ -n "${TSIG}" ] + then + NSUPDATE_OPTIONS="-k ${KEY}" + fi + echo -n " + sending '${HOOK_ACTION}' for ${TXT_RECORD} to ${NAMESERVER}..." # shellcheck disable=SC2086 |