dnsapi/dns_nsupdate.sh

   1 #!/usr/bin/env sh
   2
   3 ########  Public functions #####################
   4
   5 #Usage: dns_nsupdate_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
   6 dns_nsupdate_add() {
   7   fulldomain=$1
   8   txtvalue=$2
   9   NSUPDATE_SERVER="${NSUPDATE_SERVER:-$(_readaccountconf_mutable NSUPDATE_SERVER)}"
  10   NSUPDATE_SERVER_PORT="${NSUPDATE_SERVER_PORT:-$(_readaccountconf_mutable NSUPDATE_SERVER_PORT)}"
  11   NSUPDATE_KEY="${NSUPDATE_KEY:-$(_readaccountconf_mutable NSUPDATE_KEY)}"
  12   NSUPDATE_ZONE="${NSUPDATE_ZONE:-$(_readaccountconf_mutable NSUPDATE_ZONE)}"
  13
  14   _checkKeyFile || return 1
  15
  16   # save the dns server and key to the account conf file.
  17   _saveaccountconf_mutable NSUPDATE_SERVER "${NSUPDATE_SERVER}"
  18   _saveaccountconf_mutable NSUPDATE_SERVER_PORT "${NSUPDATE_SERVER_PORT}"
  19   _saveaccountconf_mutable NSUPDATE_KEY "${NSUPDATE_KEY}"
  20   _saveaccountconf_mutable NSUPDATE_ZONE "${NSUPDATE_ZONE}"
  21
  22   [ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
  23   [ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53
  24
  25   _info "adding ${fulldomain}. 60 in txt \"${txtvalue}\""
  26   [ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_1" ] && nsdebug="-d"
  27   [ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_2" ] && nsdebug="-D"
  28   if [ -z "${NSUPDATE_ZONE}" ]; then
  29     nsupdate -k "${NSUPDATE_KEY}" $nsdebug <<EOF
  30 server ${NSUPDATE_SERVER}  ${NSUPDATE_SERVER_PORT}
  31 update add ${fulldomain}. 60 in txt "${txtvalue}"
  32 send
  33 EOF
  34   else
  35     nsupdate -k "${NSUPDATE_KEY}" $nsdebug <<EOF
  36 server ${NSUPDATE_SERVER}  ${NSUPDATE_SERVER_PORT}
  37 zone ${NSUPDATE_ZONE}.
  38 update add ${fulldomain}. 60 in txt "${txtvalue}"
  39 send
  40 EOF
  41   fi
  42   if [ $? -ne 0 ]; then
  43     _err "error updating domain"
  44     return 1
  45   fi
  46
  47   return 0
  48 }
  49
  50 #Usage: dns_nsupdate_rm   _acme-challenge.www.domain.com
  51 dns_nsupdate_rm() {
  52   fulldomain=$1
  53
  54   NSUPDATE_SERVER="${NSUPDATE_SERVER:-$(_readaccountconf_mutable NSUPDATE_SERVER)}"
  55   NSUPDATE_SERVER_PORT="${NSUPDATE_SERVER_PORT:-$(_readaccountconf_mutable NSUPDATE_SERVER_PORT)}"
  56   NSUPDATE_KEY="${NSUPDATE_KEY:-$(_readaccountconf_mutable NSUPDATE_KEY)}"
  57   NSUPDATE_ZONE="${NSUPDATE_ZONE:-$(_readaccountconf_mutable NSUPDATE_ZONE)}"
  58
  59   _checkKeyFile || return 1
  60   [ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
  61   [ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53
  62   _info "removing ${fulldomain}. txt"
  63   [ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_1" ] && nsdebug="-d"
  64   [ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_2" ] && nsdebug="-D"
  65   if [ -z "${NSUPDATE_ZONE}" ]; then
  66     nsupdate -k "${NSUPDATE_KEY}" $nsdebug <<EOF
  67 server ${NSUPDATE_SERVER}  ${NSUPDATE_SERVER_PORT}
  68 update delete ${fulldomain}. txt
  69 send
  70 EOF
  71   else
  72     nsupdate -k "${NSUPDATE_KEY}" $nsdebug <<EOF
  73 server ${NSUPDATE_SERVER}  ${NSUPDATE_SERVER_PORT}
  74 zone ${NSUPDATE_ZONE}.
  75 update delete ${fulldomain}. txt
  76 send
  77 EOF
  78   fi
  79   if [ $? -ne 0 ]; then
  80     _err "error updating domain"
  81     return 1
  82   fi
  83
  84   return 0
  85 }
  86
  87 ####################  Private functions below ##################################
  88
  89 _checkKeyFile() {
  90   if [ -z "${NSUPDATE_KEY}" ]; then
  91     _err "you must specify a path to the nsupdate key file"
  92     return 1
  93   fi
  94   if [ ! -r "${NSUPDATE_KEY}" ]; then
  95     _err "key ${NSUPDATE_KEY} is unreadable"
  96     return 1
  97   fi
  98 }