spacefreak/dns-manager
1
0
Fork 0
Code Pull Requests Releases Activity

Add dns-zone-add and dns-zone-delete

Browse Source
This commit is contained in:
Thomas Oettli
2025-08-06 23:53:08 +02:00
parent 15ad2c5ab7
commit d0c42d0558
9 changed files with 457 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
config.sh
View File

@@ -9,8 +9,10 @@
# #
#DIG="/usr/bin/dig" #DIG="/usr/bin/dig"
#IDN2="/usr/bin/idn2" #IDN2="/usr/bin/idn2"
#JQ="/usr/bin/jq"
#NAMED_CHECKCONF="/usr/bin/named-checkconf" #NAMED_CHECKCONF="/usr/bin/named-checkconf"
#NSUPDATE="/usr/bin/nsupdate" #NSUPDATE="/usr/bin/nsupdate"
#RNDC="/usr/sbin/rndc"
# #
# Path to library directory # Path to library directory
@@ -56,7 +58,7 @@
#CONTROL_KEY="/etc/bind/rndc.key" #CONTROL_KEY="/etc/bind/rndc.key"
# #
# Associative array of config values per view. This option is mandatory when adding # Associative array of directories and config files per view. This option is mandatory when adding
# or removing zones. The syntax of the value is: # or removing zones. The syntax of the value is:
# ZONEDIR:CONFDIR:CFGFILE # ZONEDIR:CONFDIR:CFGFILE
# #
@@ -66,7 +68,7 @@
# The detour via CONFDIR is necessary because Bind does not support wildcards when # The detour via CONFDIR is necessary because Bind does not support wildcards when
# including config files. # including config files.
# #
#ZONE_DIRS=( #BASE_CONFIG=(
# [_default]="/etc/bind/dyn:/etc/dns-manager/default.zones:/etc/bind/default_zones.conf" # [_default]="/etc/bind/dyn:/etc/dns-manager/default.zones:/etc/bind/default_zones.conf"
#) #)

2
dns-record-add
View File

@@ -8,7 +8,7 @@ usage() {
cat <<EOF cat <<EOF
Usage: $SCRIPT [OPTIONS]... ZONE[@VIEW] NAME TTL TYPE VALUE Usage: $SCRIPT [OPTIONS]... ZONE[@VIEW] NAME TTL TYPE VALUE
Add a new record to a DNS zone. Add new records to a DNS zone.
Options: Options:
-c, --config path to config file -c, --config path to config file

2
dns-record-delete
View File

@@ -8,7 +8,7 @@ usage() {
cat <<EOF cat <<EOF
Usage: $SCRIPT [OPTIONS]... ZONE[@VIEW] NAME TYPE [VALUE] Usage: $SCRIPT [OPTIONS]... ZONE[@VIEW] NAME TYPE [VALUE]
Delete records from a DNS zone. Delete DNS records.
Options: Options:
-c, --config path to config file -c, --config path to config file

4
dns-zone
View File

@@ -11,6 +11,8 @@ Usage: $SCRIPT [OPTIONS]... COMMAND [COMMAND OPTIONS]
Manage DNS zones. Manage DNS zones.
Commands: Commands:
* add add new zone
* delete delete zone
* help [COMMAND] show help message of commands * help [COMMAND] show help message of commands
* list show zone content * list show zone content
@@ -68,7 +70,7 @@ if [ "$cmd" == "help" ]; then
fi fi
case "$cmd" in case "$cmd" in
list) add|delete|list)
"$SCRIPT_DIR"/dns-zone-$cmd $params "$@" "$SCRIPT_DIR"/dns-zone-$cmd $params "$@"
;; ;;
"") "")

175
dns-zone-add Executable file
View File

@@ -0,0 +1,175 @@
#!/usr/bin/env bash
SCRIPT_PATH=$(realpath -s "${0}")
SCRIPT_DIR=$(dirname "$SCRIPT_PATH")
SCRIPT=$(basename "$SCRIPT_PATH")
usage() {
cat <<EOF
Usage: $SCRIPT [OPTIONS]... ZONE[@VIEW]
Add new DNS zones.
Options:
-c, --config path to config file
-h, --help print this help message
-f, --force add zone without confirmation prompt
-i, --interactive interactively ask for missing arguments
-t, --config-template config file/template (overrides value set in ZONE_TEMPLATES config option)
-z, --zone-template zone file/template (overrides value set in ZONE_TEMPLATES config option)
EOF
exit
}
config_file="/etc/dns-manager/config.sh"
config_template=""
force=false
interactive=false
zone=""
zone_template=""
declare -a args=()
while [ -n "$1" ]; do
opt=$1
shift
case "$opt" in
-c|--config)
config_file=$1
if ! shift; then
echo "$SCRIPT: missing argument to option -- '$opt'" >&2
exit 1
fi
;;
-h|--help)
usage
;;
-f|--force)
force=true
;;
-i|--interactive)
interactive=true
;;
-t|--config-template)
config_template=$1
if ! shift; then
echo "$SCRIPT: missing argument to option -- '$opt'" >&2
exit 1
fi
;;
-z|--zone-template)
zone_template=$1
if ! shift; then
echo "$SCRIPT: missing argument to option -- '$opt'" >&2
exit 1
fi
;;
-*)
echo "$SCRIPT: invalid option -- '$opt'" >&2
exit 1
;;
*)
args+=("$opt")
if (( ${#args[@]} > 1 )); then
echo "$SCRIPT: invalid argument -- '$opt'" >&2
exit 1
fi
;;
esac
done
source "$config_file" || exit 2
LIB_DIR=${LIB_DIR:-$SCRIPT_DIR/lib}
source "$LIB_DIR"/dns.sh || exit 3
source "$LIB_DIR"/output.sh || exit 3
set -- "${args[@]}"
zone=$1
if shift; then
dns_check_zone_name_view "$zone" zone view || exit 10
elif $interactive; then
dns_read_zone_view zone view || exit 11
else
echo "$SCRIPT: missing argument -- ZONE[@VIEW]" >&2
exit 1
fi
declare -A output
if [ "${view}" == "*" ]; then
json_array_to_bash views < <(dns_zone_views)
else
views=("$view")
fi
for view in "${views[@]}"; do
dns_get_base_config "$view" zone_dir conf_dir || exit 13
zone_conf_file="$conf_dir/$zone.conf"
[ -f "$zone_conf_file" ] && echo "ERROR: config file already exists -- '$zone_conf_file'" >&2 && exit 14
zone_file="$zone_dir/$zone.zone"
[ -f "$zone_file" ] && echo "ERROR: zone file already exists -- '$zone_file'" >&2 && exit 15
IFS=":" read -r cfg_zone_template cfg_config_template <<<"${ZONE_TEMPLATES["$view"]}"
conf_template=${config_template:-${cfg_config_template}}
[ -z "$conf_template" ] && echo "ERROR: config template not configured nor specified by '-t' option" >&2 && exit 16
! [ -f "$conf_template" ] && echo "ERROR: zone config template: no such file -- '$conf_template'" >&2 && exit 17
zone_template=${zone_template:-${cfg_zone_template}}
[ -z "$zone_template" ] && echo "ERROR: zone template not configured nor specified by '-z' option" >&2 && exit 18
! [ -f "$zone_template" ] && echo "ERROR: zone template: no such file -- '$zone_template'" >&2 && exit 19
dns_check_zone_view "$zone@$view" &>/dev/null && echo "ERROR: non-managed zone already exists in DNS -- '$zone@$view'" >&2 && exit 16
done
if ! $force; then
for view in "${views[@]}"; do
echo "View: $view"
echo -e "\e[32m+ $TAB$zone\e[0m"
done
echo
! yes_no "Proceed?" && echo -e "Aborted" && exit
echo
fi
echo -n "Adding zone to config... "
for view in "${views[@]}"; do
dns_get_base_config "$view" zone_dir conf_dir conf_file || exit 13
zone_conf_file="$conf_dir/$zone.conf"
zone_file="$zone_dir/$zone.zone"
IFS=":" read -r cfg_zone_template cfg_config_template <<<"${ZONE_TEMPLATES["$view"]}"
conf_template=${config_template:-${cfg_config_template}}
zone_template=${zone_template:-${cfg_zone_template}}
! sed "s#%ZONE%#$zone#g;s#%ZONE_FILE%#$zone_file#g" "$conf_template" >"$zone_conf_file" && echo "ERROR: unable to write to config file -- '$zone_conf_file'" >&2 && exit 20
! sed "s#%ZONE%#$zone#g" "$zone_template" >"$zone_file" && echo "ERROR: unable to write to zone file -- '$zone_file'" >&2 && exit 21
! chown named:named "$zone_file" && echo "ERROR: unable to set ownership of zone file to 'named:named' -- '$zone_file'" >&2 && exit 22
tmp=$(mktemp)
cat >"$tmp" <<EOF
/*
* This file was generated by DNS-Manager.
* DO NOT EDIT, YOUR CHANGES WILL BE OVERWRITTEN!
*/
EOF
while IFS=$NEWLINE read -r file; do
if ! cat "$file" >>"$tmp"; then
echo "ERROR: unable to write to temp file -- '$tmp'" >&2
rm "$tmp"
exit 23
fi
done < <(find "$conf_dir" -maxdepth 1 -type f -name '*.conf')
if ! cat "$tmp" > "$conf_file"; then
echo "ERROR: unable to write config file -- '$conf_file'" >&2
rm "$tmp"
exit 24
fi
rm "$tmp"
done
echo "Ok"
dns_reload_config || exit 25

156
dns-zone-delete Executable file
View File

@@ -0,0 +1,156 @@
#!/usr/bin/env bash
SCRIPT_PATH=$(realpath -s "${0}")
SCRIPT_DIR=$(dirname "$SCRIPT_PATH")
SCRIPT=$(basename "$SCRIPT_PATH")
usage() {
cat <<EOF
Usage: $SCRIPT [OPTIONS]... ZONE[@VIEW]
Delete DNS zones.
Options:
-c, --config path to config file
-h, --help print this help message
-f, --force add zone without confirmation prompt
-i, --interactive interactively ask for missing arguments
EOF
exit
}
config_file="/etc/dns-manager/config.sh"
force=false
interactive=false
zone=""
declare -a args=()
while [ -n "$1" ]; do
opt=$1
shift
case "$opt" in
-c|--config)
config_file=$1
if ! shift; then
echo "$SCRIPT: missing argument to option -- '$opt'" >&2
exit 1
fi
;;
-h|--help)
usage
;;
-f|--force)
force=true
;;
-i|--interactive)
interactive=true
;;
-*)
echo "$SCRIPT: invalid option -- '$opt'" >&2
exit 1
;;
*)
args+=("$opt")
if (( ${#args[@]} > 1 )); then
echo "$SCRIPT: invalid argument -- '$opt'" >&2
exit 1
fi
;;
esac
done
source "$config_file" || exit 2
LIB_DIR=${LIB_DIR:-$SCRIPT_DIR/lib}
source "$LIB_DIR"/dns.sh || exit 3
source "$LIB_DIR"/output.sh || exit 3
set -- "${args[@]}"
zone=$1
if shift; then
dns_check_zone_view "$zone" zone view || exit 10
elif $interactive; then
dns_select_zone zone view || exit 11
else
echo "$SCRIPT: missing argument -- ZONE[@VIEW]" >&2
exit 1
fi
declare -A output
if [ "${view}" == "*" ]; then
json_array_to_bash views < <(dns_zone_views)
else
views=("$view")
fi
for view in "${views[@]}"; do
dns_get_base_config "$view" zone_dir conf_dir conf_file || exit 10
zone_conf_file="$conf_dir/$zone.conf"
! [ -f "$zone_conf_file" ] && echo "ERROR: zone exists in DNS but no config file found, zone not managed by DNS-Manager -- '$zone_conf_file'" >&2 && exit 14
zone_file="$zone_dir/$zone.zone"
! [ -f "$zone_file" ] && echo "ERROR: zone exists in DNS but no zone file found, zone not managed by DNS-Manager -- '$zone_file'" >&2 && exit 15
done
if ! $force; then
for view in "${views[@]}"; do
echo "View: $view"
echo -e "\e[31m- $TAB$zone\e[0m"
done
echo
! yes_no "Proceed?" && echo -e "Aborted" && exit
echo
fi
echo -n "Deleting zone from config... "
for view in "${views[@]}"; do
dns_get_base_config "$view" zone_dir conf_dir conf_file || exit 10
zone_conf_file="$conf_dir/$zone.conf"
! rm "$zone_conf_file" && echo "ERROR: unable to delete config file -- '$zone_conf_file'" >&2 && exit 14
tmp=$(mktemp)
cat >"$tmp" <<EOF
/*
* This file was generated by DNS-Manager.
* DO NOT EDIT, YOUR CHANGES WILL BE OVERWRITTEN!
*/
EOF
while IFS=$NEWLINE read -r file; do
if ! cat "$file" >>"$tmp"; then
echo "ERROR: unable to write to temp file -- '$tmp'" >&2
rm "$tmp"
exit 23
fi
done < <(find "$conf_dir" -maxdepth 1 -type f -name '*.conf')
if ! cat "$tmp" > "$conf_file"; then
echo "ERROR: unable to write config file -- '$conf_file'" >&2
rm "$tmp"
exit 24
fi
rm "$tmp"
done
echo "Ok"
echo -n "Reload Bind config... "
rndc_args=""
[ -n "$CONTROL_KEY" ] && rndc_args="-k $CONTROL_KEY"
! "$RNDC" $rndc_args reconfig && echo "ERROR: rndc reconfig failed" >&2 && exit 25
echo "Ok"
error=false
echo -n "Deleting zone files... "
for view in "${views[@]}"; do
dns_get_base_config "$view" zone_dir || exit 10
zone_file="$zone_dir/$zone.zone"
! rm "$zone_file" && echo "ERROR: unable to delete zone file -- '$zone_file'" >&2 && error=true
while IFS=$NEWLINE read -r file; do
! rm "$file" && echo "ERROR: unable to delete zone related file -- '$zone_file'" >&2 && error=true
done < <(find "$zone_dir" -maxdepth 1 -type f -name "$zone.zone.*")
done
! $error && echo "Ok"

122
lib/dns.sh
View File

@@ -4,25 +4,27 @@
# config variables # # config variables #
#################### ####################
if [ -z "${!DNS_KEYS[*]}" ]; then [ -z "${!DNS_KEYS[*]}" ] && declare -A DNS_KEYS=()
declare -A DNS_KEYS=() [ -z "${!BASE_CONFIG[*]}" ] && declare -A BASE_CONFIG=()
fi [ -z "${!ZONE_TEMPLATES[*]}" ] && declare -A ZONE_TEMPLATES=()
DNS_IP=${DNS_IP:-127.0.0.1} DNS_IP=${DNS_IP:-127.0.0.1}
DIG=${DIG:-$(which dig)} || exit 1 DIG=${DIG:-$(which dig)} || exit 1
IDN2=${IDN2:-$(which idn2)} || exit 1 IDN2=${IDN2:-$(which idn2)} || exit 1
JQ=${JQ:-$(which jq)} || exit 1 JQ=${JQ:-$(which jq)} || exit 1
NAMED_CHECKCONF=${NAMED_CHECKCONF:-$(which named-checkconf)} || exit 1 NAMED_CHECKCONF=${NAMED_CHECKCONF:-$(which named-checkconf)} || exit 1
NSUPDATE=${NSUPDATE:-$(which nsupdate)} || exit 1 NSUPDATE=${NSUPDATE:-$(which nsupdate)} || exit 1
TERMINAL_WITH=${MAX_TERMINAL_WITH:-$($(which stty) size | cut -d " " -f 2)} || exit 1 RNDC=${RNDC:-$(which rndc)} || exit 1
TERMINAL_WITH=${MAX_TERMINAL_WITH:-$($(which stty) size | cut -d " " -f 2)} || exit 1
#################### ####################
# global variables # # global variables #
#################### ####################
# List of managable DNS record types # List of managable DNS record types
declare -a DNS_RECORD_TYPES=("A" "AAAA" "CAA" "CDS" "CNAME" "DS" "MX" "NS" "PTR" "SRV" "TLSA" "TXT") declare -a DNS_RECORD_TYPES=("A" "AAAA" "CAA" "CDS" "CNAME" "DNAME" "DS" "MX" "NS" "PTR" "SRV" "TLSA" "TXT")
# Global variables # Global variables
NEWLINE=$'\n' NEWLINE=$'\n'
@@ -116,7 +118,7 @@ _get_keyfile() {
return 0 return 0
fi fi
echo "ERROR: config: no key found for '$zone@$view' or '$view'" >&2 echo "ERROR: no key configured for '$zone@$view' or '$view'" >&2
return 1 return 1
} }
@@ -149,6 +151,31 @@ _nsupdate() {
} }
#####################
# general functions #
#####################
dns_get_base_config() {
local view=$1
local zone_dir_retvar=${2:-REPLY}
local conf_dir_retvar=${3:-REPLY}
local conf_file_retvar=${4:-REPLY}
local base_config=${BASE_CONFIG[$view]}
[ -z "$base_config" ] && echo "ERROR: no base config found for view -- '$view'" >&2 && return 1
local __zone_dir __conf_dir __conf_file
IFS=":" read -r __zone_dir __conf_dir __conf_file <<<"$base_config"
[ -z "$__zone_dir" -o -z "$__conf_dir" -o -z "$__conf_file" ] && echo "ERROR: invalid BASE_CONFIG for view -- '$view'" >&2 && return 2
! [ -d "$__conf_dir" ] && echo "ERROR: conf dir: no such directory -- '$__conf_dir'" >&2 && return 3
! [ -d "$__zone_dir" ] && echo "ERROR: zone dir: no such directory -- '$__zone_dir'" >&2 && return 4
declare -g $zone_dir_retvar="$__zone_dir"
declare -g $conf_dir_retvar="$__conf_dir"
declare -g $conf_file_retvar="$__conf_file"
}
############################# #############################
# data generation functions # # data generation functions #
############################# #############################
@@ -237,7 +264,6 @@ dns_check_zone() {
$found && declare -g $retvar="$zone" && return 0 $found && declare -g $retvar="$zone" && return 0
declare -g $retvar=""
echo "ERROR: zone does not exist -- '$zone'" >&2 echo "ERROR: zone does not exist -- '$zone'" >&2
return 2 return 2
} }
@@ -291,12 +317,49 @@ dns_check_zone_view() {
} }
dns_check_zone_name() { dns_check_zone_name() {
local name=${1,,} local zone=${1,,}
local retvar=${2:-REPLY}
[[ "$name" =~ ^[a-z0-9_][a-z0-9_.-]*$ ]] && [[ "$name" != *"." ]] && return 0 zone=$("$IDN2" <<<"$zone")
if ! [[ "$zone" =~ ^[a-z0-9_][a-z0-9_.-]*$ ]] || [[ "$zone" == *"." ]]; then
echo "ERROR: invalid zone name -- '$zone'" >&2
return 1
fi
echo "ERROR: invalid zone name -- '$name'" >&2 declare -g $retvar="$zone"
return 1 }
dns_check_zone_name_view() {
local zone_view=${1,,}
local zone_retvar=$2
local view_retvar=$3
local zone view
IFS='@' read -r zone view <<<"$zone_view"
dns_check_zone_name "$zone" zone || return 1
if [ -z "$view" ]; then
view=$NAMED_DEFAULT_VIEW
elif [ "$view" != "*" ]; then
dns_check_view "$view" || return 2
fi
local -a views=()
json_array_to_bash views < <(dns_zone_views "$zone")
if (( ${#views[@]} > 0 )); then
if [ "${view}" == "*" ]; then
echo "ERROR: zone '$zone' already exists in these views -- '$(join_by ", " "${views[@]}")'" >&2 && return 4
else
in_array "$view" "${views[@]}" && echo "ERROR: zone '$zone' already exists in view -- '$view'" >&2 && return 5
fi
fi
[ -n "$zone_retvar" ] && declare -g $zone_retvar="$zone"
[ -n "$view_retvar" ] && declare -g $view_retvar="$view"
return 0
} }
dns_check_record_name() { dns_check_record_name() {
@@ -308,7 +371,7 @@ dns_check_record_name() {
name=$("$IDN2" <<<"$name") name=$("$IDN2" <<<"$name")
local LC_ALL=C local LC_ALL=C
if [[ "$name" =~ ^[a-z0-9_][a-z0-9_.-]*$ ]] && [[ "$name" != *"." ]]; then if [[ "$name" =~ ^[a-zA-Z0-9_][a-zA-Z0-9_.-]*$ ]] && [[ "$name" != *"." ]]; then
declare -g $retvar="$name" declare -g $retvar="$name"
return 0 return 0
fi fi
@@ -464,22 +527,19 @@ dns_select_record_type() {
declare -g $retvar="$rtype" declare -g $retvar="$rtype"
} }
dns_read_zone_name() { dns_read_zone_view() {
# TODO local zone_retvar=$1
exit local view_retvar=$2
#if [ -n "$zone" ]; then local zone view
# if ! in_array "$zone" "${zones[@]}"; then while [ -z "$zone" ]; do
# echo "ERROR: unknown zone '$zone'" >&2 read -e -p "Zone name (ZONE or ZONE@VIEW): " zone
# return 1 [ -n "$zone" ] && ! dns_check_zone_name_view "$zone" zone view && zone=""
# fi done
#fi echo
#if [ -n "$view" ]; then
# if ! in_array "$view" "${views[@]}" ]]; then declare -g $zone_retvar="$zone"
# echo "ERROR: zone '$zone' is not part of view '$view'" >&2 declare -g $view_retvar="$view"
# return 2
# fi
#fi
} }
dns_read_record_name() { dns_read_record_name() {
@@ -591,3 +651,11 @@ dns_record_delete() {
_nsupdate "$zone" "$view" "$update_script" "$pretend" _nsupdate "$zone" "$view" "$update_script" "$pretend"
return $? return $?
} }
dns_reload_config() {
echo -n "Reload Bind config... "
rndc_args=""
[ -n "$CONTROL_KEY" ] && rndc_args="-k $CONTROL_KEY"
! "$RNDC" $rndc_args reconfig && echo "ERROR: rndc reconfig failed" >&2 && return 1
echo "Ok"
}

11
templates/zone.config.template Normal file
View File

@@ -0,0 +1,11 @@
zone "%ZONE%" {
type master;
file "%ZONE_FILE%";
update-policy {
grant dns-manager-key zonesub any;
};
allow-transfer {
key dns-manager-key;
};
};

10
templates/zone.template Normal file
View File

@@ -0,0 +1,10 @@
$TTL 86400 ; 1 day
@ IN SOA dns1.%ZONE%. hostmaster.%ZONE%. (
1 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
NS dns1.%ZONE%.
NS dns2.%ZONE%.