mafoo.org.uk/mythic-beasts-dns-sync
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: mafoo.org.uk:95f0148af94e4c654560e7ddbe049584a8e270fc
Branches Tags
mafoo.org.uk:main mafoo.org.uk:autobuild mafoo.org.uk:feature/handle-sshfp
mafoo.org.uk:v1.2 mafoo.org.uk:v1.1 mafoo.org.uk:v1.1-rc1 mafoo.org.uk:v1.0-rc2 mafoo.org.uk:v1.0-rc1
...
compare: mafoo.org.uk:autobuild
Branches Tags
mafoo.org.uk:autobuild mafoo.org.uk:main mafoo.org.uk:feature/handle-sshfp
mafoo.org.uk:v1.2 mafoo.org.uk:v1.1 mafoo.org.uk:v1.1-rc1 mafoo.org.uk:v1.0-rc2 mafoo.org.uk:v1.0-rc1

12 Commits
95f0148af9 ... autobuild

Author SHA1 Message Date
Matthew Slowe
3c37c1909b try building 2025-06-21 15:36:59 +01:00
Matthew Slowe
c27ca17ad4 Add license 2023-09-02 15:12:21 +01:00
foo
1f66bdca65 Merge pull request '7-api-sequencing' (#8) from 7-api-sequencing into main 
Reviewed-on: #8
 2023-09-02 14:06:54 +00:00
Matthew Slowe
b1767bdaae Extraneous logging 2023-09-02 14:59:10 +01:00
Matthew Slowe
cb62c68633 and messaging 2023-09-02 14:55:35 +01:00
Matthew Slowe
d43ef34abc Dereference record 2023-09-02 14:54:39 +01:00
Matthew Slowe
f1617977a9 Pass url through to create and update 2023-09-02 14:52:53 +01:00
Matthew Slowe
a7031753d2 abstract to delete, create, update queues 2023-09-02 14:48:49 +01:00
Matthew Slowe
12879324c6 Add aliases to readme 2021-06-19 15:58:35 +01:00
Matthew Slowe
fc2031eb7c Support TLSA records 
Closes: #4
 2021-06-19 15:49:54 +01:00
Matthew Slowe
17ff01d066 Handle SSHFP records 
Closes #2
 2021-06-19 15:42:11 +01:00
Matthew Slowe
7a3e5e472a fix readme 2021-06-16 17:03:15 +01:00
4 changed files with 127 additions and 32 deletions
Expand all files Collapse all files

17
.gitea/workflows/build.yml Normal file
View File

@@ -0,0 +1,17 @@
name: Build image
run-name: ${{ gitea.actor }} is building an image
on: [push]
jobs:
runs-on: alpine
steps:
- uses: https://github.com/actions/checkout@v4
- name: Set up Docker Buildx
uses: https://github.com/docker/setup-buildx-action@v3
- name: Build and push Docker image
uses: https://github.com/docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
push: true
tags: "hal.mafoo.org.uk/mafoo.org.uk/mythic-dns:${{gitea.sha}},hal.mafoo.org.uk/mafoo.org.uk/mythic-dns:latest"

19
LICENSE Normal file
View File

@@ -0,0 +1,19 @@
Copyright (c) 2023 Matthew Slowe (foo@mafoo.org.uk)
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

20
README.md
View File

@@ -65,15 +65,29 @@ zones:
- 10 mta2.example.com - 10 mta2.example.com
``` ```
## Aliases virtual type
There is a virtual record type `aliases` which is a list of names to CNAME to this record.
For example:
```yaml
zones:
example.com:
"@":
A: 10.54.22.9
aliases:
- www
- ftp
```
# Running # Running
Invoke the docker container with the input yaml file: Invoke the docker container with the input yaml file:
```bash ```bash
docker run --rm -ti -v "${PWD}:/a" -w /a fooflington/mythic-beasts-dns mafoo.org.uk.yml docker run --rm -ti -v "${PWD}:/a" -w /a fooflington/mythic-dns mafoo.org.uk.yml
``` ```
## Dry run ## Dry run
Pass the environment variable `DRY_RUN` to prevent any changes: Pass the environment variable `DRY_RUN` to prevent any changes:
```bash ```bash
docker run --rm -ti -v "${PWD}:/a" -w /a -e DRY_RUN=1 fooflington/mythic-beasts-dns mafoo.org.uk.yml docker run --rm -ti -v "${PWD}:/a" -w /a -e DRY_RUN=1 fooflington/mythic-dns mafoo.org.uk.yml
``` ```

103
manage-dns.pl
View File

@@ -15,6 +15,10 @@ my $ua = LWP::UserAgent->new;
my %seen; my %seen;
my $DRY_RUN = $ENV{DRY_RUN}; my $DRY_RUN = $ENV{DRY_RUN};
my @to_create;
my @to_delete;
my @to_update;
sub _debug { sub _debug {
print STDERR ("=== DEBUG ===\n", Dumper(@_), "=== END ===\n") if $ENV{DEBUG} or $in->[0]->{debug}; print STDERR ("=== DEBUG ===\n", Dumper(@_), "=== END ===\n") if $ENV{DEBUG} or $in->[0]->{debug};
} }
@@ -40,9 +44,9 @@ my %supported_types = (
MX => "yes", MX => "yes",
NS => "yes", NS => "yes",
PTR => "yes", PTR => "yes",
SSHFP => "not yet implemented", SSHFP => "yes",
SRV => "yes", SRV => "yes",
TLSA => "not yet implemented", TLSA => "yes",
TXT => "yes", TXT => "yes",
); );
sub is_unsupported($) { sub is_unsupported($) {
@@ -136,6 +140,17 @@ sub format_record($$$$) {
$record->{caa_property} = $property; $record->{caa_property} = $property;
$record->{caa_tag} = $property; $record->{caa_tag} = $property;
$record->{data} = $data; $record->{data} = $data;
} elsif ($type eq 'SSHFP') {
my ($algo, $keytype, $data) = split(/\s+/, $value);
$record->{sshfp_type} = $keytype;
$record->{sshfp_algorithm} = $algo;
$record->{data} = $data;
} elsif ($type eq 'TLSA') {
my ($usage, $selector, $matching, $data) = split(/\s+/, $value);
$record->{tlsa_usage} = $usage;
$record->{tlsa_selector} = $selector;
$record->{tlsa_matching} = $matching;
$record->{data} = $data;
} }
return $record; return $record;
@@ -158,6 +173,19 @@ sub reformat_data($$) {
$data->{caa_property} || $data->{caa_tag}, $data->{caa_property} || $data->{caa_tag},
$data->{data} $data->{data}
); );
} elsif($type eq 'SSHFP') {
return sprintf('%d %d %s',
$data->{sshfp_algorithm},
$data->{sshfp_type},
$data->{data},
);
} elsif($type eq 'TLSA') {
return sprintf('%d %d %d %s',
$data->{tlsa_usage},
$data->{tlsa_selector},
$data->{tlsa_matching},
$data->{data},
);
} }
return $data->{data}; return $data->{data};
@@ -180,41 +208,22 @@ sub check_and_update_record($$$$$) {
if($record->{ttl} ne $in->[0]->{defaults}->{ttl}->{$zone}) { if($record->{ttl} ne $in->[0]->{defaults}->{ttl}->{$zone}) {
# Update the record # Update the record
$record->{ttl} = $in->[0]->{defaults}->{ttl}->{$zone}; $record->{ttl} = $in->[0]->{defaults}->{ttl}->{$zone};
_debug("Update ", $url, $record, to_json($record)); _debug("Will update ", $url, $record, to_json($record));
unless ($DRY_RUN) { push(@to_update, [$url,$record]);
my $res = $ua->put(
$url,
"Content-Type" => "application/json",
"Content" => to_json({ records => [ $record ] }),
);
warn "Failed to update $url: " . $res->status_line unless $res->is_success;
}
} }
} else { } else {
# Create new record # Create new record
my $new = format_record($zone, $type, $host, $value); my $new = format_record($zone, $type, $host, $value);
_notice("Created new record: %s %s %s", $host, $type, $value); _notice("Will create new record: %s %s %s", $host, $type, $value);
_debug($new); push(@to_create, [$url,$new]);
unless ($DRY_RUN) {
my $res = $ua->post(
$url,
"Content-Type" => "application/json",
Content => to_json({
records => [ $new ]
})
);
warn "Failed to create $url: " . $res->status_line . "\n" . $res->content unless $res->is_success;
}
} }
} }
sub delete_record($$) { sub delete_record($$) {
my ($zone, $record) = @_; my ($zone, $record) = @_;
return if $DRY_RUN;
my $url = $in->[0]->{defaults}->{api} . "/$zone/records/$record->{host}/$record->{type}?host=$record->{host}&data=$record->{data}"; my $url = $in->[0]->{defaults}->{api} . "/$zone/records/$record->{host}/$record->{type}?host=$record->{host}&data=$record->{data}";
my $res = $ua->delete($url); _notice("Will delete: %s %s %s", $record->{host}, $record->{type}, $record->{data});
warn "Failed to delete $url: " . $res->status_line . "\n" . $res->content unless $res->is_success; push(@to_delete, $url);
} }
foreach my $z (keys %{$in->[0]->{zones}}) { foreach my $z (keys %{$in->[0]->{zones}}) {
@@ -268,10 +277,46 @@ foreach my $z (keys %{$in->[0]->{zones}}) {
} }
} }
unless ($skip) { unless ($skip) {
_notice("Delete %s %s %s", $record->{host}, $record->{type}, $record->{data}); # _notice("Will delete %s %s %s", $record->{host}, $record->{type}, $record->{data});
delete_record($z, $record); delete_record($z, $record);
} }
} }
} }
_info("Finished processing %s", $z); _info("Finished pre-processing %s", $z);
}
unless($DRY_RUN) {
_info("Applying changes (%d creates, %d updates, %d deletes)", scalar @to_create, scalar @to_update, scalar @to_delete);
# Delete
foreach my $url (@to_delete) {
my $res = $ua->delete($url);
warn "Failed to delete $url: " . $res->status_line . "\n" . $res->content unless $res->is_success;
}
# Create
foreach my $record (@to_create) {
my $res = $ua->post(
$record->[0],
"Content-Type" => "application/json",
Content => to_json({
records => [ $record->[1] ]
})
);
warn "Failed to create $record->[0]: " . $res->status_line . "\n" . $res->content unless $res->is_success;
}
# Update
foreach my $record (@to_update) {
my $res = $ua->put(
$record->[0],
"Content-Type" => "application/json",
"Content" => to_json({ records => [ $record->[1] ] }),
);
warn "Failed to update $record->[0]: " . $res->status_line unless $res->is_success;
}
_info("Finished applying changes")
} else {
_info("DRY RUN: Skipped applying changes (%d creates, %d updates, %d deletes)", scalar @to_create, scalar @to_update, scalar @to_delete);
} }