mafoo.org.uk/mythic-beasts-dns-sync
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: mafoo.org.uk:v1.0-rc2
Branches Tags
mafoo.org.uk:main mafoo.org.uk:feature/handle-sshfp
mafoo.org.uk:v1.2 mafoo.org.uk:v1.1 mafoo.org.uk:v1.1-rc1 mafoo.org.uk:v1.0-rc2 mafoo.org.uk:v1.0-rc1
..
compare: mafoo.org.uk:v1.2
Branches Tags
mafoo.org.uk:main mafoo.org.uk:feature/handle-sshfp
mafoo.org.uk:v1.2 mafoo.org.uk:v1.1 mafoo.org.uk:v1.1-rc1 mafoo.org.uk:v1.0-rc2 mafoo.org.uk:v1.0-rc1

10 Commits
v1.0-rc2 ... v1.2

Author SHA1 Message Date
foo
1f66bdca65 Merge pull request '7-api-sequencing' (#8) from 7-api-sequencing into main 
Reviewed-on: #8
 2023-09-02 14:06:54 +00:00
Matthew Slowe
b1767bdaae Extraneous logging 2023-09-02 14:59:10 +01:00
Matthew Slowe
cb62c68633 and messaging 2023-09-02 14:55:35 +01:00
Matthew Slowe
d43ef34abc Dereference record 2023-09-02 14:54:39 +01:00
Matthew Slowe
f1617977a9 Pass url through to create and update 2023-09-02 14:52:53 +01:00
Matthew Slowe
a7031753d2 abstract to delete, create, update queues 2023-09-02 14:48:49 +01:00
Matthew Slowe
12879324c6 Add aliases to readme 2021-06-19 15:58:35 +01:00
Matthew Slowe
fc2031eb7c Support TLSA records 
Closes: #4
 2021-06-19 15:49:54 +01:00
Matthew Slowe
17ff01d066 Handle SSHFP records 
Closes #2
 2021-06-19 15:42:11 +01:00
Matthew Slowe
7a3e5e472a fix readme 2021-06-16 17:03:15 +01:00
2 changed files with 91 additions and 32 deletions
Expand all files Collapse all files

18
README.md
View File

@ -65,15 +65,29 @@ zones:
- 10 mta2.example.com - 10 mta2.example.com
``` ```
## Aliases virtual type
There is a virtual record type `aliases` which is a list of names to CNAME to this record.
For example:
```yaml
zones:
example.com:
"@":
A: 10.54.22.9
aliases:
- www
- ftp
```
# Running # Running
Invoke the docker container with the input yaml file: Invoke the docker container with the input yaml file:
```bash ```bash
docker run --rm -ti -v "${PWD}:/a" -w /a fooflington/mythic-beasts-dns mafoo.org.uk.yml docker run --rm -ti -v "${PWD}:/a" -w /a fooflington/mythic-dns mafoo.org.uk.yml
``` ```
## Dry run ## Dry run
Pass the environment variable `DRY_RUN` to prevent any changes: Pass the environment variable `DRY_RUN` to prevent any changes:
```bash ```bash
docker run --rm -ti -v "${PWD}:/a" -w /a -e DRY_RUN=1 fooflington/mythic-beasts-dns mafoo.org.uk.yml docker run --rm -ti -v "${PWD}:/a" -w /a -e DRY_RUN=1 fooflington/mythic-dns mafoo.org.uk.yml
``` ```

103
manage-dns.pl
View File

@ -15,6 +15,10 @@ my $ua = LWP::UserAgent->new;
my %seen; my %seen;
my $DRY_RUN = $ENV{DRY_RUN}; my $DRY_RUN = $ENV{DRY_RUN};
my @to_create;
my @to_delete;
my @to_update;
sub _debug { sub _debug {
print STDERR ("=== DEBUG ===\n", Dumper(@_), "=== END ===\n") if $ENV{DEBUG} or $in->[0]->{debug}; print STDERR ("=== DEBUG ===\n", Dumper(@_), "=== END ===\n") if $ENV{DEBUG} or $in->[0]->{debug};
} }
@ -40,9 +44,9 @@ my %supported_types = (
MX => "yes", MX => "yes",
NS => "yes", NS => "yes",
PTR => "yes", PTR => "yes",
SSHFP => "not yet implemented", SSHFP => "yes",
SRV => "yes", SRV => "yes",
TLSA => "not yet implemented", TLSA => "yes",
TXT => "yes", TXT => "yes",
); );
sub is_unsupported($) { sub is_unsupported($) {
@ -136,6 +140,17 @@ sub format_record($$$$) {
$record->{caa_property} = $property; $record->{caa_property} = $property;
$record->{caa_tag} = $property; $record->{caa_tag} = $property;
$record->{data} = $data; $record->{data} = $data;
} elsif ($type eq 'SSHFP') {
my ($algo, $keytype, $data) = split(/\s+/, $value);
$record->{sshfp_type} = $keytype;
$record->{sshfp_algorithm} = $algo;
$record->{data} = $data;
} elsif ($type eq 'TLSA') {
my ($usage, $selector, $matching, $data) = split(/\s+/, $value);
$record->{tlsa_usage} = $usage;
$record->{tlsa_selector} = $selector;
$record->{tlsa_matching} = $matching;
$record->{data} = $data;
} }
return $record; return $record;
@ -158,6 +173,19 @@ sub reformat_data($$) {
$data->{caa_property} || $data->{caa_tag}, $data->{caa_property} || $data->{caa_tag},
$data->{data} $data->{data}
); );
} elsif($type eq 'SSHFP') {
return sprintf('%d %d %s',
$data->{sshfp_algorithm},
$data->{sshfp_type},
$data->{data},
);
} elsif($type eq 'TLSA') {
return sprintf('%d %d %d %s',
$data->{tlsa_usage},
$data->{tlsa_selector},
$data->{tlsa_matching},
$data->{data},
);
} }
return $data->{data}; return $data->{data};
@ -180,41 +208,22 @@ sub check_and_update_record($$$$$) {
if($record->{ttl} ne $in->[0]->{defaults}->{ttl}->{$zone}) { if($record->{ttl} ne $in->[0]->{defaults}->{ttl}->{$zone}) {
# Update the record # Update the record
$record->{ttl} = $in->[0]->{defaults}->{ttl}->{$zone}; $record->{ttl} = $in->[0]->{defaults}->{ttl}->{$zone};
_debug("Update ", $url, $record, to_json($record)); _debug("Will update ", $url, $record, to_json($record));
unless ($DRY_RUN) { push(@to_update, [$url,$record]);
my $res = $ua->put(
$url,
"Content-Type" => "application/json",
"Content" => to_json({ records => [ $record ] }),
);
warn "Failed to update $url: " . $res->status_line unless $res->is_success;
}
} }
} else { } else {
# Create new record # Create new record
my $new = format_record($zone, $type, $host, $value); my $new = format_record($zone, $type, $host, $value);
_notice("Created new record: %s %s %s", $host, $type, $value); _notice("Will create new record: %s %s %s", $host, $type, $value);
_debug($new); push(@to_create, [$url,$new]);
unless ($DRY_RUN) {
my $res = $ua->post(
$url,
"Content-Type" => "application/json",
Content => to_json({
records => [ $new ]
})
);
warn "Failed to create $url: " . $res->status_line . "\n" . $res->content unless $res->is_success;
}
} }
} }
sub delete_record($$) { sub delete_record($$) {
my ($zone, $record) = @_; my ($zone, $record) = @_;
return if $DRY_RUN;
my $url = $in->[0]->{defaults}->{api} . "/$zone/records/$record->{host}/$record->{type}?host=$record->{host}&data=$record->{data}"; my $url = $in->[0]->{defaults}->{api} . "/$zone/records/$record->{host}/$record->{type}?host=$record->{host}&data=$record->{data}";
my $res = $ua->delete($url); _notice("Will delete: %s %s %s", $record->{host}, $record->{type}, $record->{data});
warn "Failed to delete $url: " . $res->status_line . "\n" . $res->content unless $res->is_success; push(@to_delete, $url);
} }
foreach my $z (keys %{$in->[0]->{zones}}) { foreach my $z (keys %{$in->[0]->{zones}}) {
@ -268,10 +277,46 @@ foreach my $z (keys %{$in->[0]->{zones}}) {
} }
} }
unless ($skip) { unless ($skip) {
_notice("Delete %s %s %s", $record->{host}, $record->{type}, $record->{data}); # _notice("Will delete %s %s %s", $record->{host}, $record->{type}, $record->{data});
delete_record($z, $record); delete_record($z, $record);
} }
} }
} }
_info("Finished processing %s", $z); _info("Finished pre-processing %s", $z);
}
unless($DRY_RUN) {
_info("Applying changes (%d creates, %d updates, %d deletes)", scalar @to_create, scalar @to_update, scalar @to_delete);
# Delete
foreach my $url (@to_delete) {
my $res = $ua->delete($url);
warn "Failed to delete $url: " . $res->status_line . "\n" . $res->content unless $res->is_success;
}
# Create
foreach my $record (@to_create) {
my $res = $ua->post(
$record->[0],
"Content-Type" => "application/json",
Content => to_json({
records => [ $record->[1] ]
})
);
warn "Failed to create $record->[0]: " . $res->status_line . "\n" . $res->content unless $res->is_success;
}
# Update
foreach my $record (@to_update) {
my $res = $ua->put(
$record->[0],
"Content-Type" => "application/json",
"Content" => to_json({ records => [ $record->[1] ] }),
);
warn "Failed to update $record->[0]: " . $res->status_line unless $res->is_success;
}
_info("Finished applying changes")
} else {
_info("DRY RUN: Skipped applying changes (%d creates, %d updates, %d deletes)", scalar @to_create, scalar @to_update, scalar @to_delete);
} }