-
Notifications
You must be signed in to change notification settings - Fork 2
/
patch_zone.sh
executable file
·65 lines (49 loc) · 2 KB
/
patch_zone.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/bin/bash
if [ -z "$2" ]
then
cat <<- EOM
Usage: $0 zone filename
Replace DNS records in \`zone\` with the ones given in \`filename\` by applying a
minimal diff. The file is expected to contain a JSON array of RRset objects as
described at https://desec.readthedocs.io/en/latest/#rrset-field-reference.
If the filename is equal to a dash -, it is mapped to stdin.
The script requires rrsets_diff.sh from https://github.com/desec-utils/tools/.
The \$TOKEN environment variable is required to contain a deSEC API token.
Note: The NS RRset at the zone apex (no subdomain) is touched only if it is
contained in the file. Otherwise, it will be ignored so that NS records are
not inadvertently deleted. (You can force deletion using an empty NS RRset.)
Examples:
# Copy records from domain1.example to domain2.example (needs to exist)
\$ $0 domain2.example <( \\
curl -sS -H@- <<< "Authorization: Token \${TOKEN}" \\
https://desec.io/api/v1/domains/domain1.example/rrsets/ \\
)
# Update the Public Suffix List zone (except NS RRset at zone apex)
# Requires psl-dns_parse from https://pypi.org/project/psl-dns/
\$ psl-dns_parse <(curl -sS https://publicsuffix.org/list/public_suffix_list.dat) \\
| $0 query.publicsuffix.zone -
EOM
exit 1
fi
if [ -z "$TOKEN" ]; then
echo 'Please set $TOKEN'
exit 2
fi
# Check dependencies
if [ ! -x "$(which curl 2>/dev/null)" ]; then
echo "please install: curl (https://stedolan.github.io/jq/download/)" >&2
exit 1
fi
if [ ! -x "./rrsets_diff.sh" ]; then
echo "please install: rrsets_diff.sh (https://github.com/desec-utils/tools/)" >&2
exit 1
fi
zone=$1
filename=$2
API_URL=https://desec.io/api/v1/domains/$zone/rrsets/
HEADERS="Authorization: Token ${TOKEN}"
timestamp=$(date +%Y-%m-%d_%H.%M.%S)
./rrsets_diff.sh <(./fetch_zone.py $zone) $filename \
| tee patch_zone.$timestamp.json \
| curl -sS -X PATCH ${API_URL} -H@<(cat <<< "${HEADERS}") -H 'Content-Type: application/json' --data @- \
> patch_zone.$timestamp.log