Skip to content

Instantly share code, notes, and snippets.

@booth-f

booth-f/update_zones.sh

Created December 16, 2020 00:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save booth-f/c29a576043290eab87c08ded277b6b1e to your computer and use it in GitHub Desktop.
Save booth-f/c29a576043290eab87c08ded277b6b1e to your computer and use it in GitHub Desktop.
Download ZIP
DNS serial incrementer
Raw
update_zones.sh
#!/bin/bash
# Update Zones DNS Script
# Update DNS zones automatically and keep a running log
# Set DNS zone records location
location="/etc/bind/pri"
# Set Log Location
log="/var/log/dnsmond"
# Change to DNS server dir
cd $location
# Set Domains
domains=`ls *{.com,.net,.org}`
# Fetch current date for serial generation
date=`date +%Y%m%d``
for domain in $domains
do
# Set Control Bools
dateJump=0
serialMismatch=0
hashMissing=0
# Take a backup of the zone before we make any changes
cp $location/$domain $location/.backup/$domain
status=$?
if [ $status -eq 0 ];
then
# Good
echo "$domain Backed Up"
else
# Move the bad record to disabled status to prevent the DNS service from completely dying when we reload
echo "$domain backup failed! Fatal error not continuing"
exit 1
fi
# Check if the hash store exists
if [ -d $location/.hashes ];
then
# Do nothing directory exists
echo "Zone hash storage OK"
else
# Create the directory
echo "Zone hash storage missing... Creating..."
mkdir $location/.hashes/
fi
# Check if a hash for this domain exists
if [ -f $location/.hashes/$domain.sha512 ];
then
# Check our current hash to see if changes to the zone have taken place
HASH=`cat $location/.hashes/$domain.sha512`
else
hashMissing=1
fi
GENHASH=`/usr/bin/sha512sum $location/$domain | cut -b 1-128`
# Grab the current DNS serial
SERIAL=`/usr/sbin/named-checkzone $domain $domain | egrep -ho '[0-9]{10}'`
# Grab the first 8 numbers of the serial
dateCheck=`echo $SERIAL | cut -b 1-8`
if [ ! $dateCheck == $date ];
then
newSerial="$date"
zero="00"
# Update the DNS serial to have today's date and reset DNS counter to 0
sed -i 's/'$SERIAL'/'$(($newSerial$zero))'/' $domain
dateJump=1
else
if [ $hashMissing == 0 ];
then
# Check if the zone hash is different
if [ ! $HASH == $GENHASH ];
then
serialMismatch=1
fi
fi
fi
if [ $dateJump -eq 1 ] || [ $serialMismatch -eq 1 ] || [ $hashMissing -eq 1 ];
then
# Increment the current serial
sed -i 's/'$SERIAL'/'$(($SERIAL+1))'/' $domain
# Save new hash
/usr/bin/sha512sum $location/$domain | cut -b 1-128 > $location/.hashes/$domain.sha512
else
# Do nothing, no changes to be made
echo "$domain zone has no changes, moving on"
fi
# Run a zone check
/usr/sbin/named-checkzone $domain $domain
status=$?
if [ $status -eq 0 ];
then
# Good
echo "$domain OK"
else
# Restore zone from backup and let us know the zone failed to update
mv $location/.backup/$domain $location/$domain
echo "$domain was restored from backup, manual intervention required"
# Rerun the checkzone against the domain again
/usr/sbin/named-checkzone $domain $domain
status=$?
if [ $status -eq 0 ];
then
# Restore worked successfully
echo "$domain restored from backup and passed zone check"
else
# Restore failed, fatal error
echo "$domain was restored from backup but still failed the zone check"
echo "ERROR! ERROR! ERROR! $domain record requires manual intervention!"
# Move bad record so we can still safely operate the DNS server
mv $location/$domain $location/$domain.disabled
echo "$domain record has been moved to $domain.disabled"
fi
fi
done
# Reload DNS
/usr/sbin/rndc reload
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment