Created
April 27, 2020 22:39
-
-
Save kenmoini/d8926c433ba8ba5dd1341b7d50040aa3 to your computer and use it in GitHub Desktop.
DigitalOcean DNS Worker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ## Configure DigitalOcean DNS via API requests | |
| ## set -x ## uncomment for debugging | |
| export DO_PAT=${DO_PAT:=""} | |
| PARAMS="" | |
| domain="" | |
| returned_record_id="" | |
| ip_addr="" | |
| record_name="" | |
| record_type="A" | |
| record_priority="null" | |
| record_port="null" | |
| record_weight="null" | |
| record_ttl="3600" | |
| force_overwrite='false' | |
| force_add='false' | |
| function print_help() { | |
| echo -e "\n=== Configure and set DNS on DigitalOcean via the API.\n" | |
| echo -e "=== Usage:\n\nexport DO_PAT=\"<your_digital_ocean_personal_access_token_here>\" # do this once\n" | |
| echo -e "./config_dns.sh [ -d|--domain 'example.com' ] [ -i|--ip '12.12.12.12' ] [ -r|--record 'k8s' ] [ -t|--type 'A' ] [ -f|--force ] [ -l|--ttl 3600 ]" | |
| echo -e "\n=== -t defaults to 'A', all other parameters except -f|--force are required.\n" | |
| exit | |
| } | |
| if [[ "$#" -gt 0 ]]; then | |
| while (( "$#" )); do | |
| case "$1" in | |
| -f|--force) | |
| force_overwrite="true" | |
| shift | |
| ;; | |
| -a|--force-add) | |
| force_add="true" | |
| shift | |
| ;; | |
| -d|--domain) | |
| domain="$2" | |
| shift 2 | |
| ;; | |
| -i|--ip) | |
| ip_addr="$2" | |
| shift 2 | |
| ;; | |
| -t|--type) | |
| record_type="$2" | |
| shift 2 | |
| ;; | |
| -p|--priority) | |
| record_priority="$2" | |
| shift 2 | |
| ;; | |
| -o|--port) | |
| record_port="$2" | |
| shift 2 | |
| ;; | |
| -w|--weight) | |
| record_weight="$2" | |
| shift 2 | |
| ;; | |
| -r|--record) | |
| record_name="$2" | |
| shift 2 | |
| ;; | |
| -l|--ttl) | |
| record_ttl="$2" | |
| shift 2 | |
| ;; | |
| -h|--help) | |
| print_help | |
| shift | |
| ;; | |
| -*|--*=) # unsupported flags | |
| echo "Error: Unsupported flag $1" >&2 | |
| print_help | |
| ;; | |
| *) # preserve positional arguments | |
| PARAMS="$PARAMS $1" | |
| shift | |
| ;; | |
| esac | |
| done | |
| else | |
| echo -e "\n=== MISSING PARAMETERS!!!" | |
| print_help | |
| fi | |
| # set positional arguments in their proper place | |
| eval set -- "$PARAMS" | |
| if [ -z "$domain" ]; then | |
| echo "Domain is required!". | |
| exit 1 | |
| else | |
| echo "Domain - check..." | |
| fi | |
| if [ -z "$ip_addr" ]; then | |
| echo "IP Address is required!". | |
| exit 1 | |
| else | |
| echo "IP Address - check..." | |
| fi | |
| if [ -z "$record_name" ]; then | |
| echo "Record Name is required!". | |
| exit 1 | |
| else | |
| echo "Record Name - check..." | |
| fi | |
| function checkForProgram() { | |
| command -v $1 | |
| if [[ $? -eq 0 ]]; then | |
| printf '%-72s %-7s\n' $1 "PASSED!"; | |
| else | |
| printf '%-72s %-7s\n' $1 "FAILED!"; | |
| exit 1 | |
| fi | |
| } | |
| echo -e "\nChecking prerequisites...\n" | |
| checkForProgram curl | |
| checkForProgram jq | |
| ## check for the DNS zone | |
| function checkDomain() { | |
| request=$(curl -sS -X GET -H "Content-Type: application/json" -H "Authorization: Bearer ${DO_PAT}" "https://api.digitalocean.com/v2/domains/$domain") | |
| if [ "$request" != "null" ]; then | |
| filter=$(echo $request | jq '.domain') | |
| if [ "$filter" != "null" ]; then | |
| echo -e "\nDomain [${domain}] DNS Zone exists...\n" | |
| return 0 | |
| else | |
| echo "Domain [${domain}] DNS Zone does not exist!" | |
| return 1 | |
| fi | |
| else | |
| echo "Domain [${domain}] DNS Zone does not exist!" | |
| return 1 | |
| fi | |
| } | |
| ## check to see if a record exists | |
| function checkRecord() { | |
| request=$(curl -sS -X GET -H "Content-Type: application/json" -H "Authorization: Bearer ${DO_PAT}" "https://api.digitalocean.com/v2/domains/${domain}/records") | |
| filter=$(echo $request | jq '.domain_records[] | select((.name | contains("'"${record_name}"'")) and (.type == "'"${record_type}"'"))') | |
| FILTER_NO_EXTERNAL_SPACE="$(echo -e "${filter}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | tr -d '\n')" | |
| if [ -z "$FILTER_NO_EXTERNAL_SPACE" ]; then | |
| echo -e "Record [A - ${record_name}.${domain}.] does not exist!\n" | |
| return 1 | |
| else | |
| IP_FILTER="$(echo "${FILTER_NO_EXTERNAL_SPACE}" | jq '.data')" | |
| returned_record_id="$(echo "${FILTER_NO_EXTERNAL_SPACE}" | jq '.id')" | |
| echo -e "Record [A - ${record_name}.${domain}.] exists at ${IP_FILTER}...\n" | |
| return 0 | |
| fi | |
| } | |
| function deleteRecord() { | |
| request=$(curl -sS -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer ${DO_PAT}" "https://api.digitalocean.com/v2/domains/${1}/records/${2}") | |
| echo $request | |
| } | |
| ## write a DNS record for the supplied arguments (domain, ip, type, record) | |
| function writeDNS() { | |
| request=$(curl -sS -X POST -H "Content-Type: application/json" -H "Authorization: Bearer ${DO_PAT}" -d '{"type":"'"${record_type}"'","name":"'"${record_name}"'","data":"'"${ip_addr}"'","priority":'"${record_priority}"',"port":'"${record_port}"',"ttl":'"${record_ttl}"',"weight":'"${record_weight}"',"flags":null,"tag":null}' "https://api.digitalocean.com/v2/domains/${domain}/records") | |
| echo $request | |
| } | |
| checkDomain $domain | |
| if [ $? -eq 0 ]; then | |
| checkRecord $domain "@" | |
| if [ $? -eq 0 ]; then | |
| if [ "$force_overwrite" == "true" ]; then | |
| echo -e "Record exists at ID(s):\n ${returned_record_id}\n\nCommand run with -f, overwriting records now...\n" | |
| for recid in $returned_record_id; do | |
| deleteRecord $domain $recid | |
| done | |
| writeDNS $domain | |
| elif [ "$force_add" == "true" ]; then | |
| echo -e "Record exists at ID(s):\n ${returned_record_id}\n\nCommand run with -a, adding additional records now...\n" | |
| writeDNS $domain | |
| else | |
| echo -e "Record exists at ID(s):\n ${returned_record_id}\n\nRun with -f to overwrite.\n" | |
| exit 1 | |
| fi | |
| else | |
| writeDNS $domain | |
| fi | |
| else | |
| echo -e "Domain does not exist in DigitalOcean DNS, exiting...\n" | |
| exit 1 | |
| fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/bin/bash | |
| DO_DOMAINS=("example.com" "example.net" "example.org" "example.us") | |
| export DO_PAT="asdfasdfsdfasdf" | |
| for d in ${DO_DOMAINS[@]}; do | |
| echo "Now processing domain: $d" | |
| SLUG=$(echo "$d" | iconv -t ascii//TRANSLIT | sed -r s/[^a-zA-Z0-9]+/-/g | sed -r s/^-+\|-+$//g | tr A-Z a-z) | |
| ./do_dns_worker.sh -d $d -t "MX" -r "@" --ip "$SLUG.mail.protection.outlook.com." --priority 0 --force-add | |
| ./do_dns_worker.sh -d $d -t "TXT" -r "@" --ip "v=spf1 include:spf.protection.outlook.com -all" --force | |
| ./do_dns_worker.sh -d $d -t "CNAME" -r "autodiscover" --ip "autodiscover.outlook.com." --force | |
| ./do_dns_worker.sh -d $d -t "CNAME" -r "sip" --ip "sipdir.online.lync.com." --force | |
| ./do_dns_worker.sh -d $d -t "CNAME" -r "lyncdiscover" --ip "webdir.online.lync.com." --force | |
| ./do_dns_worker.sh -d $d -t "CNAME" -r "enterpriseregistration" --ip "enterpriseregistration.windows.net." --force | |
| ./do_dns_worker.sh -d $d -t "CNAME" -r "enterpriseenrollment" --ip "enterpriseenrollment.manage.microsoft.com." --force | |
| ./do_dns_worker.sh -d $d -t "SRV" -r "_sip._tls" --ip "sipdir.online.lync.com." --priority 100 --weight 1 --port 443 --force | |
| ./do_dns_worker.sh -d $d -t "SRV" -r "_sipfederationtls._tcp" --ip "sipfed.online.lync.com." --priority 100 --weight 1 --port 5061 --force | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment