Skip to content

Instantly share code, notes, and snippets.

@wilpig
Created December 16, 2021 15:21
Show Gist options
  • Save wilpig/4382102f091db79ec7e76d5937f79f17 to your computer and use it in GitHub Desktop.
Save wilpig/4382102f091db79ec7e76d5937f79f17 to your computer and use it in GitHub Desktop.
#!/usr/local/bin/python3
import requests
from requests.auth import HTTPBasicAuth
import dns.resolver
IB_WAPI_M = "v2.11.1"
IB_USER_M = ""
IB_PASS_M = ""
IB_SRVR_M = "infoblox.domain.goes.here"
srgs='infoblox-verification'
# Get list of all external domains from infoblox, include fqdn and list of shared record groups
def getdomains():
ipurl = "https://"+IB_SRVR_M+"/wapi/"+IB_WAPI_M+"/zone_auth?view=External&_return_fields=fqdn,srgs&_return_type=json"
r=requests.get(ipurl, auth=HTTPBasicAuth(IB_USER_M, IB_PASS_M))
return r.json()
# Temporary list of domains for testing
def getdomains():
domains=[]
ipurl = "https://infoblox.app.vumc.org/wapi/v2.11.1/zone_auth?view=External&_return_fields=fqdn,srgs&_return_type=json&fqdn=tundrahelix.org"
r=requests.get(ipurl, auth=HTTPBasicAuth(IB_USER_M, IB_PASS_M))
domains.append(r.json()[0])
ipurl = "https://infoblox.app.vumc.org/wapi/v2.11.1/zone_auth?view=External&_return_fields=fqdn,srgs&_return_type=json&fqdn=vumc.org"
r=requests.get(ipurl, auth=HTTPBasicAuth(IB_USER_M, IB_PASS_M))
domains.append(r.json()[0])
return domains
# loop over list of external domains and add shared record group 'infoblox-validation' to their groups if it isn't currently a member
def associatedomain(domain):
domain['srgs'].append(srgs)
r=requests.put("https://"+IB_SRVR_M+"/wapi/"+IB_WAPI_M+"/"+domain['_ref'], auth=HTTPBasicAuth(IB_USER_M, IB_PASS_M), json={'srgs':domain['srgs']})
if r.status_code != 200:
print ('error updating zone '+domain['fqdn'])
return False
return True
# create a dns resolver and point it to use google dns
res = dns.resolver.Resolver()
res.nameservers = ['8.8.8.8']
# loop over external domains
for domain in getdomains():
# the external domain list includes in-addr-arpa zones, skip them
if '/' not in domain['fqdn']:
# check if domain is part of our shared record group
if srgs not in domain['srgs']:
# if domain fails to add to shared record group skip to next domain, do not attempt to verify
if not associatedomain(domain):
continue
# attempt to look up our audit record, print failures only
try:
TXT=res.resolve('owneraudit2022.'+domain['fqdn'],'TXT').rrset.to_text()
except:
TXT='broken'
if 'verified' not in TXT:
print (domain['fqdn']+' failed verification')
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment