Skip to content

Instantly share code, notes, and snippets.

@wilpig
Created December 15, 2021 22:15
Show Gist options
  • Save wilpig/9e3c05b0d3acc6b9b7fe9ccaa6edf7b9 to your computer and use it in GitHub Desktop.
Save wilpig/9e3c05b0d3acc6b9b7fe9ccaa6edf7b9 to your computer and use it in GitHub Desktop.
#!/usr/local/bin/python3
import requests
from requests.auth import HTTPBasicAuth
import dns.resolver
IB_WAPI_M = "v2.11.1"
IB_USER_M = ""
IB_PASS_M = ""
IB_SRVR_M = "infoblox.address.goes.here"
srgs='infoblox-validation'
# Get list of all external domains from infoblox, include fqdn and list of shared record groups
def getdomains():
ipurl = "https://"+IB_SRVR_M+"/wapi/"+IB_WAPI_M+"/zone_auth?view=External&_return_fields=fqdn,srgs&_return_type=json"
r=requests.get(ipurl, auth=HTTPBasicAuth(IB_USER_M, IB_PASS_M))
return r.json()
# loop over list of external domains and add shared record group 'infoblox-validation' to their groups if it isn't currently a member
def associatedomains():
for domain in getdomains():
if srgs not in domain['srgs']:
domain['srgs'].append(srgs)
r=requests.put("https://"+IB_SRVR_M+"/wapi/"+IB_WAPI_M+"/"+domain['_ref'], auth=HTTPBasicAuth(IB_USER_M, IB_PASS_M), json={'srgs':domain['srgs']})
if r.status_code != 200:
print ('error updating zone '+domain['fqdn'])
# create a dns resolver and point it to use google dns
res = dns.resolver.Resolver()
res.nameservers = ['8.8.8.8']
# loop over external domains
for domain in getdomains():
# the external domain list includes in-addr-arpa zones, skip them
if '/' not in domain['fqdn']:
# attempt to look up our audit record, print failures only
try:
TXT=res.resolve('owneraudit2022.'+domain['fqdn'],'TXT').rrset.to_text()
except:
TXT='broken'
if 'verified' not in TXT:
print (domain['fqdn']+' failed verification')
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment