verify_domains.py.bak

#!/usr/local/bin/python3

import requests
from requests.auth import HTTPBasicAuth
import dns.resolver

IB_WAPI_M = "v2.11.1"
IB_USER_M  = ""
IB_PASS_M  = ""
IB_SRVR_M = "infoblox.address.goes.here"

srgs='infoblox-validation'

# Get list of all external domains from infoblox, include fqdn and list of shared record groups
def getdomains():
    ipurl = "https://"+IB_SRVR_M+"/wapi/"+IB_WAPI_M+"/zone_auth?view=External&_return_fields=fqdn,srgs&_return_type=json"
    r=requests.get(ipurl, auth=HTTPBasicAuth(IB_USER_M, IB_PASS_M))
    return r.json()

# loop over list of external domains and add shared record group 'infoblox-validation' to their groups if it isn't currently a member
def associatedomains():
    for domain in getdomains():
        if srgs not in domain['srgs']:
            domain['srgs'].append(srgs)
            r=requests.put("https://"+IB_SRVR_M+"/wapi/"+IB_WAPI_M+"/"+domain['_ref'], auth=HTTPBasicAuth(IB_USER_M, IB_PASS_M), json={'srgs':domain['srgs']})
            if r.status_code != 200:
               print ('error updating zone '+domain['fqdn'])

# create a dns resolver and point it to use google dns
res = dns.resolver.Resolver()
res.nameservers = ['8.8.8.8']

# loop over external domains
for domain in getdomains():
    # the external domain list includes in-addr-arpa zones, skip them
    if '/' not in domain['fqdn']:
        # attempt to look up our audit record, print failures only
        try:
            TXT=res.resolve('owneraudit2022.'+domain['fqdn'],'TXT').rrset.to_text()
        except:
            TXT='broken'
        if 'verified' not in TXT:
            print (domain['fqdn']+' failed verification')