diff options
author | Daniel Baumann <mail@daniel-baumann.ch> | 2021-12-31 08:49:22 +0000 |
---|---|---|
committer | Daniel Baumann <mail@daniel-baumann.ch> | 2021-12-31 09:08:43 +0000 |
commit | 49a52bf7710eb6c1787274ad9eb5e627803652a3 (patch) | |
tree | 62a67291e169949bbede0544a24b1a5ba81d3b9c | |
parent | Running dehydrated with keep-going to ensure as much certificates are fetched... (diff) | |
download | service-tools-49a52bf7710eb6c1787274ad9eb5e627803652a3.tar.xz service-tools-49a52bf7710eb6c1787274ad9eb5e627803652a3.zip |
Adding support for kdigs out-of-tree json output to dehydrated-nsupdate.
Signed-off-by: Daniel Baumann <mail@daniel-baumann.ch>
-rwxr-xr-x | dehydrated/bin/dehydrated-nsupdate | 44 | ||||
-rw-r--r-- | dehydrated/share/man/dehydrated-nsupdate.1.rst | 3 |
2 files changed, 43 insertions, 4 deletions
diff --git a/dehydrated/bin/dehydrated-nsupdate b/dehydrated/bin/dehydrated-nsupdate index be773f8..0b93145 100755 --- a/dehydrated/bin/dehydrated-nsupdate +++ b/dehydrated/bin/dehydrated-nsupdate @@ -46,6 +46,19 @@ if command -v kdig > /dev/null 2>&1 then # knot-dnsutils DIG="kdig +noidn" + + # out-of-tree json output support + if kdig +json > /dev/null 2>&1 + then + DIG="${DIG} +json" + KDIG_JSON="true" + + if ! command -v jq > /dev/null 2>&1 + then + echo "'${HOOK}': need jq for knot-dnsutils with json output" >&2 + exit 1 + fi + fi elif command -v dig > /dev/null 2>&1 then # bind-dnsutils @@ -79,7 +92,15 @@ do done # find txt record to update -CNAME="$(${DIG} +nocomments +noquestion "_acme-challenge.${DOMAIN}" 2>&1 | grep -v '^;' | awk '/CNAME/ { print $5 }' | tail -n1)" +case "${KDIG_JSON}" in + true) + CNAME="$(${DIG} "_acme-challenge.${DOMAIN}" | jq -r -M '.answer | .[] | .rdata' | tail -n1)" + ;; + + *) + CNAME="$(${DIG} +nocomments +noquestion "_acme-challenge.${DOMAIN}" 2>&1 | grep -v '^;' | awk '/CNAME/ { print $5 }' | tail -n1)" + ;; +esac if [ -n "${CNAME}" ] then @@ -93,11 +114,28 @@ ZONE="${TXT_RECORD}" while true do - NAMESERVERS="$(${DIG} +nocomments +noquestion NS "${ZONE}" 2>&1 | grep -v '^;' | awk '/NS/ { print $5 }')" + case "${KDIG_JSON}" in + true) + NAMESERVERS="$(${DIG} NS "${ZONE}" | jq -r -M '.answer | .[] | .rdata')" + ;; + + *) + NAMESERVERS="$(${DIG} +nocomments +noquestion NS "${ZONE}" 2>&1 | grep -v '^;' | awk '/NS/ { print $5 }')" + ;; + esac if [ -n "${NAMESERVERS}" ] then - ZONE="$(${DIG} +nocomments +noquestion NS "${ZONE}" 2>&1 | grep -v '^;' | awk '/NS/ { print $1 }' | tail -n1)" + case "${KDIG_JSON}" in + true) + ZONE="$(${DIG} NS "${ZONE}" | jq -r -M '.answer | .[] | .rdata' | tail -n1)" + ;; + + *) + ZONE="$(${DIG} +nocomments +noquestion NS "${ZONE}" 2>&1 | grep -v '^;' | awk '/NS/ { print $1 }' | tail -n1)" + ;; + esac + break else ZONE="$(echo "${ZONE}" | cut -d '.' -f 2-)" diff --git a/dehydrated/share/man/dehydrated-nsupdate.1.rst b/dehydrated/share/man/dehydrated-nsupdate.1.rst index b7e02a3..17a6203 100644 --- a/dehydrated/share/man/dehydrated-nsupdate.1.rst +++ b/dehydrated/share/man/dehydrated-nsupdate.1.rst @@ -73,7 +73,8 @@ Features | **dehydrated-nsupdate** removes records after succesfull verification. | **bind9-dnsutils and knot-dnsutils support* -| **dehydrated-nsupdate** works with both nsupdate (bind9) and knsupdate (knot). +| **dehydrated-nsupdate** works with both nsupdate (bind9) and knsupdate (knot), +| including support for kdigs out-of-tree json output. | **IDN handling** | **dehydrated-nsupdate** works with IDN domains by not expanding the punycode. |