diff options
author | Daniel Baumann <mail@daniel-baumann.ch> | 2022-06-05 18:04:59 +0000 |
---|---|---|
committer | Daniel Baumann <mail@daniel-baumann.ch> | 2022-06-05 18:10:02 +0000 |
commit | 4febe16e256fc26acfcd4111fdf76d1bb1405f98 (patch) | |
tree | 77a980f400035b052278dcb4459ec177a7bbdcfd /dehydrated | |
parent | Releasing version 20220525. (diff) | |
download | service-tools-4febe16e256fc26acfcd4111fdf76d1bb1405f98.tar.xz service-tools-4febe16e256fc26acfcd4111fdf76d1bb1405f98.zip |
Handling ipv4-only/ipv6-only nameservers on ipv4-only/ipv6-only systems.
Signed-off-by: Daniel Baumann <mail@daniel-baumann.ch>
Diffstat (limited to 'dehydrated')
-rwxr-xr-x | dehydrated/bin/dehydrated-nsupdate | 35 | ||||
-rw-r--r-- | dehydrated/share/man/dehydrated-nsupdate.1.rst | 3 |
2 files changed, 35 insertions, 3 deletions
diff --git a/dehydrated/bin/dehydrated-nsupdate b/dehydrated/bin/dehydrated-nsupdate index fa421ea..96c95eb 100755 --- a/dehydrated/bin/dehydrated-nsupdate +++ b/dehydrated/bin/dehydrated-nsupdate @@ -88,9 +88,9 @@ else TXT_RECORD="_acme-challenge.${DOMAIN}" fi -# find nameservers to update ZONE="${TXT_RECORD}" +# find all nameservers to update while true do NAMESERVERS="$(${DIG} +nocomments +noquestion NS "${ZONE}" 2>&1 | grep -v '^;' | awk '/NS/ { print $5 }')" @@ -104,12 +104,43 @@ do fi done +NAMESERVERS_IPV6="" +NAMESERVERS_IPV4="" + +for NAMESERVER in ${NAMESERVERS} +do + if [ -n "$(${DIG} +nocomments +noquestion +short AAAA ${NAMESERVER})" ] + then + NAMESERVERS_IPV6="${NAMESERVERS_IPV6} ${NAMESERVER}" + fi + + if [ -n "$(${DIG} +nocomments +noquestion +short A ${NAMESERVER})" ] + then + NAMESERVERS_IPV4="${NAMESERVERS_IPV4} ${NAMESERVER}" + fi +done + +# filter nameservers by available IP protocol +NAMESERVERS="" + +if hostname -I | grep -qs ':' +then + NAMESERVERS="${NAMESERVERS} ${NAMESERVERS_IPV6}" +fi + +if hostname -I | grep -qs '\.' +then + NAMESERVERS="${NAMESERVERS} ${NAMESERVERS_IPV4}" +fi + +NAMESERVERS="$(echo ${NAMESERVERS} | sed -e 's| |\n|g' | sort -u -V)" + +# update nameservers if [ -n "${TSIG_KEYFILE}" ] && [ -e "${TSIG_KEYFILE}" ] then NSUPDATE_OPTIONS="-k ${TSIG_KEYFILE}" fi -# update nameservers for NAMESERVER in ${NAMESERVERS} do echo -n " + sending '${HOOK_ACTION}' for ${TXT_RECORD} to ${NAMESERVER}..." diff --git a/dehydrated/share/man/dehydrated-nsupdate.1.rst b/dehydrated/share/man/dehydrated-nsupdate.1.rst index 058785f..db58d5c 100644 --- a/dehydrated/share/man/dehydrated-nsupdate.1.rst +++ b/dehydrated/share/man/dehydrated-nsupdate.1.rst @@ -54,7 +54,8 @@ Features | **automatic nameserver detection** | **dehydrated-nsupdate** automatically finds and updates all authoritative -| nameservers for a given record by looking up the records in the DNS by itself. +| nameservers for a given record by looking up the records in the DNS by itself, +| supporting IPv6-only, IPv4-only, and dual-stacked environments. | **proper CNAME support** | **dehydrated-nsupdate** follows CNAMEs delegating the TXT record creation to |