From 4febe16e256fc26acfcd4111fdf76d1bb1405f98 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 5 Jun 2022 20:04:59 +0200 Subject: Handling ipv4-only/ipv6-only nameservers on ipv4-only/ipv6-only systems. Signed-off-by: Daniel Baumann --- dehydrated/bin/dehydrated-nsupdate | 35 ++++++++++++++++++++++++-- dehydrated/share/man/dehydrated-nsupdate.1.rst | 3 ++- 2 files changed, 35 insertions(+), 3 deletions(-) diff --git a/dehydrated/bin/dehydrated-nsupdate b/dehydrated/bin/dehydrated-nsupdate index fa421ea..96c95eb 100755 --- a/dehydrated/bin/dehydrated-nsupdate +++ b/dehydrated/bin/dehydrated-nsupdate @@ -88,9 +88,9 @@ else TXT_RECORD="_acme-challenge.${DOMAIN}" fi -# find nameservers to update ZONE="${TXT_RECORD}" +# find all nameservers to update while true do NAMESERVERS="$(${DIG} +nocomments +noquestion NS "${ZONE}" 2>&1 | grep -v '^;' | awk '/NS/ { print $5 }')" @@ -104,12 +104,43 @@ do fi done +NAMESERVERS_IPV6="" +NAMESERVERS_IPV4="" + +for NAMESERVER in ${NAMESERVERS} +do + if [ -n "$(${DIG} +nocomments +noquestion +short AAAA ${NAMESERVER})" ] + then + NAMESERVERS_IPV6="${NAMESERVERS_IPV6} ${NAMESERVER}" + fi + + if [ -n "$(${DIG} +nocomments +noquestion +short A ${NAMESERVER})" ] + then + NAMESERVERS_IPV4="${NAMESERVERS_IPV4} ${NAMESERVER}" + fi +done + +# filter nameservers by available IP protocol +NAMESERVERS="" + +if hostname -I | grep -qs ':' +then + NAMESERVERS="${NAMESERVERS} ${NAMESERVERS_IPV6}" +fi + +if hostname -I | grep -qs '\.' +then + NAMESERVERS="${NAMESERVERS} ${NAMESERVERS_IPV4}" +fi + +NAMESERVERS="$(echo ${NAMESERVERS} | sed -e 's| |\n|g' | sort -u -V)" + +# update nameservers if [ -n "${TSIG_KEYFILE}" ] && [ -e "${TSIG_KEYFILE}" ] then NSUPDATE_OPTIONS="-k ${TSIG_KEYFILE}" fi -# update nameservers for NAMESERVER in ${NAMESERVERS} do echo -n " + sending '${HOOK_ACTION}' for ${TXT_RECORD} to ${NAMESERVER}..." diff --git a/dehydrated/share/man/dehydrated-nsupdate.1.rst b/dehydrated/share/man/dehydrated-nsupdate.1.rst index 058785f..db58d5c 100644 --- a/dehydrated/share/man/dehydrated-nsupdate.1.rst +++ b/dehydrated/share/man/dehydrated-nsupdate.1.rst @@ -54,7 +54,8 @@ Features | **automatic nameserver detection** | **dehydrated-nsupdate** automatically finds and updates all authoritative -| nameservers for a given record by looking up the records in the DNS by itself. +| nameservers for a given record by looking up the records in the DNS by itself, +| supporting IPv6-only, IPv4-only, and dual-stacked environments. | **proper CNAME support** | **dehydrated-nsupdate** follows CNAMEs delegating the TXT record creation to -- cgit v1.2.3