dsn_nsd: Increment serial number

Let's Encrypt could validate against any authoritative server and without a bumped serial number, secondary servers never get a chance to update TXT records.
2020-09-30 13:45:17 +05:30 · 2020-09-30 13:45:17 +05:30 · c435977dc7
commit c435977dc7
parent be7b87cda3
1 changed files with 20 additions and 0 deletions
--- a/dnsapi/dns_nsd.sh
+++ b/dnsapi/dns_nsd.sh
@ -3,6 +3,8 @@
 #Nsd_ZoneFile="/etc/nsd/zones/example.com.zone"
 #Nsd_Command="sudo nsd-control reload"

+########  Public functions #####################
+
 # args: fulldomain txtvalue
 dns_nsd_add() {
  fulldomain=$1
@ -30,6 +32,7 @@ dns_nsd_add() {
  _savedomainconf Nsd_ZoneFile "$Nsd_ZoneFile"
  _savedomainconf Nsd_Command "$Nsd_Command"

+  _increment_serial || return 1
  echo "$fulldomain. $ttlvalue IN TXT \"$txtvalue\"" >>"$Nsd_ZoneFile"
  _info "Added TXT record for $fulldomain"
  _debug "Running $Nsd_Command"
@ -51,6 +54,7 @@ dns_nsd_rm() {
  Nsd_ZoneFile="${Nsd_ZoneFile:-$(_readdomainconf Nsd_ZoneFile)}"
  Nsd_Command="${Nsd_Command:-$(_readdomainconf Nsd_Command)}"

+  _increment_serial || return 1
  sed -i "/$fulldomain. $ttlvalue IN TXT \"$txtvalue\"/d" "$Nsd_ZoneFile"
  _info "Removed TXT record for $fulldomain"
  _debug "Running $Nsd_Command"
@ -62,3 +66,19 @@ dns_nsd_rm() {
    return 1
  fi
 }
+
+####################  Private functions below ##################################
+
+_increment_serial() {
+  tmpfile=$(mktemp) || return 1
+  awk '$3 == "SOA" {
+    if ($6 == "(") {
+      print "Multi-line SOA record not supported yet";
+      exit 1
+    } else
+      $6++
+  }
+  { print }' "$Nsd_ZoneFile" > "$tmpfile" || return 1
+  awk '{print}' "$tmpfile" > "$Nsd_ZoneFile"
+  rm -f "$tmpfile"
+}